October’s arrival brings several changes to our region. Changes in weather, changes in landscape colors, changes in sports. This year, Philadelphia International Airport (PHL) is planning to bring a change of its own. October is Cybersecurity Awareness Month, and after a year that saw many high-profile attacks with far-reaching implications, PHL wants to change the public’s perspective of cybersecurity.
Damian Oravez, PHL's Chief Information Security Officer explained, "The recent large-scale cyberattacks have shown that there are tangible and real-world impacts to digital threats. They can cause disruptions to systems serving large geographic areas. We interact with all types of internet connected devices and online services that make our lives more convenient, and many times provide critical services. As the world becomes more and more connected and reliant on computer systems, cybercriminals look for ways to exploit gaps in computer security which can lead to outages of systems we rely on."
The data suggests cybercriminals have become very good at exploiting those gaps, too. According to complaints submitted to the FBI, more than $4.1 billion was lost to cybercrime in 2020. "It has become big business, it’s very profitable," Oravez added. "This is why good cybersecurity hygiene is so important." It is also why PHL takes cybersecurity and Cybersecurity Awareness Month very seriously.
If you plan on visiting the airport during the month of October you may notice informational graphics throughout the campus, each with different strategies you can use in your personal life to improve your cybersecurity hygiene. These are just one part of PHL’s commitment to cybersecurity. "We want our guests to understand why cybersecurity is important and how it effects their personal lives, but we also want to communicate to them the ways our team is working to protect a critical transportation hub at PHL," Oravez said.
The airport staffs a full-time Information Security team, which monitors the airport’s network and systems 24/7 and constantly looks for ways to improve defenses. PHL is also proactive with employee education and all staff members regularly receive cybersecurity training sessions focused on current threats such as phishing and social engineering. "Cybersecurity is a team effort and would not be possible without the support of all PHL team members” Oravez said. “PHL associates are proactive every day in defending our critical systems."
The airport partners closely with federal and private sector entities such as the Cybersecurity and Infrastructure Agency (CISA), FBI, cybersecurity information sharing networks, Department of Defense, Federal Aviation Administration (FAA), TSA, and the Delaware Valley Intelligence Center that allow the airport to stay up to date on current and evolving cyber threats. "These critical partners provide a wealth of resources for assisting the airport in managing cyber risk," said Oravez. The Information Security team also maintains memberships and stays engaged with numerous private-sector cybersecurity communities including ISACA Philadelphia, SecureWorld Mid-Atlantic and ISC2.
In addition to maintaining the numerous partnerships, the Information Security team participates in several initiatives, including the yearly Nationwide Cybersecurity Review, a voluntary cyber self-assessment run by the Center for Internet Security and Homeland Security. This helps the airport gauge its cybersecurity progress and assists Homeland Security in understanding and improving national cyber risk capabilities. The airport also engages with other communities such as the Airport Council International’s Information Security community as well as the Aviation Cyber Initiative, who are tasked with reducing cybersecurity risk to the aviation ecosystem. This partnership is chaired by the Department of Defense, FAA, and DHS. "It’s our way of contributing to the larger cybersecurity community. We are most successful when we all work together as a team," said Oravez.
This year, the Information Security team at PHL hopes to expand that team by encouraging guests to employ better cybersecurity practices at home, at work, and in their communities. With all the changes occurring around us this month, remember that small changes in your everyday habits can go a long way towards making you and your communities safer online. For more information on the Cybersecurity Awareness Month initiative and how to get involved, click here.