How the first U.S. state-owned airport is proactively defending against cyberattacks

MGT Technology Cybersecurity Case Study: Rhode Island Airport Corporation (RIAC)

The aviation industry is under attack from cybercriminals compromising flight plans, passenger data, and operations through ransomware and phishing. Learn how MGT Technology and the Rhode Island Airport Corporation are protecting and defending customers and communities from cyber disruption, including ransomware, phishing, spoofing, fraud, internal security threats, and attacks on payment systems.

Aviation cybersecurity is a herculean effort within a complex airport ecosystem of airlines, government regulations, passengers, employees, operators, and third-party service providers employing a variety of systems including air traffic control, transportation, ticketing, baggage handling and screening, customs and immigration, IT, and communications services. Securing the connectivity and safety of the aviation industry and the people depending on airline services on and off the ground is a 24/7/365 imperative.

Backstory

The Rhode Island Airport Corporation (RIAC), established in 1992, is based at T.F. Green International Airport in Warwick, Rhode Island. T.F. Green has experienced tremendous growth and expansion since its establishment in 1931 as the first state-owned and operated airport in the United States.

Going forward

RIAC is responsible for the design, construction, operation and maintenance of the six state-owned airports, which include the state’s main commercial airport, Rhode Island T. F. Green International Airport, and a network of five general aviation airports throughout the state: Block Island, Newport, North Central, Quonset and Westerly.

The direct economic impact of Rhode Island’s five general aviation airports is approximately $37 million. That number expands to $50 million when indirect economic benefits are factored in. Over the past 15 years, approximately $70 million has been spent on upgrades to the terminals and airfields.

RIAC recently undertook a strategic business and master planning process for Rhode Island’s general aviation airports. To accomplish this multi-year undertaking, RIAC formed an internal task force comprised of experts in the fields of infrastructure, planning, finance, legal and property management and relied on consultants to help evaluate opportunities and potential infrastructure needs.

Cybersecurity and safety – Priority #1

Cybersecurity of aviation infrastructure is a non-stop, mission-critical science to protect and harden each link within the massive network of IT architecture, data, devices, and users on the ground and in flight globally. As part of RIAC’s master planning process, MGT Technology partnered with RIAC to assess, remediate, and improve its cybersecurity and resiliency against cyberattacks.

In supervising of all Rhode Island civil airports, landing areas, navigation facilities, air schools and flying clubs, RIAC’s network has approximately 200 users. The infrastructure to be assessed includes about 50

virtual servers and 20 physical services with about 16,000 internal IP addresses.

Challenges facing airports are immense, including aging IT systems, increasing global connectivity, heightening industry and government regulations, and evolving, sophisticated cybersecurity technologies to defend against the ever-growing and dangerous criminal landscape of cyberattacks that threaten catastrophic, costly impacts to millions of people daily.

Mission-critical Cybersecurity Action Plan

At the outset, MGT Technology executed a comprehensive IT cybersecurity assessment for business functions and connected airport operations including ticketing, security, airfield lighting, recording and baggage handling systems, and other critical aviation functions. The assessment included a review of the current state of RIAC’s information technology security, penetration testing for identification of cybersecurity vulnerabilities, and the execution of a mitigation plan with a prioritized pathway to harden RIAC’s cyber security posture for greater cybersecurity resiliency and defense.

Solution

With national public sector experience in conducting aviation and transportation cybersecurity assessments for Dallas-Fort Worth Airport, and managed detection and response services (MDR) for government agencies nationally, MGT included former CIOs from Philadelphia International Airport and Cleveland Hopkins International Airport on the MGT Technology team for RIAC. MGT developed a comprehensive assessment and resiliency plan to harden RIAC’s overall cybersecurity posture, safeguard critical infrastructure, and protect public safety.

Project Key Success Factors

Comprehensive NIST-based security assessment of the current IT environment to address both business and airport functions.
Cybersecurity roadmap with prioritized recommendations and maturity modeling for ongoing quality control improvements.
Key performance indicators and success measurements for implementation of recommended remediations and cybersecurity enhancements.
Information technology change management plan to further engage RIAC leadership and key stakeholders to help the RIAC IT team maintain organizational buy-in for necessary resources to sustain long-term success.
Ongoing cybersecurity monitoring, evaluations, and recommendations to navigate the changing aviation and cybersecurity landscape with key security best practices of NIST CSF, 800-53.

Process

Baseline awareness of the RIAC environment and data collection required for analysis and testing (e.g., applications, database, end point devices, network and servers).
Inventory of current system hardware, virtual machine environment and network design and functionality to ensure an effective and complete approach towards evaluating systems and networks.
Reconnaissance of RIAC functions, including business operations and connected airport functions including security, airfield lighting, recording and baggage handling systems, for network and services mapping.
Execution of in-depth IT security vulnerability assessment and threat scanning of RIAC’s logistical and physical IT infrastructure, including security policies, procedures and governance documentation, followed by critical, imminent threat report and comprehensive remediation plan, including penetration testing.
Pre-test and prioritization of RIAC IT infrastructure against malicious exploits, ransomware and phishing, and false positives; validate system-specific configurations and review for known exploits including firewalls, switches, routers, web servers, network servers, and storage.

Behind the Scenes: Identify, Protect, Detect, Respond and Recover

MGT Technology’s security assessment methodologies are grounded in well-established, proven standards and frameworks of the NIST Cybersecurity Framework (NIST CSF), CIS Critical Controls, CMS MARS-E 2.0, IRS Publication 1075, ISO 27002, OWASP, FERPA, HIPAA and HITECH and PCI Compliance.

The framework is organized into five functions: Identify, Protect, Detect, Respond and Recover. This functional view guides an organization in managing cybersecurity risk by organizing information, prioritizing risk management decisions, addressing threats, and improving by learning from previous activities. Proactive implementation leads to outcomes that support the cybersecurity vision and mission of the organization. In methodically following the NIST standards applied by MGT, clients can be assured of an assessment that encompasses all the domains and controls stipulated in the guidelines.

Developed by experts across government and industry, CIS Controls recognize that not all threats are equal and therefore CIS Top 20, Version 7 brings organizations through a hierarchy that progresses from basic controls that are essential for cybersecurity readiness, to the foundational controls that represent technical best practices and proven security benefits, to the organizational controls that focus on the people and processes of cybersecurity.

Key Results

Identify Threat Sources and Events – Offense Informs Defense Visibility of the total IT environment and what threat sources are relevant to minimize noise and false positives. MGT uses knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses, including only those controls that can be shown to stop known real-world attacks.
Identify Vulnerabilities and Predisposing Conditions Understand administrative, managerial, procedural, and technical vulnerabilities within the organization that could be exploited through defined threat sources as well as the current predisposing conditions that could lead to malicious exploitation.
Evaluate Likelihood of Occurrence Gauge the likelihood that the identified threat sources would execute certain threat events and the likelihood of these events being successful cyber attacks and threats.
Prioritize Magnitude of Impact Assess the business impact on organizational assets, individuals, related organizations, and the nation, in combination with the likelihood of threat exploitation of vulnerabilities including any uncertainties.
Measure and Communicate Organizational Risk Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so required adjustments can be identified and implemented quickly.
Diagnose and Mitigate with Automation Implement continuous measurement to test and validate the effectiveness of current security measures and employ automation to achieve reliable, scalable, and continuous improvements for greater cybersecurity resiliency.