Cybersecurity to Passport Fraud: How OSINT Supports Airport Security

Open-source data—from social media to the dark web—gives airport security personnel the information they need to support faster, more informed responses to security threats. In the modern threat landscape, this could mean avoiding millions in cyber damages or even saving human life.

But the reality is that many airports still aren’t doing enough to reinforce their security posture. According to a report by ImmuniWeb, 97 of the world’s largest 100 airports expose themselves via mobile apps, public clouds, the dark web, and code repositories.

To cope with increased risk, some airports, like Václav Havel in Prague, are investing in in-house security operations centres. Security technologies, like credential authentication (CAT) units, are helping address a range of other cyber-enabled threats targeting airports—such as passport fraud. 

Online data provides valuable context and alerts for both cyber compromise and security threats seen by departments like airport police and customs officers. Public content across hard-to-access web spaces often exposes illicit activities and vulnerable information relevant to airport security.

How do airport security teams (and their stakeholders) benefit from easy access to this information?

Airport security risks are diversifying

Airports now face security threats from many different angles, including:

Cybercrime. Digital transformation supports a range of airport operations, from traveler support to logistics systems. It’s also expanding cyber vulnerabilities and making digital airport security more complex. According to IBM’s latest X-Force Threat Intelligence report, airports and airlines are increasingly vulnerable in the transportation sector, the third most cyber-targeted industry in 2019. Websites like paste sites, dark web marketplaces, and even social platforms often host the first indicators of cyber compromise.

Cyber-enabled crime. Crime has passed through airports for decades—but online spaces are transforming how it’s executed and exposed. For example:

• Anonymized online spaces, like deep and dark web forums, often host discussions about how to bypass airport security systems. These conversations are often centered on enabling the transportation of counterfeit goods, firearms, humans, and drugs; and using fake passports and documentation to board planes.
  
• Online communication channels are sometimes used to discuss and fantasize about attacking airports and other critical transportation networks. These often originate from more extremist communities that may pose serious violent intent. Social media networks are also valuable for finding early ground-truth data related to physical security risks—such as fires, natural disasters, or terrorism—in or near airport infrastructure.
  
• Insider threats have long plagued airport security, enabling a variety of the threats mentioned above. Anonymized online communications can provide context related to insider crimes. Insiders can also inadvertently compromise airport security by posting sensitive information, like ID badges, floor plans, or SOC rooms, to social media. Personnel need to know when this information is posted and prevent it from circulating.

Despite the value of public online data, airport security may not be equipped with the time, resources, or tools to access this information when it matters most. Teams are likely using multiple systems to manage security—both for cyber threats and other risks—and need to narrow in on relevant information as quickly as possible.

Financial, digital assets, and public safety are on the line

What’s at stake if airport security teams don’t access online data relevant to risk?

Multiple sources are necessary to evaluate and respond to security risks, and web spaces play an increasingly crucial role. Social media, deep, and dark web data can provide the context necessary to identify and validate a variety of threat indicators affecting airports.

Overlooking relevant information on any of these sources can mean missed context, a less-than-comprehensive security strategy, or worse—overlooked threats. Any of these outcomes can have serious impacts on airport security and infrastructure.

When it comes to cyberattacks, airports risk facing millions ($3.86M, on average) in remediation, system downtime, and compliance fines in an already crippled industry. Airports can also face reputation damage and lose the trust of staff, travelers, and other stakeholders. Cyberattacks can also compromise traveler safety as physical infrastructure relies more on computer systems to operate smoothly.

Overlooking context related to non-digital security threats has the added risk of enabling international crime and putting public safety at risk.

Intelligence tools: the key to effective security

These outcomes point to the importance of making online data accessible when and where it matters most. As any security analyst knows, Googling is not a viable solution. Effective open-source intelligence software is required to give airport security easy and efficient access to risk data on these hard-to-search sources. 

These tools enable users to run refined searches across a range of unindexed web spaces and receive alerts when critical information surfaces in real-time. Security teams can gather previously inaccessible context about airport-targeted risks, integrate this information into their workflows, and develop high-quality intelligence to drive effective security decisions. Procurement managers should prioritize tool usability, especially as risk data becomes relevant to both technical and non-technical teams.

For cybersecurity threats, this could mean identifying a data breach or system outage faster than other sources can provide. For other airport security risks, it could mean escalating an alert or security response more confidently. At the end of the day, airport security teams can respond faster to risks—and they can access more context about specific threats or emerging tactics more generally.

In the post-COVID era, airport security systems must facilitate informed decisions to protect physical and digital assets—and most importantly, human life. OSINT software is now a vital part of this toolkit as airports around the world realize the gravity of a lacking security posture—whether it’s on the ground or in cyberspace.