Cybersecurity: Network Operations Center

A semitransparent shield on top of the rooftop of Denver International Airport


Denver International Airport

Denver International Airport is the third-busiest airport in the United States and the eighth busiest airport in the world. In 2019, 69 million passengers traveled through the airport.

Because of the COVID-19 pandemic, passenger traffic declined in 2020 — to almost 35 million. However, airport officials expect passenger traffic to rebound and reach 100 million passengers sometime between 2030 and 2035.2

The airport, which is owned and operated by the City and County of Denver, operates like a business. It generates more than $33 billion for the region annually and employs almost 33,000 people.

Business Technologies Division

The airport continues to address emerging risks involving information security and cybersecurity.

Denver International Airport’s Business Technologies division is responsible for managing and safeguarding the airport’s network and technology equipment — including data and infrastructure that provides services to airport operations, airlines, other business partners, and passengers.

While many individuals make this technology possible, two teams within the division are instrumental in managing and securing the network: the Network Operations Center and the Security Operations Center.

Network Operations Center

A network operations center acts as the backbone for an organization’s network infrastructure. It is often tasked with managing and controlling one or more networks and the technology that resides on those networks. Some of the technology a network operations center may manage include servers, switches, routers, firewalls, databases, and wireless systems.

Staff in a network operations center receive alerts from a variety of monitoring systems 24 hours a day, seven days a week. By monitoring and responding to these alerts, the network operations center provides continuous monitoring for network-related abnormalities, such as critical events or incidents including:

  • Power outages or network failures.
  • Configurations to hardware.
  • Port management.
  • Indicators of compromised network devices.

Similar to a network operations center, a security operations center is “a team organized to detect, analyze, respond to, and report on cybersecurity incidents within an enterprise network.”4 Both the network operations center and the security operations center monitor the security of an organization. As such, if there is an alert or indication of compromise, these two teams collaborate to investigate and respond quickly.

Staff in both the network operations center and the security operations center should have an established understanding of their roles and streamlined communication protocols to efficiently respond to potential cybersecurity and network-related incidents.

Cybersecurity Frameworks

The National Institute of Standards and Technology — a laboratory and nonregulatory federal agency within the U.S. Department of Commerce and a leading organization in developing cybersecurity guidance — provides a framework of standards, controls, and guidance on best practices for managing and securing information systems.5 The agency notes that organizations must select and implement appropriate security and privacy controls to address their own sets of risks.6

As shown in Figure 1, this cybersecurity framework defines five categories: identify, protect, detect, respond, and recover. Denver International Airport’s Network Operations Center and its Security Operations Center are involved in each of these steps. The airport’s cybersecurity program continues to improve with the ongoing development of security controls implemented and maintained by these two teams.

National Institute of Standards and Technology's Cybersecurity Framework


The National Institute of Standards and Technology recommends key considerations for improving the effectiveness of a network operations center.

The federal agency says managing risk is “a complex, multifaceted undertaking.” Therefore, it is critical for a network operations center to:

  • Define a security strategy.
  • Obtain quality information systems that provide trustworthy, accurate information.
  • Adhere to the best practices of asset management.
  • Integrate security into its systems.
  • Document these efforts.
  • Monitor security controls to ensure they operate effectively.

By following the federal guidance, the airport’s Network Operations Center will continue to effectively identify risk, protect the organization, detect security events, respond in a timely manner, and recover assets back to operational status when services are disrupted.


Auditor's Letter

December 16, 2021

On behalf of the Auditor’s Office, CP Cyber conducted a cybersecurity assessment of Denver International Airport. This assessment found some areas of strength and some areas that need improvement. Because of the information security sensitivities involved with this assessment, these issues have been communicated separately to the airport for its remediation.

This assessment is authorized pursuant to the City and County of Denver Charter, Article V, Part 2, Section 1, “General Powers and Duties of Auditor.”

We extend our appreciation to the airport personnel who assisted and cooperated with us and CP Cyber during the assessment. For any questions, please feel free to contact me at 720-913-5000.

Denver Auditor,

Auditor's Signature
Timothy O'Brien, CPA



Denver Auditor

Denver Auditor´s Office

201 W. Colfax Ave. #705 Denver, CO 80202
Call: 720-913-5000
Follow us on Facebook     Connect with us on Twitter
Read our social media policy

Auditor´s Office Logos for Footer