In an open letter, Director General Olivier Jankovec highlighted the growing cyber risks facing Europe’s airports, noting that the sector operates within an increasingly complex geopolitical environment characterised by persistent cyber threats and hybrid warfare activities.
According to Jankovec, “Mythos”-class AI systems are capable of autonomously identifying, combining and exploiting vulnerabilities at unprecedented speed and scale, representing a significant evolution in the cyber threat landscape.
The organisation stressed that airports function within highly interconnected ecosystems involving airport operators, airlines, ground handlers, industrial systems, cloud providers, software vendors and numerous technology and service partners. As a result, vulnerabilities within any part of the supply chain can have wider operational consequences across the aviation sector.
Jankovec stated that the emergence of these threats reinforces the need for cybersecurity resilience to be addressed collectively across the entire aviation ecosystem.
The organisation expects technology partners, managed service providers, software suppliers and other stakeholders supporting airport operations to proactively prepare for this new generation of AI-enabled cyber risks and implement appropriate mitigation measures without delay.
Among the measures highlighted are reducing attack-surface exposure, reinforcing identity management, network segmentation and zero-trust security principles, and adopting risk-based vulnerability management processes that incorporate severity assessments, exploit prediction, exposure levels and business impact considerations.
Jankovec also emphasised the importance of strengthening software supply chain security in line with the objectives of the European Union’s Cyber Resilience Act, which is scheduled to enter into force in September 2027.
The organisation called for the implementation of transparent vulnerability disclosure programmes, effective remediation mechanisms, prioritisation of corrective actions based on risk assessments, and the establishment and maintenance of Software Bills of Materials (SBOMs).
Additional recommendations include automated defensive security testing, the use of advanced AI-based tools for vulnerability detection and remediation where appropriate, and the development of robust resilience and recovery capabilities.
The letter noted that AI-enabled security tools should be applied both to future products and services and, where possible, through retrofit programmes aimed at identifying existing hidden vulnerabilities.
Concluding the statement, Jankovec underlined the aviation sector’s history of adapting to evolving risks and stressed that cooperation, transparency and shared responsibility across the ecosystem will be essential in addressing the challenges posed by the next generation of cyber threats.
