Navigating cyber threats: SEA, PIT and VIE share strategic insights into effective cybersecurity

The following article was published by Future Travel Experience

Cybersecurity has become a critical focus within the air transport industry as cyber threats grow more sophisticated. In this article, SEA, VIE and PIT share valuable insights into their cybersecurity strategies.

Cybersecurity has become a critical focus within the air transport industry. As cyber threats grow more sophisticated, airlines and airports are taking proactive measures to safeguard operations and protect passengers. According to SITA’s recently published 2024 ‘Air Transport IT Insights’ report, 66% of airlines and 73% of airports have named cybersecurity as one of their top three priorities. In this deep-dive article, Seattle-Tacoma International Airport, Pittsburgh International Airport and Vienna Airport share valuable insights into their cybersecurity strategies. This topic will also be further examined in the FTE Cybersecurity Symposium during the FTE World Innovation Summit (Pittsburgh, 13-15 May 2025).

SEA’s focus on a heavily tiered approach to cybersecurity

Seattle-Tacoma International Airport (SEA) – a Corporate Partner of the FTE Digital, Innovation & Startup Hub – has a robust cybersecurity infrastructure. At the core of the airport’s model is limiting access only to the services that are needed. Ahead of his participation in the Cybersecurity Symposium at the FTE World Innovation Summit (Pittsburgh, 13-15 May 2025), Matt Breed, CIO, Port of Seattle, shares some compelling insights with Future Travel Experience.

“We focus on a heavily tiered approach, with least privileged access at the heart of our security model,” Breed explains. “Access to advanced services is accomplished via dedicated devices tied to specific individuals. Our user environment is segmented from our security tiers and requires multiple authentication factors to access services.”

Cybersecurity is, of course, extremely critical to the safe operation of airports and air travel. Airports are considered critical infrastructure and are increasingly targeted due to the need to maintain a large on-premises footprint, and the criticality assigned to restoring services. “Threat actors are highly organised and extremely well-funded – cybersecurity damages outpace cybersecurity spending by several orders of magnitude,” says Breed. “To properly maintain a good cyber-profile, airports should focus on limiting their overall attack surfaces. A push to cloud services, when appropriate is key. Vendor and contractor access should be limited to named individuals and supervised. A third-party security operations centre (SOC) and/or a managed security provider are highly encouraged, especially for airports that cannot fully staff a 24/7 cyber ops group.”

With the growing use of smart technologies and digital infrastructure in airports, balancing the need for innovation with the requirement to protect sensitive passenger and operational data from emerging cyber threats is a constant challenge and needs to be fully baked into an airport’s technology architecture. “Defined interface points to smart technologies – APIs etc – are critical, as well as making sure that these technologies are only granted the access that they need to perform their functions – leased privileged access,” Breed shares. “With clearly defined architecture and operational guidelines new systems can be procured and dropped into place while limiting their risk to the overall enterprise technology environment.”

Breed adds that SEA collaborates extensively with government agencies and other industry stakeholders to strengthen cybersecurity. “We participate and drive many different user and industry groups (AV-ISAC, ACI Cyber Security Working Group, MS-ISAC, etc) and leverage our government partnerships (TSA, CBP, FBI, etc) to ensure that we are well supported. We also heavily leverage our critical vendors and partners during planning and recovery scenarios.”

Hear more from Matt Breed, CIO, Port of Seattle, at the FTE World Innovation Summit, which is free to airlines and airports and will bring together over 400 air transport industry innovators for a three-day interdisciplinary series of conference sessions, interactive workshops, tours of the new terminal at PIT and across key innovation sites across Pittsburgh, and networking opportunities. See the FTE World Innovation Summit agenda >> Register for the FTE World Innovation Summit >>

PIT utilising best-in-class hardware and software technical solutions while taking into account the ‘Human Factor’

Pittsburgh International Airport (PIT) – host of the FTE World Innovation Summit taking place on 13-15 May 2025 – is a hub of innovation, not just in travel and technology but also in the realm of cybersecurity. With the increasing threat of cyberattacks on critical infrastructure, PIT has adopted a robust and proactive cybersecurity strategy to safeguard its operations, passengers, and data. This forward-thinking approach integrates advanced technologies, real-time threat monitoring, and a culture of cybersecurity awareness to stay ahead of emerging risks. Ahead of her participation in the Cybersecurity Symposium at the FTE World Innovation Summit, Theresa Blackwell-Frank, Chief Information Security Officer, Virtuo Group Corporation and V-CISO, Pittsburgh International Airport, shares some valuable insights with Future Travel Experience.

“Safety and security in all areas are always the highest priority,” explains Blackwell-Frank. “We utilise best-in-class hardware and software technical solutions while taking into account the ‘Human Factor’. Cybersecurity has always been an important factor, but with the increased attack surface, motivated malicious actors and Artificial Intelligence (AI) capabilities, it has become most important.”

With the growing use of smart technologies and digital infrastructure in airports, balancing the need for innovation with the requirement to protect sensitive passenger and operational data from emerging cyber threats is an important challenge. “There has always been a delicate balance between business innovation and cybersecurity,” says Blackwell-Frank. “We have embedded cybersecurity early in the review process of new technology implementation to ensure security is built in at the beginning.”

PIT also actively collaborates with relevant government agencies and industry stakeholders to enhance its cybersecurity posture. “These partnerships are essential for maintaining awareness of emerging threats, aligning with best practices, and ensuring a coordinated response to potential incidents,” Blackwell-Frank adds.

Hear more from Theresa Blackwell-Frank, Chief Information Security Officer, Virtuo Group Corporation and V-CISO, Pittsburgh International Airport, at the FTE World Innovation Summit, which is free to airlines and airports and will bring together over 400 air transport industry innovators for a three-day interdisciplinary series of conference sessions, interactive workshops, tours of the new terminal at PIT and across key innovation sites across Pittsburgh, and networking opportunities. See the FTE World Innovation Summit agenda >> Register for the FTE World Innovation Summit >>

VIE continuously assessing and improving its ability to prevent, detect, and respond to potential cyber risks

Cybersecurity at Vienna Airport – a Corporate Partner of the FTE Digital, Innovation & Startup Hub – is always on the move. Its approach is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which allows the airport to continuously assess and improve its ability to prevent, detect, and respond to potential cyber risks.

“Naturally, we are aware that cybersecurity is a constant game of cat and mouse, which is why our experts continuously examine new potential threat scenarios,” shares Thomas Dworschak, Head of IT Digitalization & Innovation, Vienna Airport. “In this context, we use the MITRE ATT&CK framework to keep up-to-date with new attack methods. Vienna Airport understands that cybersecurity is only as strong as its weakest link. Therefore, we place a very strong focus on training. This includes not only technical trainings for our cybersecurity experts but also awareness trainings and phishing simulation campaigns for all employees at our airport.”

Digitalisation helps Vienna Airport to optimise processes for both the airport, as well as for the passengers. Thanks to digitised processes, Vienna Airport can efficiently respond to higher passenger volumes without having to allocate additional resources to the same extent. “For example, passengers can conveniently complete the check-in process at the self-check-in and the baggage label machines, use digital boarding passes on their smartphones to pass through security, or purchase parking spaces and airport services from home at any time via our central webshop,” Dworschak explains. “All these advantages brought by digitalisation lead to an increased complexity of IT services, exposing them to a larger number of cybersecurity-related threats. To address this increased complexity, it is particularly important in the aviation context to exercise greater control over our suppliers and service providers. Especially in a time where many services are moving to the cloud, companies must be aware of their core services and how to protect them particularly well. This is achieved through a well-managed risk management, which derives appropriate measures depending on the criticality of each service.”

With the growing use of smart technologies and digital infrastructure in airports, balancing the need for innovation with the requirement to protect sensitive passenger and operational data from emerging cyber threats is an important challenge. “Data protection and innovation are not fundamentally opposed to each other,” says Dworschak. “Our passengers are very receptive to innovative products and solutions. However, they are certainly not willing to compromise their data security for them. An innovative solution that aims to be disruptive but neglects data protection cannot be successful in the long run. In this context, we as an airport rely on innovative solutions from providers who also take cybersecurity and data protection seriously and address these issues as part of their product from the very beginning.”

As a company classified as critical infrastructure, Vienna Airport is represented in several cybersecurity committees in Austria. “Through this role, we are constantly in exchange with our national authorities, who also regularly audit our cybersecurity programme due to various legal regulations,” Dworschak adds. “Furthermore, Vienna Airport actively involves itself in international industry-specific umbrella organisations such as Airports Council International (ACI) and the International Air Transport Association (IATA) on the topic of cybersecurity.”

Learn more about cybersecurity in the FTE Cybersecurity Symposium, taking place at the FTE World Innovation Summit hosted by Pittsburgh International Airport on 13-15 May 2025. Moderated by Deepak Nayyar, EVP – CIO, Allegheny County Airport Authority, speakers include Matt Breed, CIO, Port of Seattle; Theresa Blackwell-Frank, Chief Information Security Officer, Virtuo Group Corporation and V-CISO, Pittsburgh International Airport; and Dr. Lorrie Faith Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies, CyLab, Carnegie Mellon University. The FTE World Innovation Summit is free to airlines and airports and will bring together over 400 air transport industry innovators for a three-day interdisciplinary series of conference sessions, interactive workshops, tours of the new terminal at PIT and across key innovation sites across Pittsburgh, and networking opportunities. See the FTE World Innovation Summit agenda >> Register for the FTE World Innovation Summit >>

You may also be interested in

Article originally published here:
Navigating cyber threats: SEA, PIT and VIE share strategic insights into effective cybersecurity