CSAAP

Module 6 — Managing Advanced Airport Cybersecurity Operations, Threat Intelligence, and Future Preparedness

Overview

This final content module delves into advanced and specialized aspects of managing cybersecurity within airport operations. It builds upon previous learning by exploring the unique challenges of securing Operational Technology (OT) and Industrial Control Systems (ICS) critical to airport functions, such as baggage handling and airfield lighting. The module also focuses on practical techniques for fostering a robust cybersecurity culture, leveraging cyber threat intelligence through platforms like A-ISAC for proactive defense, and executing comprehensive cyber incident response plans integrated with overall airport emergency and business continuity strategies. Furthermore, we will analyze and prepare for the cybersecurity impacts of emerging aviation technologies including NextGen interfaces, Uncrewed Aerial Vehicles (UAVs), and Artificial Intelligence (AI).

You will engage with advanced cybersecurity concepts by examining specialized industry guidance and strategies. Key resources include ACRP Report 140 for OT security and incident response, ICAO documents on cybersecurity culture and information sharing, and analyses of emerging threats from sources like the FAA and GAO. The aim is to understand how to manage complex operational security challenges, build resilient defenses, and strategically prepare for the future of aviation cybersecurity.

This module aligns with course Outcomes 1, 2, 3, 5, and 6.

Required Reading

AAAE Certified Member (C.M.) Module Content (Contextual Background)

The following sections from the AAAE C.M. Modules provide essential background on specialized airport systems, emergency management integration, and emerging aviation technologies. This knowledge is crucial for understanding the operational context when implementing the advanced cybersecurity techniques and future preparedness strategies covered in this module.

CM Module 2: Planning, Construction & Environmental

  • Section: Airfield Design and Construction (Pages 32-57, focusing on systems like Airfield Lighting)

    Provides context on airfield systems, including lighting controls, which are often Operational Technology (OT) and require specialized cybersecurity considerations. Aligns with Outcome 2 (Objs 2.1, 2.3).

  • Section: Airport Terminal Design, Location and the Passenger Experience (Pages 62-89, focusing on systems like BMS, BHS, PACS hardware)

    Details terminal systems such as Building Management Systems (BMS), Baggage Handling Systems (BHS), and Physical Access Control System (PACS) hardware, all of which fall under OT/ICS and are critical to secure. Aligns with Outcome 5 (Objs 5.4, 5.5).

CM Module 3: Airport Operations, Security and Maintenance

  • Section: Airport Emergency Management and Communications (Pages 56-68, focusing on AEP, NIMS/ICS, EOC/Comms)

    Reviews the Airport Emergency Plan (AEP) and emergency communication systems, which are vital for integrating cyber incident response with overall airport emergency preparedness. Aligns with Outcome 2 (Obj 2.5).

  • Section: Airport Safety Programs (Pages 40-55, for context on ARFF dispatch, SICP reporting systems)

    Gives background on specialized safety programs; the systems supporting these (e.g., ARFF dispatch, SICP condition reporting) may have cybersecurity vulnerabilities. Context for Outcome 1 (Obj 1.3).

CM Module 4: Communications, Community Relations, Air Service & Future Trends

  • Section: Airspace, Air Traffic Control (ATC) and Navigational Aids (NAVAIDS) (Pages 80-95, focusing on NextGen, UAVs, Commercial Space)

    Provides foundational knowledge on the National Airspace System, NextGen initiatives, Uncrewed Aerial Vehicles (UAVs), and commercial space transportation, all of which have significant emerging cybersecurity challenges relevant to airport operations. Aligns with Outcome 2 (Objs 2.1, 2.2, 2.4) and Outcome 3 (Obj 3.5).

Key Cybersecurity Implementation & Management Readings for Advanced Operations

These documents provide direct guidance and strategies for managing cybersecurity in specialized airport operational areas, fostering security culture, utilizing threat intelligence, and preparing for future challenges.

Securing Operational Technology (OT) / Industrial Control Systems (ICS)

  • ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity (Specific sections on OT/ICS Security)

    Review relevant sections discussing the unique challenges of securing OT systems like BMS, BHS, and airfield lighting, including network segmentation and monitoring strategies. Supports practical application for Outcome 2 (Objs 2.1, 2.3) and Outcome 5 (Obj 5.4, 5.5).

  • (External Resource to be identified by Instructor): IEC 62443 Overview/Introductory Guide

    (Instructor to provide a link to a suitable public overview of IEC 62443 standards for securing Industrial Automation and Control Systems, explaining concepts like zones and conduits applicable to airport OT). Supports practical application for Outcome 2 and Outcome 5.

Cybersecurity Culture and Workforce Development

  • ICAO — Cybersecurity Culture in Civil Aviation

    This document is essential for understanding how to foster a security-conscious environment across all airport staff, implement effective training, and address the human factor in cybersecurity. Aligns with Outcome 3 (Obj 3.2 - by extension to culture) and general best practices.

Cyber Threat Intelligence and Information Sharing

  • ICAO — Cyber Information Sharing

    Explains the importance and mechanisms of sharing cyber threat information within the aviation ecosystem, including the role of ISACs. Key for proactive defense. Aligns with Outcome 3 (Obj 3.5).

  • ICAO — FAA Cyber Strategy and Interagency Coordination Mechanisms

    Provides insights into national strategies and how different agencies coordinate on aviation cybersecurity, relevant for understanding the broader information sharing and response landscape. Aligns with Outcome 3 (Obj 3.5).

  • ICAO — Aviation Cybersecurity Strategy & ICAO — Cybersecurity Action Plan — Second Edition

    These documents offer a global perspective on strategic priorities and actionable steps for enhancing aviation cybersecurity, useful for understanding international best practices and information sharing contexts. Aligns with Outcome 3 (Obj 3.5).

Incident Response & Future Preparedness

  • ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity (Specific sections on Incident Response Planning & Exercises)

    Review sections on developing, testing, and refining Cyber Incident Response Plans (CIRPs) and integrating them with airport emergency procedures (AEPs from CM Mod 3). Aligns with Outcome 2 (Obj 2.5).

  • GAO — Report 25-107947 — TSA Is Taking Steps to Enhance Cybersecurity, but Additional Actions Are Needed

    Highlights ongoing challenges and areas needing improvement in aviation cybersecurity, relevant for understanding future preparedness and emerging threats. Aligns with Outcome 3 (Obj 3.5).

  • FAA Speech: What a Tangled Web: Aviation Prosperity and Cybersecurity Risk (Link previously provided)

    Provides FAA leadership perspective on the interconnectedness of aviation systems and the evolving cybersecurity risks, especially concerning NextGen and other new technologies. Aligns with Outcome 2 (Objs 2.1, 2.4) and Outcome 3 (Obj 3.5).