Antony Verheijen

back  Back...

Cyber security resilience at Amsterdam Airport Schiphol

Amsterdam Airport Schiphol is one of the busiest airports in Europe and of vital importance to the Netherlands. Three major players at the airport: the main carrier, Schiphol Group and Air Traffic Control the Netherlands (LVNL), have joined forces in order to increase the cyber security resilience.

The starting point was the concern to the CIO’s of the three companies over the continuity of flight operations at Schiphol due to lack of knowledge of joint IT dependencies and vulnerabilities. As a first step a Cybersecurity Resilience Taskforce Schiphol was established and a plan of action defined:

Step 1: Preparation of an overview of the information exchanged and the datalinks between the partners
Step 2: Execution of the Business Impact Analyses of the information exchanged
Step 3: Threat and Risk assessment
Step 4: Fit / gap analysis to the existing policies
Step 5: Reporting of findings.

One of the most important findings was an imbalance in Disaster Recovery, Business Continuity and Security requirements between the partners. The main reason of the imbalance is due to the fact that information exchange often starts ‘organically’ and becomes business critical over time. SLA, contracts, infrastructure, etc. are not (always) adapted accordingly. Furthermore, Disaster Recovery, Business Continuity and Security plans are usually company specific, not supply chain specific. This could lead to disconnected companies in the chain. Now, and in future.

Based on the findings a security plan has been developed on how to improve the cyber resilience. The easiest was to set up a quarterly meeting between the CIO’s of the three partners, in which information on future projects is exchanged, threats and vulnerabilities are shared and security exercises are planned. Basically, the approach now is ‘connected company’, rather than only looking at our own companies or at a single systems. Next to this a common security baseline is under development.

The newest initiative at Amsterdam Airport Schiphol is Cyssec ( The goal of this ‘Cybersecurity Ecosystem’ is to strengthen the cybersecurity resilience of all (public and private) parties connected to the Schiphol ecosystem.

Antony Verheijen

verheijenIng. Antony Verheijen MSc CISSP is information security manager for Air Traffic Control the Netherlands (LVNL). In this role he is the vice-chair of the Airport Information Sharing and Analysis Centre (ISAC) at Schiphol Airport and one of the drivers of cyber resilience at Schiphol. Before joining LVNL, Antony was Corporate Information Security Officer for METRO Group.






back  Back...

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.


Na naší webové stránce používáme cookies. Některé z nich jsou nutné pro běh stránky, zatímco jiné nám pomáhají vylepšit vlastnosti stránky na základě uživatelských zkušeností (tracking cookies). Sami můžete rozhodnout, zda cookies povolíte. Mějte prosím na paměti, že při odmítnutí, nemusí být stránka zcela funkční.

Back to top