• Thursday, July 25, 2024
businessday logo


Explainer: How Nigerian airports guard against cyber-attacks

Explainer: How Nigerian airports guide against cyberattacks

Nigeria and the rest of the world are in the midst of a technologically-driven revolution. The Covid-19 crisis made the revolution faster as more airports looked for ways to reduce face-to-face interactions and accelerated technology innovations for passenger facilitation.

For airports and their passengers, this has the potential of bringing substantial opportunities and benefits. The World Economic Forum reported earlier this year that artificial intelligence alone is expected to boost global economic growth by 14 percent by 2030.

Airports and airlines across the world have continued to move from manual processes to deploy technology innovations that make the travel experience seamless, and Nigeria is not left out in this global transition.

Last year, the Federal Airports Authority of Nigeria (FAAN) started deploying the acquired new technology across the international airports in the country. Some foreign airlines have already been integrated into the new technology.

The new technology, called Common Use Passenger Processing System (CUPPS), is an improvement on the previous one called the Common Use Terminal Equipment.

The CUPPS is an IT solution that enables multiple airlines, service companies, or other users to use a uniform electronic interface for sharing physical check-in.

Rabiu Yadudu, managing director of FAAN, said the new technology and other facilities would be deployed in the five international airports, in addition to self-service kiosk, departure control and baggage reconciliation systems and Flight Information Display System.

However, these opportunities also present themselves with cyber risks. Investing in digital transformation implies both complexity and expense, and could therefore be seen as high risk.

Conversely, failure to invest would see airports become increasingly vulnerable in the face of ever-expanding and dangerous cyber threats, with potentially catastrophic effects.

Jude Ozinegbe, founder and convener of Cyberchain, told BusinessDay that a major effect of cyberattacks is that there is a network breach and there could be loss of data, manipulation, or loss of passengers’ trust.

Ozinegbe explained that amid the increase in technology and cloud services, nations’ digital footprint will also increase, adding that this is why every nation, including Nigeria, need to beef up their cybersecurity posture because the next phase of war may not be fought using missiles or nuclear weapons but cyber wars, where the critical infrastructure of an organisation could be attacked and taken down.

He said: “Part of the ways to protect our critical infrastructure is early detection. Implementation of cybersecurity detection, and prevention mechanisms are key. There is hardware or software that is installed along the network infrastructure to achieve this.

“There are also cybersecurity policies in place to keep network and data safe. There are also Unified Treat Management Gateways. There are multiple cybersecurity policies, steps, guidelines and installations to ensure that a network is safe.”

He said response time is always very important in fighting cyberattacks.

He explained that early detection help inform cybersecurity experts that there is an attempted breach, adding that when these pieces of equipment are put in place, they trigger an alarm when there is an attempted breach and the response to help mitigate against the attack.

Ozinegbe said: “In the case where there is a successful breach or attack, there has to be a cybersecurity policy for service restoration. There should also be back-up and archival processes because if these things happen and there is a loss of data, the organisation should not be handicapped. They should have backup plans to restore services and data.

“Cybersecurity experts need to be better trained, and airports authorities should always engage them. Money should be spent on equipment and infrastructure as well as personnel training. Airports should imbibe cybersecurity best practices.

“Also, blockchain can help airports decentralise data and distribute them. So they will be sitting on multiple servers, spread in multiple locations. This way, if one server goes down, the network will not go down because the information is being shared real-time online from multiple servers. This will help you reduce the risk of having the entire network being compromised.”

Seyi Adewale, chief executive officer of Mainstream Cargo Limited, said it’s a good thing that FAAN has outsourced this core service to efficient and effective service providers such as SITA.

Adewale however noted that employees working in the IT Departments, SITA and other ICT interfacing units must have their background checked often with them signing clauses with ‘Read & Sign’ indications regarding information sharing.

“Also, the staff must be made to understand that when I’m doing they must not respond to queries, inquiries, file sharing until they seek out relevant ICT representatives to advise them,” he added.

Last week, Russian-speaking hackers reportedly hacked the websites of major airports in the United States, leaving them temporarily inaccessible.

Websites at 14 airports were hit by the cyberattacks but many of them have been restored.

Speaking to ABC News, a senior official said that the impacted systems do not manage air traffic control, internal airline communications and coordination, or transportation security.

The cyberattacks, called denial of service, were designed to disrupt systems that are used by people to check flight timings and other information.

The websites for Des Moines International Airport, Los Angeles International Airport and Chicago O’Hare International Airport were attacked by hackers.

Read also: Explainer: What proposed Lekki-Epe International Airport means for Lagos

The website of Denver International Airport was also compromised.

John Ojikutu, member of Aviation Round Table and chief executive of Centurion Securities, said cyberattacks are not new in aviation.

He said: “Cyberattacks occurred in the past at some airports on the air traffic control systems by terrorists which is the most dangerous aspect and the responsible authorities must be up and doing about it.

“A review of the National Civil Aviation Security Programmes is necessary for the public and private operators. The airlines must develop adequate security measures on their computer advanced passengers pre-screening systems or advanced information systems to identify their passengers and for tracking their staff otherwise, operators could begin to be dealing more with cases of stolen identities.”

He said the purpose of cyberattacks is to distort information systems or disorientate the management possibly by the insiders’ threats to allow the external threats to have access to corporate or national security.

Sindy Foster, principal managing partner of Avaero Capital Partners, said there is no chance that Nigerian airports have fully mitigated the issue of cyberattacks.

Foster, however, hinted that technology providers, most of whom are international businesses where data protection, payment security and cyber protection are a business requirement, will have considered cybersecurity.

“Airports around the world invest heavily in cyber security. Digital transformation and cyber security go hand in hand,” she said.

Airport employees and customers could fall victim to phishing emails by clicking on infected links. In July 2020, the FBI warned of fraudulent domains that spoofed websites of American airports.

Fraudsters can pose as airport authorities or affiliated entities to defraud unsuspecting customers and vendors. In 2018, hackers breached an Australian company that issued security identity cards to airport staff for accessing planes and other restricted airport zones, seriously compromising airport security.

Also in 2018, hackers stole payment card details and other personal information of half a million British Airways customers. Such leaks can result in regulatory actions, reputational damage, and the potential loss of customers. For the above incident, British Airways paid $328 million in fines for lax data security.