Up next in 10
Protecting Airports: Addressing Cybersecurity Threats for Airlines
Sep 19, 2024
Join Senator Rosen as he highlights the urgent need for enhanced cybersecurity measures to protect airports and airlines from rising threats. Learn about critical infrastructure and the importance of network segmentation in safeguarding travel and tourism. #Cybersecurity #Airports #Airlines #NetworkSegmentation #TravelSafety #CriticalInfrastructure #SenateHearing #CyberThreats #ProtectingTravel #SecurityMeasures
View Video Transcript
0:00
I don't know if you're ready or not
0:01
Senator Capo um and Senator rosen's been
0:04
on the screen for some time but I know
0:06
Senator Peter you were next would you be
0:08
willing maybe to defer to Senator Rosen
0:10
I would be happy to defer to Senator
0:12
Rosen okay Senator
0:17
Rosen thank you so much Senator Peters
0:20
and thank you chair cwell I really
0:23
appreciate that and uh really appreciate
0:25
you holding this important hearing on
0:26
supporting airports and Airlines against
0:28
cyber attacks like ones that took place
0:31
in Seattle Seattle Tacoma International
0:33
Airport you know travel and tourism I
0:35
don't have to tell anyone they are the
0:37
backbone of Nevada's economy our
0:40
airports are the gateway to everything
0:42
we have to offer in Nevada so we have to
0:44
do everything in our power to protect
0:46
them along with teleports Air Traffic
0:49
Control Systems and
0:51
aircrafts together this really is
0:54
critical infrastructure and this
0:56
critical infrastructure faces complex
0:59
and everchanging cyber security threats
1:01
and challenges that we must work
1:03
together to address and mitigate and so
1:06
uh Mr little I would talk a little bit
1:08
about Network segmentation because in
1:11
the wake of the Cyber attack on your
1:12
airport you said tools ranging uh and
1:15
networks ranging from employee email to
1:17
passenger information systems and public
1:19
Wi-Fi all became unavailable so one of
1:22
the first actions taken response by the
1:24
Port of Seattle was to isolate critical
1:27
systems however basic cyber hygiene
1:30
recommends that Network should already
1:31
be segmented in a way that separates
1:34
critical services including the
1:35
separation of public and internal
1:38
systems and so Mr Lil I know uh Senator
1:41
Welch talked about this a little bit but
1:43
in what ways were critical systems at
1:45
the airport connected to public systems
1:47
so you have critical systems were they
1:50
connected to external websites were they
1:52
exter connected to public Wi-Fi whereby
1:55
ransomware could really gain access to
1:58
them and impact all of the systems at
2:00
once are they segmented in such a way
2:03
yes thanks for the question Senator one
2:05
of the reason why we were able to
2:07
recover so quickly or to have some of
2:09
our services not interrupted is actually
2:11
because we have segmentation so for
2:14
example our access control system was on
2:16
a totally segmented um Network or um
2:18
Conveyor Systems were on a totally
2:20
different um Network so the the the
2:23
network that was actually impacted again
2:26
was segmented that's something that we
2:28
have been doing for years and one of the
2:30
Lessons Learned is we'll actually do
2:32
actually more um segmentation but there
2:34
are several systems at the airport that
2:36
was not impacted because of
2:38
segmentation well fantastic I want to
2:40
build on that with General Reynolds
2:42
because we have Airline networks we know
2:45
they interact with airport systems
2:47
Airlines and airports that's how you
2:48
update a lot of information right so how
2:51
vulnerable is this inner operability
2:54
between the Airlines and the airport
2:56
systems in the event of a Cyber attack
2:58
how do you segment or or mitigate um
3:01
this threat as airport as Airlines and
3:04
airports uh talk to each other of course
3:06
in this case we'll just use this for an
3:07
example getting your
3:09
bags Senator thank you for the for the
3:12
question um as I I stated up front our
3:14
programs mature programs they're
3:16
risk-based threatened form which means
3:18
we follow uh standard practices uh for
3:21
example the cyber security framework
3:23
that nisp puts out is one of the
3:25
foundational principles that we follow
3:27
the standards that we follow one of the
3:29
things you do in those in those
3:30
circumstances that you you identify your
3:33
systems and then prioritize those that
3:35
are critical less critical and in the
3:37
identification you look for those those
3:39
connections you're talking about and
3:41
those in those connections you're then
3:43
looking to see what controls can I put
3:46
around those areas to minimize the risk
3:49
that um that you may have when you
3:51
connect systems to one another that's
3:53
great because I want to bring up
3:55
something really important while you
3:56
talk about connecting systems to
3:58
mitigate risk because we have
4:00
third-party vendor cyber security issues
4:02
potentially last month cyber security
4:04
researchers found vulnerabilities in a
4:07
tool that supports the known crew member
4:09
program which allows pilots and crew
4:11
members to pass through TSA without
4:15
screening without screening so General
4:17
Reynolds to provide guidance to member
4:19
Airlines to ensure that they're doing
4:21
their due cyber diligence with vendors
4:24
this intersects with Airlines it
4:25
intersects with our security our
4:28
personal security our homeland security
4:30
and would it be better to uh have all
4:33
the airport um crew maybe they have
4:36
their own lane but they use the same uh
4:38
kinds of identification that we use
4:40
every day when we go through TSA uh
4:43
Senator thanks for that question it's a
4:44
good question um I will say my expertise
4:47
is not known crew member program that's
4:50
that's not where I that's not where my
4:51
expertise is at I will say we're happy
4:53
to take your your question back to those
4:55
that the program leads and try to get
4:57
you better information thank you I sure
4:59
appre appreciate that and Senator
5:01
catwell thank you again Senator Peters
5:04
uh yield back well thank you uh Senator
5:06
Rosen takes a cot programmer to ask some
5:09
really tough questions here Witnesses so
5:11
thank you for
5:12
that I I think it's important right
5:15
these issues on interop abilities and
5:17
vulnerabilities because I think that's
5:18
what we're really talking about today
5:20
the the most V
#Air Travel
#Computers & Electronics
#Network Security
#Security Products & Services