I was very excited to be one of the speakers at Airport Summit 2016 in Palermo with speech on IT Security Holistic approach.
Interconnectivity is increasing as airports and their stakeholders leverage digital technology to work together more efficiently.
So IT Security and ICS Cybersecurity right approach is mandatory, to safely improve the Airport Business.
We looked at actual scenario and possible solutions including Predictive Analytics approach, that is probably the best solution to avoid malicious attacks.
Some airports allow employees to use their own smartphones, tablets, and computers for work purposes. There are many advantages coming from this approach, but it can also introduce many new vulnerabilities that must be addressed. In particular I focused Industrial Control Systems, IoT and BYOD.
Not all operational technology (OT) is necessarily IT, and not all OT security requirements are addressed by IT security. Recognizing the uniqueness of OT is a prerequisite to ensure OT systems, such as industrial control and the Internet of Things (IoT), are effectively protected.
Security leaders responsible also of OT systems should recognize expanded requirements to secure OT and understand the role of the IT security supporting OT security.
Travellers are more and more connected and many new ways to facilitate Travellers security check, comes from digitalization, affiliating new customers
Some Airport Organizations can be more focused to inform Airport Staff on Security procedures and less available to push on Cybersecurity, this approach have to be changed.
Suggested approach by NIST:
1. Identify the equipment, software, business practices, and data flows within the organization, its networks and subnetworks. This inventory is required in order to understand the scope of implementing comprehensive protective measures but also to organize the myriad of details that are necessary, especially in the event of an attack. This inventory process needs to be an ongoing activity because systems frequently change, software is updated, and new personnel are hired.
2. Protect systems, data, and infrastructure by implementing and updating countermeasures in a prioritized manner through monitoring.
3. Detect cyberattacks in a timely manner by monitoring for anomalous activity on end-point systems, IT and communications networks, and in areas where sensitive IT and ICS infrastructure exists. It is important to periodically test the detection mechanisms for proper configuration and response to reduce both false positives and missed negatives.
4. Respond to cybersecurity attacks in a quick and effective manner, while minimizing the duration and extent of their impact. Effective response begins before an attack occurs with planning on how to react and with the collection of information and contacts that can help.
Predictive Analytics can be more successfull if used not only on informations coming from the Airport network, but managing alerts coming from the same Industry, or other Industries at worldwidw level. Some IT Security players can provide theese kind of information that have to be analyzed to predict future possible attack and act to protect the network before the attach will come, moving from “Risk Mitigation” to “Risk avoiding”.
If you know it, you avoid it !!
Big Data is nothing without Predictive Analytics, so my recommendation is to include external Security data in your Big data and use analytics for a more Holistic Prediction