Aeroporti di Puglia S.p.A.

The primary purpose of Aeroporti di Puglia S.p.A. is to manage Apulian airports under a concession agreement. This involves the design, development and management of infrastructure for the operation of airport and commercial activities.

Would you like more information?
Contact us now

Contacts

Needs

Aeroporti di Puglia S.p.A. needed to embark on a path of adoption of new cybersecurity safeguards, following NIS legislation and sector directives and to continue to offer a service adequately protected from cyber threats as a whole.

Customer context

Aeroporti di Puglia S.p.A. Among the activities included in the corporate purpose, it also counts the management of aviation and non-aviation services.

In particular, aviation activities include, among others, the following services:

  • centralized infrastructure management; passenger, ramp and cargo assistance;
  • ground handling services: ADP currently manages ground handling activities for most of the carriers operating at Apulian airports;
  • security services: the Company has purchased all the equipment necessary to carry out the check of checked baggage in the hold, which has been mandatory since January 2003. Since March 2002, the Apulian airports (Bari, Brindisi, Foggia and Grottaglie) have been equipped with the control services for departing and transiting passengers and their hand and hold luggage. The service is outsourced to authorized security companies, in possession of the requirements provided for by law and authorized by ENAC;

Non-aviation activities include:

  • sub-concessions of space to third parties: sub-concessions refer, mainly, to car rental, catering and refuelling of aircraft;
  • management of advertising space: ADP is the concessionaire of the billposting service and entrusts the management of advertising space to third parties, as a sub-concession;
  • management of the paid parking service for departing passengers.
Currently, the share capital, equal to Euro 25,822,845.00 and almost entirely subscribed by the Puglia Region, is also attended by other local and economic authorities with minority shares.

Objectives for the supervision of Cybersecurity

Cybersecurity management activities began at the end of 2021: An assessment activity was carried out in relation to the company’s ICT assets, preparatory to the preparation of documentation required by NIS legislation and sector directives issued by ENAC. Starting from January 2022, an activity was launched to provide Aeroporti di Puglia with a CISO consulting service for 12 months, which allowed the organization to structure the cybersecurity management processes at 360 degrees in the organization, and prepare the initiatives to design the future overall cybersecurity management. At the end of 2023, Exprivia won the tender for the overall supply of services to oversee the cybersecurity of Aeroporti di Puglia.

Exprivia Solution

The service created by Exprivia, conducted by an expanded team of specialists who carry out ” CISO as a service“, Threat Intelligence and VAPT governance functions, manages an awareness program, together with the continuous monitoring of the SOC, places Aeroporti di Puglia in the best conditions to meet present and future legislative requirements, such as NIS2. The various project and service activities have led to an improvement in the overall level of cybersecurity maturity, introducing a virtuous model also in collaboration with other entities present in Aeroporti di Puglia.

Results

Improved monitoring of security eventsThrough the activation of a SOC that continuously monitors the security events collected, a monitoring service of the exposed surface and a tailor-made threat intelligence. A control framework has also been created and activated to support governance processes. Cybersecurity awareness programThrough the use of a platform that automates the delivery of courses also with the support of short videos that improve the user experience, the culture of Cybersecurity is spread in the organization. The platform also automates periodic phishing tests, allowing you to check the evolution of user awareness on cybersecurity issues Definition of processes, procedures and communications Through a progress plan that tracks progress month by month and keeps the organization informed, it improves the organization’s awareness of cybersecurity issues. All cybersecurity procedures are constantly reviewed and improved. Improving the vulnerability management processThe execution of periodic VAPTs has also made it possible to structure a remediation process, which together with the risk assessment process helps to keep the security posture under control.

Others related posts