Close

New Workspace Modernization Research from CDW

See how IT leaders are tackling workspace modernization opportunities and challenges.

Click Here to Read the Report
Dec 09 2025
Security

3 Strategies To Secure Airport Identity Systems

Adopting zero trust, resilient backups and federally aligned incident playbooks helps maintain operations, protect passengers and speed recovery.
Lou Karu
by

Lou Karu is area vice president of U.S. SLED at Rubrik.

In recent months, ransomware groups, both foreign and domestic, have intensified their attacks on critical infrastructure, with airlines and airports emerging as prime targets. The FBI and other federal agencies are sounding the alarm: These groups are now zeroing in on identity systems, the backbone of modern airport operations.

Platforms such as Microsoft Active Directory and Entra ID provide access and identity across physical access control systems, video surveillance systems and emergency dispatch. Disruption to these platforms can severely impact travelers’ experience and impact concession revenue streams.

Beyond identity challenges, airports are also vulnerable to supply chain attacks, phishing schemes, and weaknesses in operational technology (OT) and IT systems, such as unpatched software or misconfigurations. These issues can trigger widespread disruptions across interconnected airport networks.

These situations can be dire. However, there are proven strategies to strengthen identity resilience, recover critical systems and build greater operational continuity.

Click the banner below to assess a zero-trust cybersecurity strategy.

x-zerotrust-guidance-animated-2024-clickhere-desktop x-zerotrust-guidance-animated-2024-clickhere-mobile

 

Strengthen Identity Resilience and Keep Airports Moving

U.S. airports and airlines can outpace attackers by adopting zero-trust frameworks, meeting Federal Aviation Administration and Transportation Security Administration cybersecurity mandates, and using immutable backups for rapid recovery. Here’s how.

1. Adopt Zero-Trust Frameworks

Ransomware gangs often infiltrate networks through one entry point, then move laterally. A zero-trust model disrupts the attack chain by assuming a breach has occurred and, through strict access controls and microsegmentation, prevents attackers from moving laterally across networks.

Zero trust requires separating IT networks, such as airport Wi-Fi, from critical OT infrastructure such as air traffic control systems. Therefore, any breach in a corporate IT network cannot spread to flight-critical systems. Additionally, the zero-trust model enforces multifactor authentication and the principle of least privilege, ensuring that users and third-party vendors access only the resources required for their deliverables.

2. Adhere to FAA/TSA Cybersecurity Mandates

Airport security teams can outpace cyberattacks by developing and implementing comprehensive plans that align with FAA/TSA mandates. The approach includes establishing strict access controls, continuous monitoring and a rapid recovery program. Beyond compliance, airports and airlines should also:

  • Maintain an incident response plan for reporting and recovering from attacks
  • Implement employee training to help personnel recognize and respond to phishing, a primary entry point for attackers
  • Conduct thorough security assessments of vendor and supply chain systems to ensure that third-party components do not introduce cybersecurity vulnerabilities

3. Apply Immutable Backups for Rapid Recovery

Building airport cyber resilience is not complete without a rapid recovery plan. Immutable backups ensure that a clean, unaltered copy of essential data remains available for restoration, allowing airport systems to recover quickly even after a successful ransomware attack. Combining the plan with a containment strategy enables an airport to quickly restore systems without paying a ransom, minimizing operational downtime and financial losses. 

READ MORE: Zero-trust solutions can thwart AI-enhanced ransomware.

Airports Can Build Strength Through Backup and Recovery

Recovery is a true measure of strength in the face of relentless cyberthreats targeting airport infrastructure. No defense is flawless, but the ability to restore operations quickly after an attack demonstrates real resilience. By combining robust backup strategies, rapid response plans and a commitment to learning from each incident, airports can minimize disruption, safeguard critical services and emerge even stronger after attacks. In today’s digital world, strength isn’t just about preventing and withstanding attacks, it’s about how swiftly and confidently airports recover.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. This article is for informational purposes only and does not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state and international requirements.

 

miodrag ignjatovic/Getty Images

More On

Related Articles