Cybersecurity: Network Operations Center

Denver International Airport is the third-busiest airport in the United States and the eighth busiest airport in the world. In 2019, 69 million passengers traveled through the airport.

Because of the COVID-19 pandemic, passenger traffic declined in 2020 — to almost 35 million. However, airport officials expect passenger traffic to rebound and reach 100 million passengers sometime between 2030 and 2035.2

The airport, which is owned and operated by the City and County of Denver, operates like a business. It generates more than $33 billion for the region annually and employs almost 33,000 people.

The airport continues to address emerging risks involving information security and cybersecurity.

Denver International Airport’s Business Technologies division is responsible for managing and safeguarding the airport’s network and technology equipment — including data and infrastructure that provides services to airport operations, airlines, other business partners, and passengers.

While many individuals make this technology possible, two teams within the division are instrumental in managing and securing the network: the Network Operations Center and the Security Operations Center.

A network operations center acts as the backbone for an organization’s network infrastructure. It is often tasked with managing and controlling one or more networks and the technology that resides on those networks. Some of the technology a network operations center may manage include servers, switches, routers, firewalls, databases, and wireless systems.

Staff in a network operations center receive alerts from a variety of monitoring systems 24 hours a day, seven days a week. By monitoring and responding to these alerts, the network operations center provides continuous monitoring for network-related abnormalities, such as critical events or incidents including:

• Power outages or network failures.
• Configurations to hardware.
• Port management.
• Indicators of compromised network devices.

Similar to a network operations center, a security operations center is “a team organized to detect, analyze, respond to, and report on cybersecurity incidents within an enterprise network.”4 Both the network operations center and the security operations center monitor the security of an organization. As such, if there is an alert or indication of compromise, these two teams collaborate to investigate and respond quickly.

Staff in both the network operations center and the security operations center should have an established understanding of their roles and streamlined communication protocols to efficiently respond to potential cybersecurity and network-related incidents.

The National Institute of Standards and Technology — a laboratory and nonregulatory federal agency within the U.S. Department of Commerce and a leading organization in developing cybersecurity guidance — provides a framework of standards, controls, and guidance on best practices for managing and securing information systems.5 The agency notes that organizations must select and implement appropriate security and privacy controls to address their own sets of risks.6

As shown in Figure 1, this cybersecurity framework defines five categories: identify, protect, detect, respond, and recover. Denver International Airport’s Network Operations Center and its Security Operations Center are involved in each of these steps. The airport’s cybersecurity program continues to improve with the ongoing development of security controls implemented and maintained by these two teams.

The National Institute of Standards and Technology recommends key considerations for improving the effectiveness of a network operations center.

The federal agency says managing risk is “a complex, multifaceted undertaking.” Therefore, it is critical for a network operations center to:

• Define a security strategy.
• Obtain quality information systems that provide trustworthy, accurate information.
• Adhere to the best practices of asset management.
• Integrate security into its systems.
• Document these efforts.
• Monitor security controls to ensure they operate effectively.
  
  

By following the federal guidance, the airport’s Network Operations Center will continue to effectively identify risk, protect the organization, detect security events, respond in a timely manner, and recover assets back to operational status when services are disrupted.