Article submitted by Kathryn B. Creedy

Cybersecurity and workforce shortages were sighted as two of the greatest risks facing airports today, according to a panel during this week’s ACI-NA conference in Tampa. The airport managers – Micheal Landguth, CEO of the Raleigh Durham Airport (RDU) Authority, Monica Lombrana, director of aviation at the El Paso International Airport (ELP) and RJ Steenstra, CEO of Canada’s Fort McMurray Airport (YMM) Authority in Alberta – agreed there is much airports can do to mitigate those risks.

Landguth said his top risk was human capital and despite raising salaries and improving work conditions, it is difficult to retain valued talent in an economy as hot as the research triangle area his airport serves. Indeed, a recent survey of CFOs cited hiring and retaining a qualified team of employees as their top enterprise risk. As with other aviation professions, airports, he said, are facing a silver tsunami as current workers retire.

“We’ve been hiring more and more employees each year and this year expect to hire 50 to 60 when our entire staff is 325,” he said. “In the next few years 110 will be eligible to retire. We are starting to recruit people with no experience and paying them to get the education, training and certification they need so they will come to work for us. We can only hope they don’t get hired away.”

He indicated municipalities, which run many US airports, have a tough time meeting millennial demands for a flexible work schedule and work-at home policies when private business is able to offer them flexibility compared to the 24/7 operations of an airport.

“Elsewhere they can get a $30,000 pay increase and a 15% hiring bonus,” he said. “That is what we are competing against.”

Cybersecurity is a top priority but airports are receiving conflicting advice on how to recover from a ransom attack, according to panellists.

Steenstra said Fort McMurray has already been victimised by a ransom attack and acquired cyber insurance, which has benefited 19 other airports.

“You don’t want to contact your insurance company for the first time after you’ve been attacked,” he told a packed room. “You will only find limitations on your current policy that don’t address what you need. You must be pro-active and get stand-alone cyber policies that give you the coverage you need against business interruption and for paying the ransom. RCMP did not encourage us to pay but as a business we decided to pay, thinking it would get us back faster. It didn’t. But since then we have done a number of things to prevent future attacks so we have lowered our risk profile.”

Steenstra also pointed out his airport was closed for 39 days for the Canadian wildfire and insurance needs to account for such events. The three airports did not see increasing rates as a result of natural disasters or ransom attacks.

“You have to make cybersecurity part of your Enterprise Risk Management,” said Landguth, in sharing RDU process. “We have already seen municipalities locked out of their systems and having to pay ransom to get access back. There is a disconnect between insurers and law enforcement. The FBI’s policy is we don’t pay terrorist ransom while insurers advise payment to reduce their ultimate risk exposure.”

Monica added El Paso has created a coalition to address the emerging risk of unmanned systems attacks as happened at Gatwick, Newark and Heathrow. The coalition includes police, FBI, Customs and Border Protection, Transportation Security Administration and Homeland Security. It is installing antenna to identify and track the drone.

“Right now, we are doing less ‘gotcha’ and more educating drone users on the safe operation of drones,” she said. “We even provide Part 107 drone training at the airport.”

Leave a Reply