Talking aviation security with Robson Freitas

What are the biggest threats to aviation now and what do you think they will be in the future?

Currently, the biggest threats to aviation are cyber-attacks. Digital technology is increasing in aviation and there is a lack of knowledge of most people regarding the devices and/or security actions necessary to keep data/networks safe.

For instance:

• On board the aircraft (flight data shared with ground and air traffic staff, automatic flight plans, GPS for precision landings, so on)
• At the airports (automated boarding pass reader, access control, security monitoring system, flight allocation and flight information system)
• By air operators (web check-in, Wi-Fi onboard).

Another threat I consider to be of great risk are terrorist attacks in public areas of airports. There are a greater movement of people and there is no type of access control, allowing “free” access to some areas. In the near future, I believe, in addition to cyber-attacks, there is a great risk for civil aviation, regarding the use of unmanned aircraft (drones) to commit attacks on the ground and/or even in flight, due to the size/speed of such equipment. In addition, drones are being improved to transport increasingly larger loads and the combat/identification technologies for such equipment are not evolving at the same speed.

What aviation security threats are most common in Brazil and how do you tackle those?

Brazil is a permanent member of ICAO and security procedures are regulated by Annex 17; therefore, I do not see an exclusive threat to Brazil. What happens is that due to cultures/economies at different levels, some situations are more common to some countries. For example, in Brazil, I currently see them as bigger problems and therefore more susceptible to attacks:

1. False threats and atypical/undisciplined passengers. In this first item, due to the absence of a “blacklist”, for example, passengers make threats and/or cause disruption at airports and in most cases go unpunished.
2. Attacks on airport cargo terminals such as TECA (cargo theft)
3. Cyber-attacks
4. Checked baggage for domestic flights.

Despite the implementation of inspection for 100% of domestic checked baggage, some airports with a large volume of passengers will not be included in this “first phase”. Regarding the global threat, based on the latest reported events, it is believed to be linked to terrorist attacks for economic/political reasons.

A very worrying issue not only in Brazil, but in the world, which is not directly linked to a threat to aviation security is the transport of narcotics.

Regarding Brazil, based on the latest surveys, the biggest threats were related to the occurrence of theft at cargo terminals, as well as false threats by undisciplined passengers.

At Confins International Airport (CNF), during AVSEC awareness training, as well as dissemination of security dialogues to members of the airport community, we seek to foster a security culture for everyone who works at the airport.

With regards to human resources, they undergo recurrent training and when flaws are identified, cause analyses are carried out and an action plan is drawn up to correct and improve procedures related to civil aviation safety.

In relation to technological resources, preventive and corrective maintenance is carried out on safety equipment and its use is interrupted when it fails, adopting a contingency plan advocating civil aviation safety.

What do you think about the merging of physical and cyber-threats?

Physical and cyber-threats become more worrying every day. With increased connectivity, cyber-attacks can be employed to hide or facilitate physical attacks or fraud.

Should they be treated separately?

I firmly believe in the need to approach security holistically. Systems integration considerably expands the attack surface, providing more points of vulnerability. This requires investments not only in advanced cyber-security technologies such as firewalls, intrusion detection systems and encryption, but also in physical measures such as access controls, video surveillance and perimeter security.

How do you see cyber-physical threats evolving in the future?

Airports represent environments with significant catastrophic potential. It is essential that both companies and government agencies invest even more in training their teams, ensuring that they are fully aware of the risks associated with the interconnectivity of systems. Proper training will enable them to act proactively to protect the organisation against these threats.

Recent research has revealed that over a fifth of UK critical national infrastructure decision makers now rank employee sabotage among the biggest risks to their organisation’s IT environment. How are security interests protected from your own employees?

Human beings often become the weakest link in the security chain. It is crucial that those responsible for physical and cyber-security adopt a proactive and restrictive stance to effectively protect organisations against a wide range of threats, especially internal ones. Furthermore, it is essential to collaborate closely with the human resources and management teams to identify behavioural deviations.

Do you think the airport sector is vulnerable?

No, but it’s important to always be alert.

What are your top tips for building a strong security culture and anticipating the next threat?

Employee awareness programmes, a security operations system (SOC) and a well-structured security information and event management system (SIEM) are essential to enable a quick response in the event of any threat.

How are you looking to improve the quality of airport security officer’s work and increase the attractiveness of the role?

Airport Security Officers are my main concern because it is specialised law enforcement work providing for the protection of civilian/commercial aviation passengers. Work involves specific security requirements, mainly for the inspection of passenger and hand baggage.

These professionals attend a regular training programme, where tests and simulations are contemplated to assess the accuracy of their decisions. Currently, artificial intelligence software and algorithms have contributed to making this professional’s decision increasingly assertive, which considerably raises the level of security at airports.

In other words, the managers of these teams need to be attentive to their mental behaviour so that it does not interfere with the routine and decision-making regarding the inspection of people and their respective hand baggage.

What is keeping you awake at night?

Without a doubt, what keeps me up at night are cybernetic attacks because they pose significant risks to airport operations, potentially leading to widespread disruption, financial losses and compromised aviation security.

I am concerned about hackers infiltrating critical systems such as air traffic control, baggage handling and security screening because, if these systems are compromised, it could result in flight delays, cancellations or even unauthorised access to restricted areas from the airport. Such attacks not only inconvenience passengers, but also have far-reaching economic consequences for airlines, airport operators and other stakeholders.

From a safety perspective, if hackers gain access to systems that control runway lights or navigation aids, they could manipulate them to create dangerous conditions for aircraft during take-off and landing. Likewise, compromising communication systems between air traffic controllers and pilots can lead to misunderstandings or delays in transmitting critical information, increasing the risk of accidents or near misses.

Additionally, cyber-attacks on passenger information databases or airline reservation systems can result in identity theft, fraud or even unauthorised access to sensitive personal information, undermining passenger confidence in air travel. Overall, the potential ramifications of a cyber-attack on airport operations underscore the urgent need for robust cyber-security measures to protect the aviation industry against such threats.

Essential best practices that can help airports strengthen their security posture and defend their networks against cyber-attacks and data breaches.

Airports can take several measures to prevent cyber‑attacks, such as:

• Network security: implementing robust network security measures such as firewalls, intrusion detection systems (IDS), and encryption protocols to safeguard against unauthorised access to critical systems and data
• Regular software updates and patch management: ensuring that all software and systems are up to date with the latest security patches and updates to address vulnerabilities and prevent exploitation by cyber-attackers
• Employee training and awareness: providing comprehensive training programmes to airport staff to increase awareness of cyber-threats, phishing scams, and best practices for cyber-security hygiene to mitigate the risk of insider threats and social engineering attacks
• Access control and privileged account management: implementing strong access control mechanisms and privileged account management practices to limit access to sensitive systems and data only to authorised personnel, reducing the likelihood of unauthorised access and insider threats
• Incident response planning: developing and regularly testing incident response plans to effectively respond to and mitigate the impact of cyber-attacks in a timely manner, minimising disruption to airport operations and reducing potential financial and reputational damage
• Collaboration and information sharing: establishing partnerships and information-sharing agreements with other airports, government agencies, and cyber-security organisations to exchange threat intelligence and best practices for enhancing cyber-security resilience across the aviation industry
• Vendor risk management: conducting thorough assessments of third-party vendors and service providers to ensure they adhere to stringent cyber-security standards and practices, reducing the risk of supply chain attacks and vulnerabilities introduced through external dependencies
• Continuous monitoring and threat intelligence: implementing continuous monitoring capabilities and leveraging threat intelligence feeds to proactively detect and respond to emerging cyber‑threats, enabling airports to stay ahead of evolving cyber-risks and vulnerabilities.

By adopting a comprehensive cyber-security strategy that encompasses these measures, we can enhance their resilience against cyber-attacks and safeguard critical infrastructure, data, and passenger safety.