Module 3 — Airport Operations, Safety, Security & Maintenance Cybersecurity

Overview

This module transitions from airport development to the day-to-day functions of airport operations, safety, security, and maintenance along with their cybersecurity requirements. We will explore FAA Part 139 Airport Certification, including the Airport Operating Certificate (AOC) and Airport Certification Manual (ACM), and the role of self-inspection programs. A significant portion will cover airfield maintenance and safety standards for essential components like pavement, markings, signs, and lighting, as well as specialized airport safety programs such as Snow and Ice Control Plans (SICP), Aircraft Rescue and Fire Fighting (ARFF) requirements, and Wildlife Hazard Management Plans (WHMP).

The module addresses airport emergency management, including the Airport Emergency Plan (AEP) and the National Incident Management System (NIMS), alongside airport security functions governed by TSA regulations, including the Airport Security Program (ASP), definition of security areas, and access control systems. We will evaluate the cybersecurity measures necessary to protect operational data (e.g., inspection records, NOTAMs), secure maintenance and safety program systems, ensure the integrity of NAVAID data, and safeguard physical security systems like PACS and CCTV, as well as emergency communication networks and credentialing databases.

You will primarily read AAAE CM Module 3, which provides details on these operational, safety, and security aspects. The aim is to understand how these daily airport functions are not only highly regulated but also increasingly dependent on digital systems.

This module aligns with course Outcomes 1, 2, and 3.

Required Reading

AAAE Certified Member (C.M.) Module 3: Airport Operations, Security and Maintenance

Section: Airport Safety and Certification (Pages 6-16)

This section helps you understand the regulatory basis for airport operational safety at commercial service airports (Part 139) and the key documents involved, like the Airport Operating Certificate (AOC) and Airport Certification Manual (ACM). It aligns with Course Outcomes 2.1, 2.5, and 3.4.

• Safe Airport Operation (pp. 7-8)
• Title 14 CFR Part 139 Certification of Airports (pp. 9-12)
• The Airport Operating Certificate (AOC) and Airport Certification Manual (ACM) (pp. 13-16)

Section: Airfield Maintenance and Safety Standards (Pages 16-39)

This section helps you learn about maintenance requirements for critical airfield components (pavement, markings, lighting, NAVAIDS) and the operational data generated (e.g., inspection logs, work orders). It aligns with Course Outcome 1.3.

• Pavement (pp. 17-24)
• Markings, Signs, and Lighting (pp. 24-36)
• Other Airfield Inspection Items (NAVAIDS, Public Protection) (pp. 36-39)

Section: Airport Safety Programs (Pages 40-55)

This section helps you understand specialized safety programs like Snow and Ice Control Plans (SICP), Aircraft Rescue and Fire Fighting (ARFF), and Wildlife Hazard Management Plans (WHMP), including their operational data components. It aligns with Course Outcome 2.5.

• Snow and Ice Control Plan (SICP) (pp. 41-43)
• Aircraft Rescue and Fire Fighting (ARFF) (pp. 44-48)
• Wildlife Hazard Management Plan (WHMP) (pp. 48-50)
• Construction Safety (Brief mention, overlaps with Mod 2) (pp. 52-54)

Section: Airport Emergency Management and Communications (Pages 56-68)

This section covers emergency planning (AEP), response coordination using NIMS/ICS, and the role of airport communications centers (ACC/EOC), especially during Irregular Operations (IROPS). It aligns with Course Outcomes 2.2 and 2.5.

• The Airport Emergency Plan (AEP) (pp. 57-60)
• The National Incident Management System (NIMS) and Incident Command System (ICS) (pp. 61-63)
• Irregular Operations (IROPS) (pp. 64-65)
• The Airport Communications Center (ACC) / Emergency Operations Center (EOC) (pp. 65-68)

Section: Airport Security (Pages 83-100)

This section details the regulatory framework for airport security (ATSA, TSA regulations), the Airport Security Program (ASP), physical security measures like security areas, and systems like access control and credentialing. It aligns with Course Outcomes 1.5 and 3.4.

• History of Airport Security and the Aviation and Transportation Security Act (ATSA) (pp. 83-86)
• TSA Regulations (Part 1542, 1540, etc.) and the Airport Security Program (ASP) (pp. 87-91)
• Airport Security Areas (AOA, SIDA, Sterile Area, Secured Area) (pp. 92-95)
• Access Control and Credentialing Systems (pp. 96-98)
• General Aviation Airport Security (pp. 99-100)

External Cybersecurity Readings

Securing Operational Technology (OT) & Industrial Control Systems (ICS)

These readings help you understand the unique challenges of OT/ICS security, which is relevant to securing systems like airfield lighting, ensuring NAVAID data integrity, and protecting automated maintenance systems. This aligns with Course Outcomes 1.3 and 2.1.

• NIST: “Guide to Industrial Control Systems (ICS) Security (SP 800-82 Rev. 2)” - A foundational document for understanding ICS security. Focus on overview, threats, and countermeasures sections. (URL: https://csrc.nist.gov/pubs/sp/800/82/r2/final)
• CISA: “Primary Mitigations to Reduce Cyber Threats to Operational Technology” - Provides actionable guidance from CISA for protecting OT environments. (URL: https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology)

Cybersecurity for Physical Access Control Systems (PACS)

This reading discusses the intersection of PACS, data privacy, and security measures needed to protect systems that manage physical entry, badging, and associated sensitive data. This aligns with Course Outcome 1.5.

• Real Time Networks Blog: “Data Privacy and Compliance in Physical Access Control Systems” - Discusses security for PACS. (URL: https://www.realtimenetworks.com/blog/data-privacy-and-compliance-in-physical-access-control-systems)

Securing Emergency Communications & CCTV

These resources cover best practices for protecting communication networks used during emergencies and securing video surveillance data and systems. This aligns with Course Outcomes 2.2 and 2.5.

• Rocket.Chat Blog: “6 key components of public safety communication” - Outlines best practices for secure and reliable public safety communications. (URL: https://www.rocket.chat/blog/public-safety-communication)
• Be Structured Technology Group: “Your Guide to IP Video Surveillance & Cybersecurity” - Covers securing IP cameras and surveillance networks. (URL: https://bestructured.com/your-guide-to-ip-video-surveillance-cybersecurity/)

Data Integrity for Operational Records

This resource provides general best practices applicable to securing operational logs such as inspection records, NOTAMs, and maintenance logs, focusing on ensuring their accuracy and trustworthiness. This aligns with Course Outcome 1.3.

• Hevo Academy: “Top 10 Data Integrity Best Practices” - General best practices for maintaining data integrity. (URL: https://hevoacademy.com/data-management/data-integrity-best-practices)

External Resources

• Airport Safety & Part 139 Certification:
  • Video: FAA - “BACK TO BASICS Part 139 Inspection” (Provides insights into the Part 139 inspection process). Link: https://www.youtube.com/watch?v=9S104ucj_1c
  • Video: (User: NATA CS) - “Airport Safety Self-Inspection (1/3)” (Though potentially older, it covers basics of self-inspection). Link: https://www.youtube.com/watch?v=Q1RGDy-3rqo
• Wildlife Hazard Management:
  • Video: FAA - “FAA Wildlife Video” (Discusses wildlife strike risks and mitigation efforts). Link: https://www.youtube.com/watch?v=f2nuO4PZKF0
• Airport Emergency Management (AEP, NIMS/ICS):
  • Video: Aviation Roster - “Emergencies at an Airport and Roles of Responding Agencies” (Provides context on AEPs and agency coordination). Link: https://www.youtube.com/watch?v=jDaAAKpZKpE
  • Video: Los Angeles World Airports - “Training 101 for SEMS, NIMS and ICS (Incident Command System)” (Explains NIMS/ICS concepts relevant to airport emergency response). Link: https://m.youtube.com/watch?v=ekE1vvA01z8
• Airport Security Program (ASP) & TSA Overview:
  • Video: Frame Rater - “How Does TSA Work” (General overview of TSA’s role and some security measures). Link: https://m.youtube.com/watch?v=2gSvVqHXvxs
  • Website: AAAE - “Airport Security Coordinator (ASC) Certification” (Provides context on topics covered for ASCs, which align with ASP requirements). Link: https://www.aaae.org/your-career/asc
• Cybersecurity for Operational Technology (OT) / SCADA Systems:
  • Video: Fortinet - “Cybersecurity for Industrial Controls and Operational Technology Environments” (Discusses securing OT, relevant for systems like airfield lighting, NAVAID data links, and maintenance system interfaces). Link: https://www.youtube.com/watch?v=sRjjuzonVBk
• Physical Access Control Systems (PACS) Cybersecurity:
  • Video: MidChes - “What are Physical Access Control System (PACS) credentials?” (Basic overview of PACS and credential types, highlighting the data involved). Link: https://www.youtube.com/watch?v=awMm_16PWAg
• Securing IP CCTV Systems:
  • Resource: ACC Telecom - “12 Security Camera System Best Practices — Cyber Safe” (PDF whitepaper with best practices for securing camera systems). Link: https://www.acctelecom.com/wp-content/uploads/2019/05/12-Best-Practices-White-Paper.pdf
  • Note: Specific overview videos on securing CCTV are less common than product showcases; the linked PDF provides good practices. General OT security principles also apply.