The November meeting Cybersecurity Part 2 “Why it Matters” was well received by over 60 attendees. It was a general overview of the technical issues, but the conversation’s main strength was the focus on where BHS stands with other technologies in and Airport. BHS does not stand alone and is vulnerable to attacks via other digital platforms, and unwittingly can provide pathways for attacks to other systems. The potential risk is significant. The conclusion that there needs to be a focus on a common airport standard for dealing with Cybersecurity and particularly related to bid documents is on target.
The meeting started with a report from ACC President, T.J. Schultz. TJ reported on the latest news from the Hill. While the implementation of the CARES Act was $10B, much of this funding is to support capital projects, with most going to operations. Now that the election is behind us, the expectation is that the House and Senate will start working on a massive spending bill, with the house having approved another COVID Relief package of $13.5 Billion for Aviation. However, the Senate is not inclined to do a massive COVID relief package.
There is anticipation for 2021 that the Federal government comes up with a National protocol for COVID safety standards. We should also expect that there will be a lot of emphasis on Green for new infrastructure projects.
Carrie Mills, Senior Manager Cybersecurity with Southwest Airlines, shared her perspective on Cybersecurity along with a real-life example that occurred. Carrie noted that while most people think of Cybersecurity, they picture the hacker in a dark room with a hood on sitting at a computer or even or some mythical creature! In fact, Cybersecurity is a partnership between everyone in the company and vendor partners. It takes everyone to make implementation successful and protect against attacks. It also does not need to be complex. Implementing basic cybersecurity techniques will protect against the majority of events that occur.
A cybersecurity incident can happen to all of us; no one is immune. If you leave one door open or side window, the threat actor will get in, as occurred in the incident she described. This incident arose through their cloud-based remote monitoring, which had a ransomware attack on a particular device. Luckily it was internal and did not affect the public with any negativity to their brand, but it did affect operations for several days in trying to recover lost data. Ransomware attackers are finding new ways to get in and to get paid. Everyone should have an incident response plan.