{
  "docId": "019dd923-5ca1-7489-b639-b59a862e8cdb",
  "docSlug": "531a385a82e8bd6c",
  "documentTitle": "Airport Cyber Security Report",
  "authorId": "PAConsulting",
  "authorName": "PA Consulting",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.707,
  "pageNumber": 6,
  "pageCount": 24,
  "prevPage": 5,
  "nextPage": 7,
  "slideType": "problem_statement",
  "function": "frame_problem",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "The slide uses a case study (Istanbul airports 2013) to illustrate the vulnerability of airport systems to cyber attacks.",
  "elementsJson": [
    "headline_text",
    "paragraph",
    "callout_box",
    "footnote"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5ca1-7489-b639-b59a862e8cdb/6",
  "deckHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb",
  "deckJsonHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb.json",
  "deckAnchorHref": "/decks/019dd923-5ca1-7489-b639-b59a862e8cdb#slide-6",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Air traffic control systems, and airport and airline information technology systems, have been identified as critical transportation infrastructure that needs to strengthen security and resilience to cyber threats.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-d9f1-764a-82f3-b7d99f96c941",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.81,
        "x": 0.095,
        "y": 0.233
      },
      "kind": "paragraph",
      "text": "Also in 2013, the passport control systems at the departure terminals in Istanbul Atatürk and Sabiha Gökçen airports were shut down by a cyber attack. Passengers were forced to stand in line for hours, and the majority of flights were delayed.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "08e6a58b-d62d-4f93-b9b6-bd7b8cc5bb0e",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.81,
        "x": 0.095,
        "y": 0.312
      },
      "kind": "paragraph",
      "text": "As transport infrastructure becomes more efficient and integrated, the industry is becoming more reliant on technology in almost every area of operations. These range from sophisticated air navigation systems, on-board aircraft control and communications systems, and airport ground systems, to simple office management systems. These new technologies need to be managed through the development and implementation of structured cyber-security approaches.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "54d7de53-8756-46dd-9145-33860c2991fe",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.25,
        "w": 0.81,
        "x": 0.095,
        "y": 0.445
      },
      "kind": "paragraph",
      "text": "Air traffic control systems, and airport and airline information technology systems, have been identified as critical transportation infrastructure that needs to strengthen security and resilience to cyber threats. The U.S. Department of Homeland Security defines critical infrastructure as “assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”. Due to the increasing pressures from external and internal threats, organisations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cyber-security risk. This approach is necessary, regardless of an organisation’s current size, threat exposure or cyber-security sophistication.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "9d9cafcd-a40f-48de-a4b4-09440aabc0b4",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.81,
        "x": 0.095,
        "y": 0.48
      },
      "kind": "paragraph",
      "text": "In order to tackle this complex task, different standards, frameworks, approaches and best practices have been developed. These initiatives have typically focused on IT, but more recently have specifically tackled critical infrastructure-related OT and ICS cyber security as well. The following sections of the report provide an overview of some of the most relevant initiatives, considering both general purpose approaches and aviation-related ones. They also set out the specific experiences of four international airports based on personal interviews with cyber-security staff.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e8542bab-55cb-48b9-8d99-da96b55d73a3",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.81,
        "x": 0.095,
        "y": 0.698
      },
      "kind": "source-note",
      "text": "3-7: References to DHS and news articles regarding airport cyber attacks.",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d2f0f77d-1205-42b2-ad1d-622388362f2c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.42,
        "x": 0.095,
        "y": 0.378
      },
      "kind": "title",
      "text": "Airports as critical infrastructure",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f6b071f7-497c-4b1a-be9c-ddf5415772db",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 6,
      "from": 5,
      "beatId": "2cc2d828-255f-4f13-8534-9d1f2546caf3",
      "arcName": "Problem-Agitate-Solution",
      "arcSlug": "problem-agitate-solution",
      "beatName": "Problem",
      "beatSlug": "problem-agitate-solution-problem-identify-pain",
      "evidence": "Introduction to the problem of airport vulnerability to cyber attacks",
      "position": 0,
      "confidence": 0.8,
      "parentBeatName": "Complication",
      "parentBeatSlug": "complication"
    }
  ],
  "loops": [
    {
      "to": 23,
      "from": 5,
      "name": "Cost Of Inaction",
      "slug": "27-cost-of-inaction",
      "bestFor": "Urgent budget requests, compliance, risk mitigation",
      "matchId": "df1fbe33-c152-4191-9383-d782a386d15a",
      "evidence": "The document emphasizes the need for action to overcome cyber-security challenges",
      "position": 0,
      "objective": "Highlight the importance of taking action against cyber threats",
      "structure": "The Status Quo -> The Hidden Costs Accumulating -> The Future State of Inaction -> The Tipping Point",
      "confidence": 0.6,
      "description": "Quantify what happens if the audience does nothing"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}