Commercial, Regulation

Do Airports Need to Be Mandated to Adopt Cybersecurity Practices?

Experts testified before Congress that more needs to be done to get airports and the aviation industry as a whole to adopt cybersecurity standards. (Don Wilson)

Cybersecurity standards and best practices don’t appear to be widely adopted by airports and, given pervasive cyber threats, Congress should consider directing the adoption of these standards across the aviation industry, an airport executive told a House panel on Thursday.

Citing a 2015 survey, Michael Stephens, EVP for information technology and general counsel at Tampa International Airport in Florida, said that only 34% of respondents “indicated that they had implemented a national cybersecurity standard or framework.” The survey was done by the Airport Cooperative Research Program, which is industry led and sponsored by the FAA.

Rep. John Katko (R-N.Y.), chairman of the House Homeland Security Committee’s Subcommittee on Transportation and Protective Security, told Stephens the results of the survey are “frightening.” He raised concerns that a successful cyber attack against planes and trains could “weaponize” these systems.

In prepared remarks, Stephens said, “I believe that we are at a point in the growing threat environment where voluntary compliance is no longer adequate. I believe strong consideration should be given by Congress and by regulatory agencies such as the FAA and the Transportation Security Administration, which have primary responsibility for oversight and regulation of aviation operational safety and security respectively, to mandate the adoption and implementation of uniform minimum cybersecurity standards and frameworks.”


Finish reading this story at Defense Daily.

Receive the latest avionics news right to your inbox