1. PANEL DISCUSSION: How to be Cyber Secure Airport
Infrastructure Issues
Moderator: Philip Baum, Editor, Aviation Security International
Panellists:
Dominic Nessi, Deputy Director & Chief Information Officer, Los Angeles World Airports
Marc Pearl, President and CEO, Homeland Security & Defense Business Council
Dr John McCarthy,ServiceTec Research Fellow, Cranfield University / UK Defence Academy
2. How to be Cyber Secure:
Airport Infrastructure Issues
• * * * * * * *
Marc Pearl
President & CEO
Homeland Security & Defense Business Council
3. WHAT DOES “CYBER SECURE” MEAN?
• Much more than traditional notions of
passwords and firewalls
• “Cyber secure” is NOT a one-size-fits-all
concept…
• Need to balance risk v. probability and cost v. benefit
• “Definition” is up to each individual airport authority
• As you all well know: “Cyber” now extends into
almost every facet of airport infrastructure.
• Network
• Physical
• Human
4. 1. Network Security
• The most closely linked to “cyber”
• Threat level: Wide and varied
• Numerous layering/overlapping –
oftentimes missing network coordination
• Major consequences of network breach
• Loss of integrity;
• Loss of availability; and
• Loss of confidentiality
5. 2. Physical Security
• Still one of the most important aspects of
security
• Far more interconnected with network security
than ever due to increasing technological
advances
• Encompasses: CCTV security cameras,
intrusion detection systems, perimeter lighting,
and CBRNE detection
6. 3. Human Component of Security
• Airports – Veritable Melting Pots of different
types, classes, security-level of personnel.
• Cyber-security is only as good as the humans
that operate and oversee it.
• Is it better to screen all workers or to train them
to spot suspicious behavior?
• Is/should it even be a trade off?
7. How Does 1 + 1 + 1 = 4?
• Cannot work on the 3 elements in isolation
• True/Real cybersecurity is based on the symbiotic
and cooperative interaction of all 3 elements.
• No one single component of security will protect
airport infrastructure.
• Including both physical and electronic ensures that
threats can be mitigated as “far down/away from the
supply chain” from the critical vulnerabilities as possible.
• Farthest circle can be thought of as the intelligence on
threats long before they even reach the airport and the
closest can be the final ticket or baggage check before
boarding the plane.
8. Litmus Test – Questions To Ask
• Is the approach/idea economically reasonable?
• Will the approach/idea be technologically
feasible?
• Have we thought through the unintended
consequences of implementing this
approach/idea?