The frequency and sophistication of cyber threats impacting airport operations have increased over the past year:
- A $10 million ransomware attack on the Kuala Lumpur International Airport resulted in significant disruption1
- A coordinated hack of flight information display systems across several airports, replacing content with political propaganda videos2
- A breach of a common-use systems provider that disrupted passenger processing, baggage handling and flight operations across multiple European airports3
Most of the realm of cybersecurity has been applied to information technology (IT) systems, presuming that software vulnerabilities and phishing emails are the mechanisms exploited by ‘bad actors’ who want to exfiltrate data and profit from ransomware. However, it is not only IT systems that are at risk from cyber threats.
Traditionally, operational technology (OT, or the physical facility infrastructure that controls the operations of an airport, such as HVAC, lighting, security cameras, or other critical systems) has been thought to be protected against cyber activity due to its disconnected, air-gapped state. However, as demand for real-time awareness of asset performance, bidirectional automation, and remote access has increased, these systems are now interconnected, and their attack surface has increased dramatically.
Many operational technology managers are experts in the hardware itself and how to maintain a facility but may not be responsible for or aware of the cyber risks their systems face. In the past, an IT operator responsible for system security may have deployed operating system patches universally that inadvertently rendered the OT system inoperable. As a result, trust between the OT and IT practitioners has not always been well established. Furthermore, teams are sometimes physically separated, which limits day-to-day interaction.
In order to develop a modern, successful connected physical infrastructure, it is critical that both IT and OT practitioners understand the real demand for enabling greater data integration and real-time access, while also taking measures to protect the very systems that are vulnerable to cyberattacks.
How Honeywell Helps Reduce This Risk
Honeywell’s OT Cyber Assessment provides airports with a detailed inventory of connected assets, identifies misconfigurations, and benchmarks their current security posture. Once the environment is baselined, Honeywell Cyber Insights offers continuous, passive monitoring of BACnet/IP and other building automation protocols to help detect abnormal traffic, ransomware indicators, and unauthorized remote access.
Together, these tools give airports visibility into their entire OT landscape, helping prioritize risk, improve compliance, and prevent downtime before it occurs. While HVAC is a visible and relatable system to start with, the same approach applies across other building systems – lighting, access control, fire, and conveyances – where visibility and monitoring are equally critical. This operational focus complements segmented architecture, disciplined remote access, and incident response preparedness so improvements are practical without disrupting legacy systems.
1. Bernama, “PM Reveals Attack on MAHB Digital System With Hackers Demanding USD10 Million”, Mar 25, 2025 [Accessed Nov 05, 2025]
2. Transport Canada, “Aviation Security – Coordinated Airport Cyber Attacks”, Oct 15, 2025 [Accessed Oct 28, 2025]
3. Reuters, “European airports snarled by cyberattack, disruption to stretch into Sunday”, Sep 20, 2025 [Accessed Oct 28, 2025]
Explore how Honeywell helps airports build visibility, reduce risk, and keep critical operational technologies running securely.
