Cyber security, technology and innovation

Digitisation and technology have the potential to transform the customer journey, optimise airport systems and personalise the travel experience.

We are committed to embracing innovation and technology across the business and continuously look for new and improved ways of doing things. We see opportunities to adopt innovative solutions that enhance the passenger experience, improve the operations of the airport and allow us to engage more effectively with our community.

Technology enables Sydney Airport to provide leading customer service and commercial results. We recognise the role technology plays in improving the productivity of the airport and the importance of maintaining flexible and resilience infrastructure and technology platforms to adapt to change rapidly.

Our technology disaster recovery and incident management processes support the resilience of our operations. Desktop exercises are conducted to test processes, communications and recovery times.

To read about our performance in this area, see our Sustainability Report.

Cyber security

Sydney Airport is ISO27001:2013 Information technology – Security – Information security management systems – Requirements certified. This framework is externally audited on governance, policies, processes and effectiveness of controls.

Cyber security is a standing agenda item in the Board Audit and Risk Committee and the Board is informed biannually with relevant reporting and risk profiles. Our Information Security Council, made up of key business decision makers, governs and drives information and cyber security strategies.

The General Manager, Technology, Data and Digital has organisational responsibility for cyber security. The Information and Cyber Security strategy is at the centre of our cyber programs to drive security governance, improved maturity levels and stronger user awareness via security culture campaigns. Our Privacy Policy sets out how we handle personal information to comply with our obligations.

We implement cyber security controls aligned with the Australian Cyber Security Centre (ACSC) eight essential mitigation strategies and mandated by the Department of Home Affairs.

Our 24x7 cyber security operations centre uses technologies and security controls such as logging, threat management, vulnerability management and regular penetration testing to minimise the threat, likelihood and impact of cyber-attacks. We collaborate with the Australian Government via the Joint Cyber Security Centre and partner with the Aviation Information Sharing and Analysis Centre on global aviation intelligence.

We deliver cyber security training and awareness campaigns for our people. Our CyberSafe program provides employees with techniques to protect themselves and the business. Escalation processes are clearly defined within our eLearning inductions, eLearning Information Cyber Modules which are mandatory.

Information security requirements are embedded in contracts, and we conduct security compliance reviews of vendors, projects and solutions.

We have active awareness campaigns and training. The training for the average employee starts from induction through to compliance security workshops in the form of eLearning modules. We measure effectiveness on submissions and phishing simulation. The security administrators must complete additional training such as advanced modules, Privileged Access Management training and industry Certified Information Systems Security Professions (CISSP) certifications.