OT/ICS Security for Aviation: Protecting Operational Technology at Airports and Airlines

OT Security Fundamentals for Aviation

Effective OT security for aviation operations starts with understanding what makes OT different from enterprise IT:

• Availability is paramount: OT systems control physical processes — disruption can have immediate safety and operational consequences
• Legacy systems are common: Many airport OT systems run on Windows XP, Windows 7, or embedded systems that cannot be patched or run modern security software
• Vendor support constraints: Changes to OT systems often require vendor approval and may void warranties — standard IT security practices cannot be applied without care
• Safety implications: Unlike IT, where a compromised system can be isolated, some OT systems cannot be taken offline without operational or safety impact
• Long lifecycles: OT systems have 15–25+ year lifecycles — security must be maintained across a much longer horizon than IT

Network Segmentation: The Primary OT Security Control

Network segmentation — establishing clear, enforced boundaries between IT and OT networks — is the most important single OT security control for aviation operators. A well-segmented network prevents ransomware and other malware from propagating from IT into OT, limits the blast radius of a successful IT compromise, and provides a defined boundary for monitoring and access control. Effective IT/OT segmentation for aviation includes: dedicated OT network zones with no direct internet connectivity; firewalls or data diodes at IT/OT boundaries with defined, restricted communication rules; no OT systems on the same network segments as user workstations or internet-accessible servers; and jump servers or privileged access workstations for any administrative access to OT systems.

OT Asset Discovery and Inventory

You cannot protect what you cannot see. Many aviation operators lack a complete, current inventory of their OT assets — particularly in airport environments where OT systems have been installed over decades by multiple vendors and contractors. OT asset discovery using passive network monitoring tools (which observe traffic without generating it, avoiding disruption to sensitive OT systems) can identify all devices on OT networks, their communication patterns, and potential vulnerabilities. This inventory forms the foundation of an effective OT security programme and is required by EASA Part-IS and CAA CAP 1753 risk assessment obligations.

OT Monitoring and Anomaly Detection

Once an OT asset inventory is established and network segmentation is in place, continuous monitoring of OT network traffic enables detection of anomalous activity — unusual communications patterns, unexpected device connections, or changes to OT system configurations — that may indicate a compromise or impending attack. Aviation-specific OT monitoring must be carefully configured to avoid generating false positives from normal aviation operational patterns (aircraft departure and arrival cycles, shift changes, maintenance windows) that create legitimate spikes in OT traffic.

Vendor Remote Access to Aviation OT Systems

Remote access by OT vendors and maintenance engineers is a significant risk vector for aviation OT security. Best practice controls include:

• No standing remote access: Vendor access should be on-demand, time-limited, and terminated after each session
• Multi-factor authentication: All remote access must require MFA — SMS is not sufficient; hardware tokens or authenticator apps
• Session recording and monitoring: All vendor remote sessions should be recorded and subject to real-time monitoring
• Defined access scope: Vendors should access only the specific systems they require — not the full OT network
• Contractual security requirements: Remote access agreements should specify security requirements, incident notification, and the right to audit

Frequently Asked Questions