Elevating Airport Cybersecurity
ACI's flagship Airport Excellence (APEX) program supports airports to optimize operations and elevate aviation standards through collaborative peer assessment. The program consists of onsite reviews led by industry peers and experts, and is based on ICAO standards, international regulations, and ACI best practices globally.
The APEX in Cybersecurity Assessment program is designed to assist airports of all sizes in undertaking a comprehensive evaluation of their cybersecurity landscape. By leveraging international standards and renowned frameworks, the program offers a proactive and rounded perspective on the cyber challenges faced by airports today.
Program Highlights
Standards & Frameworks Alignment
Our structured program harmonizes with established standards and frameworks, including ISO 27001, NIS 2 Directives, NIST, and ICAO guidance, ensuring relevance and depth.
Holistic Assessment
Beginning with a detailed questionnaire, the program delves into all aspects of airport operations, management, and passenger services. It focuses on highlighting existing cybersecurity measures and identifying areas poised for improvement.
Risk Assessment & Vulnerability Identification Review
A comprehensive assessment reveals how airports currently address risks and vulnerabilities, providing insights into methodologies and approaches.
Functional Framework & Policy Review
We evaluate existing security policies and procedures to ensure they are up-to-date, comprehensive, and aligned with industry standards. Identifying gaps, we recommend enhancements to strengthen overall security posture.
In-depth Analysis & Control Evaluation
APEX's dedicated team undertakes exhaustive assessments, including interviews, document analysis, and a review of past incidents, ensuring a comprehensive understanding of an airport's cyber ecosystem.
Program Structure
ACI will organize and dispatch the APEX Review Team to member airports seeking assistance. The APEX in Cybersecurity review lasts four days, with the exact duration and team composition varying based on assessment complexity. At the review's conclusion, a presentation of observations is delivered to airport senior staff, concluding the on-site phase.
Following the on-site review, assessors create a report with short, medium, and long-term improvement recommendations for the Host Airport. This confidential report is delivered within 45 days, providing airports with a clearer picture of their cybersecurity landscape and high-level recommendations for greater alignment with industry standards.
Two months before review start date
- Agreement signing by Host Airport
- Identify review team
Four days of on-site activities
- On-site team meeting and assessment
- Airport visit and assessment of critical infrastructures
- Presentation of observations
Four to six weeks after review
- Composition of report compiled by APEX review team
- Review and comment by Host Airport
- Submission of final report
Ready to enhance your airport's cybersecurity performance?
Contact us to learn more about joining APEX in Cybersecurity. Elevate your airport's resilience and security today!