{
  "docId": "019dd923-5ca1-7489-b639-b59a862e8cdb",
  "docSlug": "531a385a82e8bd6c",
  "documentTitle": "Airport Cyber Security Report",
  "authorId": "PAConsulting",
  "authorName": "PA Consulting",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.707,
  "pageNumber": 15,
  "pageCount": 24,
  "prevPage": 14,
  "nextPage": 16,
  "slideType": "industry_trends",
  "function": "establish_context",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "The slide uses a narrative structure to explain the complexity of cybersecurity in airports, touching on ISO 27001, NIST CSF, and the organizational challenges of IT/OT convergence.",
  "elementsJson": [
    "photo",
    "paragraph"
  ],
  "metadataConfidence": 0.9,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5ca1-7489-b639-b59a862e8cdb/15",
  "deckHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb",
  "deckJsonHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb.json",
  "deckAnchorHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb#slide-15",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "IT and OT worlds are converging - it's no longer possible to manage them separately.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-d9f1-764a-82f6-12fccd4bf126",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 1,
        "w": 0.4,
        "x": 0,
        "y": 0
      },
      "kind": "image",
      "text": "Technicians working on airport infrastructure",
      "attrs": null,
      "subkind": "photo",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "19a21bf7-82e3-440d-ad20-862785b833f9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.42,
        "x": 0.52,
        "y": 0.48
      },
      "kind": "paragraph",
      "text": "With the growing need for businesses to utilise and exploit their data for business efficiencies, it has never been more essential to integrate IT with OT. Airports are no different in this respect, with the complication that a large part of their business is to provide the systems and services to support their tenants, ranging from airlines to retail outlets.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "00b1fc1e-c1d1-4c5b-be41-c48159f8a418",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.42,
        "x": 0.52,
        "y": 0.12
      },
      "kind": "paragraph",
      "text": "For example, ISO 27001 is an international standard, while the NIST Cybersecurity Framework (CSF) is a US framework that has been adopted by many countries. Airports operating in countries with a compliance culture for cyber security are more focused on implementing controls, while others take more of a risk-based approach. While both models have their merits, airports need to choose a method that suits them in identifying gaps and addressing cyber-security risks.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "52d1b48e-d9a3-4fb8-a72d-a88fd77952c7",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.11,
        "w": 0.42,
        "x": 0.52,
        "y": 0.57
      },
      "kind": "paragraph",
      "text": "The distinction between IT and OT is also diminishing with the increased use of underlying IT technologies in OT. For example, Ethernet and TCP/IP enable the provision of new types of systems and services. These two domains are still being treated separately, with the responsibility typically sitting with different functions in the business. Systems and services should be viewed on an IT/OT range and managed accordingly to mitigate the cyber-security risks that could affect their normal operation.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "55dea3be-25ae-4f1a-8c15-cfdde07bb8bc",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.21,
        "w": 0.42,
        "x": 0.52,
        "y": 0.69
      },
      "kind": "paragraph",
      "text": "OT is typically seen as the responsibility of operations where the safety and availability of systems and services are key. IT is viewed in the traditional sense of information management, where importance is placed on the confidentiality and integrity of data used by systems and services. As the ultimate responsibility sits with different roles, only by working together can there be effective oversight of cyber-security risks across the airport. In some, but not all, of the airports interviewed, the responsibility of both IT and OT security lay with the same individual, which may help provide a more balanced view of the cyber risks. Without this balance, there is a risk that cyber security will be seen as only affecting IT systems.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ade12213-95a6-4321-b319-adff11bb19c6",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.42,
        "x": 0.52,
        "y": 0.26
      },
      "kind": "paragraph",
      "text": "There are many factors that can affect an airport's threat profile, including the time of year. For example, in the summer months, airports typically have a greater number of daily passengers, which can increase the threat and impact of a cyber security-related incident. During these busy periods, there are greater pressures to maintain and even extend the availability of airport systems and services, leading to reduced maintenance windows. This compound effect of increased threat and reduced maintenance windows results in airports operating at increased levels of risk. It is important for airports to recognise such trends and implement mitigation strategies.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "b16607da-83e7-4d87-b705-3fba7f73c358",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.01,
        "w": 0.2,
        "x": 0.1,
        "y": 0.98
      },
      "kind": "source-note",
      "text": "© PA Knowledge Ltd | April 2018",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0472b805-fed6-447b-8887-c0c1950ed574",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.35,
        "x": 0.595,
        "y": 0.03
      },
      "kind": "title",
      "text": "HOW DO THESE TRENDS IMPACT AIRPORT CYBER SECURITY?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f7d7a1e6-864a-4b2a-a7fb-f1eedf613943",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.42,
        "x": 0.52,
        "y": 0.24
      },
      "kind": "title",
      "text": "Threat profile can be affected by the time of year",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "54be0ec0-fd94-420f-b858-1bdb950600dd",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.04,
        "w": 0.42,
        "x": 0.52,
        "y": 0.44
      },
      "kind": "title",
      "text": "IT and OT worlds are converging - it's no longer possible to manage them separately",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6900fe8e-f222-4c3d-b792-aeb8261bf2a7",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Logical chain",
      "slug": "logical-chain",
      "agent": null,
      "layer": "slide",
      "matchId": "d85dd6a7-fc8c-46e3-b52c-13277f9ae3e1",
      "evidence": "IT and OT worlds are converging - it's no longer possible to manage them separately",
      "confidence": 0.6
    }
  ],
  "frameworks": [],
  "arcBeats": [],
  "loops": [
    {
      "to": 23,
      "from": 5,
      "name": "Cost Of Inaction",
      "slug": "27-cost-of-inaction",
      "bestFor": "Urgent budget requests, compliance, risk mitigation",
      "matchId": "df1fbe33-c152-4191-9383-d782a386d15a",
      "evidence": "The document emphasizes the need for action to overcome cyber-security challenges",
      "position": 0,
      "objective": "Highlight the importance of taking action against cyber threats",
      "structure": "The Status Quo -> The Hidden Costs Accumulating -> The Future State of Inaction -> The Tipping Point",
      "confidence": 0.6,
      "description": "Quantify what happens if the audience does nothing"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}