The board recently approved a $9,600 contract with Traverse City-based Windemuller Electric — the airport's information technology or IT contractor — to conduct a vulnerability assessment of the airport's computer network with an internal audit of its digital systems.
"Obviously, cybersecurity is very important these days," said Bob Nelesen, TVC's airport engineer and zoning administrator. "We're highly proactive in terms of our cybersecurity concerns."
Cybersecurity breaches within public institutions have made local headlines in recent weeks following a massive disruption of the computer network at Traverse City Area Public Schools that shut down the school system for two days in early April, and prompted an ongoing investigation into the hack by state and federal authorities.
Nelesen said the airport's cybersecurity inspection wasn't prompted by that incident, but that industry standards set by the Department of Homeland Security and the National Institute of Standards and Technology require airports to conduct annual cybersecurity inspections to maintain the necessary security levels.
Nelesen said the airport also works with the State Police's Michigan CyberSecurity Command — which is also involved in the TCAPS hacking investigation — on cybersecurity measures.
Nelesen said the Department of Homeland Security and NIST — which is a branch of the U.S. Department of Commerce that sets technology measures and standards to enhance security in fast-evolving sectors such as nanotechnology, quantum information science and homeland security — implemented new cybersecurity requirements for airports two years ago.
"I would say we've had good IT procedures in place," he said. But as the airport continues to expand in terms of more airline services providers and more activity in and out of the facility — and the increasing sophistication of cyber system hackers — the current security standards require a two-step process to check the airport's cybersecurity standards.
The first involves a "vulnerability test" to check the airport's digital systems for potential weak points — that's the work being done by Windemuller — followed by a "penetration test" to be conducted by another IT firm later this year that attempts to find pathways to get in to the airport's computer networks.
Strong cybersecurity measures are critical as a breach of TVC's computer networks could play havoc with airport operations, including flight schedules from six different airlines that operate there and service more than 700,000 passengers that go through the facility each year.
Nelesen said the airport computer systems also includes various personal data of airport staff.
"We deal with a lot of personal information," he said.
But he also confirmed that passenger data — including credit card information and other personal data of travelers — is not shared with TVC's computer network.
That information is collected by the airlines and shared with the Transportation Security Administration, but is not located on TVC's database, Nelesen said.
©2024 The Record-Eagle, Distributed by Tribune Content Agency, LLC.
