Elevating Airport Cybersecurity

ACI's flagship Airport Excellence (APEX) program supports airports to optimize operations and elevate aviation standards through collaborative peer assessment. The program consists of onsite reviews led by industry peers and experts, and is based on ICAO standards, international regulations, and ACI best practices globally.

The APEX in Cybersecurity Assessment program is designed to assist airports of all sizes in undertaking a comprehensive evaluation of their cybersecurity landscape. By leveraging international standards and renowned frameworks, the program offers a proactive and rounded perspective on the cyber challenges faced by airports today.

Program Highlights

Standards & Frameworks Alignment

Our structured program harmonizes with established standards and frameworks, including ISO 27001, NIS 2 Directives, NIST, and ICAO guidance, ensuring relevance and depth.

Holistic Assessment

Beginning with a detailed questionnaire, the program delves into all aspects of airport operations, management, and passenger services. It focuses on highlighting existing cybersecurity measures and identifying areas poised for improvement.

Risk Assessment & Vulnerability Identification Review

A comprehensive assessment reveals how airports currently address risks and vulnerabilities, providing insights into methodologies and approaches.

Functional Framework & Policy Review

We evaluate existing security policies and procedures to ensure they are up-to-date, comprehensive, and aligned with industry standards. Identifying gaps, we recommend enhancements to strengthen overall security posture.

In-depth Analysis & Control Evaluation

APEX's dedicated team undertakes exhaustive assessments, including interviews, document analysis, and a review of past incidents, ensuring a comprehensive understanding of an airport's cyber ecosystem.

Program Structure

ACI will organize and dispatch the APEX Review Team to member airports seeking assistance. The APEX in Cybersecurity review lasts four days, with the exact duration and team composition varying based on assessment complexity. At the review's conclusion, a presentation of observations is delivered to airport senior staff, concluding the on-site phase. 

Following the on-site review, assessors create a report with short, medium, and long-term improvement recommendations for the Host Airport. This confidential report is delivered within 45 days, providing airports with a clearer picture of their cybersecurity landscape and high-level recommendations for greater alignment with industry standards.  

Preparation Pre-APEX
APEX Review

Two months before review start date

  • Agreement signing by Host Airport
  • Identify review team

Four days of on-site activities

  • On-site team meeting and assessment
  • Airport visit and assessment of critical infrastructures
  • Presentation of observations

Four to six weeks after review

  • Composition of report compiled by APEX review team
  • Review and comment by Host Airport
  • Submission of final report

Ready to enhance your airport's cybersecurity performance?

Contact us to learn more about joining APEX in Cybersecurity. Elevate your airport's resilience and security today! 

Explore other APEX Peer Assessment programs for airports