Skip to navigation Skip to main content Skip to footer

Safeguarding the Future of Air Travel: Baggage Handling and OT Systems Cyber Security

The intersection of IT and OT: A new cyber security frontier

In modern airports, the efficiency and reliability of baggage handling systems (BHS) are crucial for ensuring smooth operations and positive passenger experiences. These systems, a vital component of an airport's operational technology (OT) infrastructure, manage the automated sorting, tracking, and transportation of luggage.  

As airports evolve with digital advancements, the integration of information technology (IT) and OT systems has become more pronounced. While this fusion is beneficial, it also creates a complex technical cyber security landscape and stakeholder ecosystem (e.g., airport authorities, airlines, and third-party system integrators) that requires meticulous attention and robust defenses.  

Baggage handling systems are a symphony of interconnected devices: conveyor belts, barcode scanners, RFID tags, and automated sorting machines, all coordinated by networked computers and sophisticated software. These systems are the backbone of timely and accurate baggage delivery, and any disruption can lead to significant operational challenges, such as delayed flights, lost luggage, and compromised passenger data.  

While physical security controls are a strength in airport environments, the increasingly interconnected nature of BHS — both from a wired and wireless perspective — has opened new avenues for cybercriminals and other potential threat actors to negatively impact the environment. 

It's now imperative for airports and supporting stakeholders to prioritize their Cybersecurity Implementation Plans (CIP) and Cybersecurity Assessment Programs (CAP) for BHS infrastructure.  

Unique challenges in securing OT systems

Unlike traditional IT systems, OT systems like baggage handling infrastructure often run on legacy hardware and software with decades-long lifecycles.  

These systems were not originally designed with cyber security in mind, which creates a unique challenge: Implementing cyber security measures without disrupting the high availability and reliability these systems require.  

This necessitates specialized cyber security strategies, including architecture analysis, risk assessments, effective network segmentation, and penetration testing.  

 

Emerging threats and cyber attacks on airports 

As cyber threats continue to evolve, so must the strategies to combat them. The rise of ransomware attacks, insider threats, and state-sponsored hacking presents new challenges for securing baggage handling systems.  

Ransomware attacks can cripple airport operations by locking critical systems and demanding a ransom for their release. 

Insider threats, whether malicious or accidental, pose a significant risk as they involve individuals with legitimate access to systems.  

Additionally, state-sponsored hacking groups often have sophisticated capabilities and resources, making them formidable adversaries.  

To address these evolving threats, airports must implement advanced threat detection and response strategies, stay informed about emerging vulnerabilities, and continuously update their security protocols to mitigate the risks posed by these dynamic cyber threats.  

 

Building secure foundations with architecture analysis and threat modeling  

Regular architecture analysis is crucial for identifying and mitigating vulnerabilities within baggage handling systems. This process involves a detailed review of the system's design, configuration, and implementation to ensure it meets current security best practices and standards. 

Through thorough architecture analysis, airports can proactively identify weak points, the most likely and most dangerous threat actors and tactics, and implement necessary safeguards, thereby strengthening the overall security posture of their baggage handling infrastructure.  

 

Proactive threat management  

Regular cyber security risk assessments are also critical for understanding the evolving threat landscape that baggage handling systems face. These assessments help airports identify and prioritize security risks, allowing them to allocate resources effectively and implement appropriate countermeasures. 

A proactive approach ensures that cyber security measures remain current and can adapt to new threats and changing attack vectors.  

 

Containing cyber threats to air travel through network segmentation  

In addition to standard cyber security best practices (e.g., identity and access management, credential management, asset inventories, and patch management), network segmentation is one of the most effective strategies for enhancing the cyber security of baggage handling systems.  

By dividing the network into smaller, isolated segments, it becomes significantly more challenging for cyber attackers to move laterally across the system. This containment strategy minimizes the potential impact of any security breach, ensuring that even if a cybercriminal gains access, their ability to disrupt the system is limited.  

Robust firewalls and stringent access controls between segments are essential to ensure that only authorized personnel and devices can interact with critical components of the baggage handling system.  

 

Penetration testing: The ultimate airport security check  

Penetration testing, also known as ethical hacking, plays an essential role in evaluating the security of baggage handling systems. By simulating real-world cyber attacks, penetration testers can uncover vulnerabilities and weaknesses that might go unnoticed. This hands-on testing provides invaluable insights into the effectiveness of existing security controls and highlights areas that need improvement.  

Regular penetration testing is crucial to ensure that security measures are capable of withstanding sophisticated cyberattacks. Use the Architecture Analysis, Threat Model, and Risk Assessment outputs to inform and right-size your penetration testing efforts.

Penetration testing is not a one-and-done type of situation.These efforts should be a continuous program to assess the various segments of the system and potential attack paths to improve defenses and further understand indicators of attack and compromise.  

 

The role of AI and machine learning in airport cyber security  

Artificial Intelligence (AI) and Machine Learning (ML) are increasingly integrated into cyber security strategies and offer new ways to defend against sophisticated cyber threats.  

In the context of baggage handling systems, AI and ML can enhance threat detection by analyzing vast amounts of data and logs to identify unusual patterns or anomalies that might indicate a cyber attack. These technologies can also automate routine security tasks, such as monitoring network traffic and managing access controls, freeing human resources to focus on more complex issues. 

Furthermore, AI and ML can predict potential vulnerabilities based on historical data and emerging threat trends, allowing airports to address security gaps before they are exploited. Integrating these technologies into cyber security strategies provides a powerful toolset for maintaining the integrity and security of baggage handling systems in an increasingly complex threat landscape.  

Navigating a unified approach to collaboration and industry standards

Securing baggage handling systems requires a collaborative effort between stakeholders, including airport authorities, airlines, technology vendors, systems integrators, and cyber security experts.  

Implementing best practices such as regular software updates, employee training on cyber hygiene, and incident response planning is essential for building a resilient security framework.  

Additionally, adopting industry standards and frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Transportation Security Administration Security Directives and Emergency Amendments, provides a structured approach to managing cyber security risks and enhancing system resilience.  

Regulatory and compliance considerations  

Given the critical nature of airport operations, regulations and compliance standards must be met to ensure the cyber security of baggage handling systems. Airports are often required to adhere to national and international standards governing operational technology (OT) systems and safeguarding of passenger data.  

Regulations such as the General Data Protection Regulation (GDPR) emphasize the importance of protecting personal information, and aviation-specific guidelines from organizations like the International Air Transport Association (IATA) provide frameworks for securing air travel infrastructure.  

Compliance with these regulations is not just about avoiding penalties; it's about building a resilient cyber security posture that can withstand threats and maintain trust in air travel. Airports must continuously monitor regulatory changes, conduct regular compliance audits, and implement best practices to meet these stringent requirements.  

Airport cyber attacks in the real world

One only needs to conduct a quick internet search to see a long list of recent, notable cyber attacks that have impacted airports. While most of these did not touch BHS, they provide real-world examples of the impact cyber attacks can have on airport operations on the overall transport network and regional economies.  

 

Los Angeles International Airport (LAX), August 2023:

LAX experienced a ransomware attack that disrupted airport operations, including flight schedules and internal communications. The attack forced the airport to temporarily shut down some systems while IT teams worked to restore services and secure their networks. 

 

Air India, March 2023:

A cyber attack targeted the airline's IT systems, including those affecting airport operations. This led to disruptions in flight bookings, check-ins, and other passenger services at various airports where Air India operates. 

 

Hong Kong International Airport, January 2023:

This attack affected airport operations, including security screening systems and flight information displays. The disruption led to delays and operational challenges as IT teams worked to mitigate the impact and secure the systems.  

 

Copenhagen Airport (CPH), October 2022:

Copenhagen Airport faced a cyber attack that compromised several of its operational systems. The attack impacted flight scheduling and check-in processes, causing delays and requiring emergency response measures to restore normal operations.  

 

Brussels Airport, June 2022:

Brussels Airport was targeted by a sophisticated cyber attack that affected its passenger processing systems. The incident caused delays and disruptions in airport operations, highlighting vulnerabilities in critical infrastructure. 

 

Manchester Airport - February 2022:

Cyber attackers targeted the airport's systems, causing check-in and baggage handling interruptions.  

The future of secure air travel  

As baggage handling systems become more automated and interconnected, the importance of comprehensive cyber security measures cannot be overstated. Protecting BHS OT systems from cyber threats and safeguarding passenger information records are critical for the traveling public to maintain trust in air travel and the supporting infrastructure.  

By addressing the unique challenges of OT cyber security and fostering collaboration among stakeholders, airports can enhance the resilience of their baggage handling systems and ensure the future of secure, efficient air travel.  

In today's digital age, cyber security is no longer an optional extra—it's a fundamental requirement for the safe and reliable operation of baggage handling systems worldwide.  


Jeff Hall, Sc. D., CISSP, GISCP

Jeff Hall, Sc. D., CISSP, GISCP

Principal Security Consultant & Aerospace Lead, NCC Group NA

Driven by a passion for safe and secure operation, Dr. Jeffrey Hall has over 35 years of proven success working across private industry, DoD, and OGA aviation in the engineering, design, development, and integration of aircraft, unmanned systems, avionics, and OT systems. He’s developed a unique skill set of understanding the mission, embedded systems, cyber resiliency, and strong management and engineering skills providing comprehensive solutions to complex problems from initial design to end of life.

Dr. Hall was a recognized Navy Cybersecurity Safety (CYBERSAFE) aviation cybersecurity technical area expert and cyber warfare subject matter expert. He has extensive knowledge of cyber threats and is also skilled in adversarial cyber risk assessments and incident response (including SCADA/ICS/ embedded systems).