Commentary: Why airports are only as secure as their weakest link
Following the recent cyberattacks targeting European airports, including Heathrow, Dr Daniel Gardham, Lecturer at the University of Surrey’s Centre for Cyber Security, shares insights on why airports are only as secure as their weakest link – and why protecting third-party suppliers is now critical to aviation security.
“The recent hacks targeting European airports appear to have affected only electronic customer check-in and baggage-drop systems, originating from a third-party supplier. Yet they have already caused hundreds of flight cancellations and disrupted thousands of passengers. This highlights that a system – or even an organisation – is only as secure as its weakest link, and even a minor breach can trigger significant knock-on effects.
“Whether exploiting vulnerable systems to gain access to more sensitive data or, as in this case, simply causing real-world disruption, security must be upheld across all systems equally to protect the most critical. This is especially challenging in aviation, which relies on numerous and disparate systems working in tight coordination. Airports will therefore need to not only strengthen their own security practices but also ensure suppliers meet the same high standards.
“Targeting third-party suppliers, known as supply chain attacks, is increasingly seen by hackers and nation states as an easy way to cause chaos in high-profile sectors such as retail, automotive and now aviation.”
