In 2017, the operation of Boryspil airport was blocked by the PetyaA computer virus. A few months later, the information system of the international airport “Odessa” was subjected to a hacker attack, and in 2019, cyber criminals attacked the information center of the new terminal of this airport: hackers misinformed passengers by posting false information about canceled flights.
However, one of the most impressive cases, which caused a resonance in professional circles, occurred at the airport “Kyiv” in November this year. White hacker just in the waiting room connected to public Wi-Fi, gained access to the internal network of the institution, in 15 minutes made more than 20 screenshots confirming access to many important systems and services of the airport, and posted them on his page in Facebook.
The history of incidents indicates that they will be repeated. Is the aviation industry ready for this? How can we strengthen the cybersecurity of our airports, especially given that each of them is actually a critical infrastructure object and has certain vulnerable zones?
Experts were looking for answers to these extremely important questions in the framework of the discussion panel “Implementation of information technologies and ensuring cybersecurity of aviation transport infrastructure”.
The meeting was held at the Ministry of Infrastructure of Ukraine at the meeting of the Board of the Association “Airports of Ukraine” of Civil Aviation (AAUCA) and was initiated by the IT-Committee of the Association and the NGO “International Cybersecurity University”.
The discussion was attended by the Ministry of Infrastructure, public organizations, cybersecurity experts: Director of Directorate of digital infrastructure in transport Farid Safarov, representatives of IBM – Vitaly Voropay and Alexander Pavlenko, Cisco –Vladimir Ilibman, IFES – Vladlen Basisty, GigaSafe – Valery Yatskivsky. The discussion panel was moderated by the Chairman of the IT-Committee of the AAUCA, Director of the NGO “International Cybersecurity University” Yevgeny Vladimirov.
Main points of the meeting:
– Cyber resilience is a matter of critical importance. Today, on average, 78 % of cyber-attacks worldwide are successful. Because of each such attack, the processes in the organization can stop, as a result, the institution suffers reputation and material losses, a cyber-attack can even lead to human losses.
At the same time, the issue of cybersecurity in the aviation industry of Ukraine is regulated by the following legal documents: ICAO Resolution A39-19 “Solving Problems of Cybersecurity in Civil Aviation” (from 06.10.2016), the Law of Ukraine “On the State Program of Aviation Security of Civil Aviation” (from 21.03.2017), the Law of Ukraine “On the Basic Principles of Ensuring Cybersecurity of Ukraine” (from 05.10.2017), obliging institutions and organizations to take measures to protect against unauthorized access and protect personal data of customers, and also provide for liability for non-compliance with these requirements.
– Regarding the cyber incident at the airport “Kyiv”. Through imperfect legislation, from a legal point of view, it is now impossible to determine whether the actions of a white hacker are a crime or not. However, for ethical reasons, the experts recommended that the relevant airport services be reported first. Imagine – the door of your apartment is open, a stranger comes to you, takes pictures of your home, all the amenities, life, goes, and then puts the photo on the Internet. How would you feel? But everyone agreed that the main thing in this situation is a warning for other airports: check the level of cybersecurity, protect your perimeter.
– All participants provided the main recommendation – every Ukrainian airport needs to conduct cyberaudit and implement preventive measures for cybersecurity. Airports are constantly being upgraded and are implementing digitalization processes. This, on the other hand, can be a source of new vulnerabilities – from the scoreboard for passengers to the accounting department. That is, the airport is moving to a new IT-level, purchasing and installing new modern equipment, but does not conduct cybersecurity measures. We need to check new IT-systems; specialists should conduct a periodic cyber-check every year, or better every half a year.
– The cybercommunity emphasizes – we are ready to help airports. Currently, the Ministry of Infrastructure of Ukraine is actively working on the development of industry, specific cybersecurity, with the help of private international companies, public organizations, and experts.
As emphasized by the Chairman of the IT-Committee Yevgeny Vladimirov, cyberaudit should be carried out not only for the sake of obtaining a certificate of compliance, but also to identify and eliminate problems and vulnerabilities. It is important to contact well-known experienced companies and experts working on international standards of cybersecurity, and what is the most important – to contact on time.









