Introduction

In Australia, the intensity of our airport and aviation security is strangely famous worldwide. It even has its own reality television show; Border Security – Australia’s Front Line.

The scene is always similar: drug sniffing dogs, x-ray machines and baggage searches used to investigate the latest security threat. But there is an underlying threat to airport security that doesn’t ever make it onto the show – cybersecurity.

Technology has changed the way we gather intelligence on potential threats. The CCTV cameras, thermal cameras and body scanners are now a typical part of the airport security experience.

But what if each of these devices, invented to keep us safe, could actually be the catalyst for a major cyber breach?

A New Reality

This is the reality of modern-day smart devices, and it’s not just security-related technology. Automated bag drops, self-check-in, inflight Wi-Fi, and air conditioning units all have vulnerabilities that can be exploited by cyber criminals.

Even modern airplanes, propellers, and engines are increasingly connected to external or internal data networks through smart sensors.

These smart devices, that have gradually been embedded at every point of the airport and in-flight experience, often have inherent security vulnerabilities, creating an easy entry point for hackers.

The inter-connected nature of these devices means a breach doesn’t stop at the smart device. Instead, its connection to a broader wireless network, could serve as a potential gateway for infiltrators to gain access to more sensitive systems.

The impact? Well, it would bring an airline or airport to a standstill – causing significant financial loss, reputational damage and even human harm.

A successful cybercriminal attack on airport could disrupt check-in services, delay all aviation, disrupt air traffic control or even halt physical signals. Even if flights were able to continue, passengers would need to be physically screened, causing widespread delays.

While these scenarios may seem far-fetched for many, airlines and airports are frequently targeted by threat actors. The EATM-CERT Aviation Cyber Events Map recorded over 60 cyber attacks on airports across the globe in 2025.

In 2023, pro-Russia hacker group Killnet and its affiliate AnonymousSudan publicly targeted Australian universities and called for additional attacks against eight universities, ten airports, and eight hospital websites.

The risk and increasing occurrence of these cyber incidents have been the catalyst for regulators across the globe to tighten cybersecurity legislation and recommendations across critical infrastructure, including the aviation industry.

The Change Abroad

In the USA, the Federal Aviation Administration (FAA) has issued ‘special conditions’ related to cybersecurity since 2009. Requirements include identifying all threat conditions associated with the system, architecture and external or internal interfaces.

In Europe, the NIS2 directive, a set of mandatory security measures and reporting obligations, aims to achieve a high level of protection from information security threats to Aviation organisations.

Locally, the Defence Aviation Safety Authority guidance material outlines airworthiness design requirements for cyber security in advance of formal implementation of Cyber regulation.

These frameworks are urging the aviation industry to invest in a robust cybersecurity strategy.

In a recent conversation with Nozomi Networks, Air Canada’s OT Security Manager, Richard Szymborski, Sr. explained how Bill C26, now C-8, was the catalyst for the teams evaluation of its operational technology assets. The airline went from figuring out what OT security represents, to building a comprehensive program.

For most airlines and airports, the biggest challenge is creating visibility across breach able assets, to be able to monitor the health of each device.

Conclusion

Unsurprisingly, this modern conundrum is becoming increasingly difficult as the popularity and use of IoT devices increases across the aviation sector. But with the right tools and assistance securing an organisations OT architecture and having oversight of vulnerable assets doesn’t have to be a wild goose chase.

Instead, like Air Canada, we can audit our assets and take the necessary steps to a more secure and stable environment. And while it may seem like an overwhelming journey to embark on, it is critical for the safety and security of staff, customers and the public.

Because if we want to be safe during a flight, or at the airport, we need to take the security of operational technology just as seriously as we do baggage check ins and passengers.

If we don’t, it could be a major cybersecurity breach that features on the next season of Border Security.