Guidebook on Best Practices for Airport Cybersecurity

Cybersecurity is a growing issue for all organizations, including airports. While the risks to traditional information technology (IT) infrastructure are often highlighted, many airports also rely on industrial control systems that introduce risks that are less apparent. The increasing practice of Bring Your Own Device (BYOD), whereby employees use their own personal devices for business purposes such as email and remote access to airport systems, brings its own risks that must be managed. These risks cannot be eliminated, but they can be reduced through implementation of industry standards, best practices, and awareness programs for employees. This report provides resources for airport managers and IT staff to reduce or mitigate inherent risks of cyberattacks on technology-based systems. Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems. Accompanying this guidebook is a CD-ROM (CRP-CD-171) of multimedia material that can be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.