Modeling current and emerging threats in the airport domain through adversarial risk analysis

Airports are critical infrastructures entailing intense human, commercial and economic activity. As such, they are preferred targets for criminal and terrorist groups, who are attracted by the promisingly high revenues they might get from an attack. Every year, airport authorities worldwide have to face, with limited resources, attacks arising from different adversaries. There are several sensible areas within an airport organization that are especially vulnerable to the terrorist threat, including, among others: (1) those related to human lives (of passengers or staff); (2) airport infrastructure (airport perimeter, main terminal, Air Traffic Control Tower, runways, hangars, etc.); (3) aircrafts and other ground vehicles; and (4) IT systems and services. Besides the more traditional ones, we are particularly concerned with attacks launched against the last type of targets, an emerging and increasingly worrisome threat. Specifically, we analyze the impact of cyber-attacks launched by organized groups whose main goal is to take hold of airport operations. In some cases, in order to have more chances to achieve their purpose (and take advantage of its eventual success), cyber attackers may be backed up by a terrorist group who will try to interfere with the Air Traffic Management network. In this paper, we aim at supporting airport authorities in their fight against both threats, by devising a security allocation plan. We provide an adversarial risk analysis model to address the problem, and apply it to obtain the optimal portfolio of preventive measures in an illustrative case study. The model is open to extensions, as e.g. larger and more complex technical infrastructures, new threats, or additional recovery measures deployed by different defensive agents.