Security

We’re committed to ensuring the highest levels of safety and security across our operations. Security at Sydney Airport underpins our organisation and ensures the confidence of all airport community stakeholders is maintained. To read about our performance in this area, see our Sustainability Report.

The Safety, Security and Sustainability (SSS) Committee assists the Board in fulfilling its security responsibilities. The SSS Committee Charter sets out its objectives and functions.

The Aviation Transport Security Act 2004 provides a framework to mitigate risk to the Australian public (and the Australian economy) by establishing minimum security requirements for civil aviation in Australia. The current aviation security framework, established through the Act and the Aviation Transport Security Regulations 2005 and administered by the Department of Infrastructure, Transport, Cities and Regional Development, is designed to deter, detect and prevent acts of unlawful interference.

The General Manager, Operations has organisational responsibility for security.

Sydney Airport engages a private security service provider under contract to perform services including passenger and checked baggage screening, control room security surveillance, enhanced airside inspection and security patrols.

Australian Federal Police officers are present at Sydney Airport and provides first response to all aviation security incidents and reports of crime within the airport precinct. They provide Counter Terrorist First Response to deter and respond to acts of terrorism and emergency incidents. They also target and investigate crime in the aviation environment and provide a community policing presence at the airport.

Sydney Airport's Transport Security Program sets out how we detect and deter unlawful interference with aviation at Sydney Airport. The objective of this program is to safeguard Sydney Airport's operations, including personnel, assets and infrastructure, against unlawful interference with aviation.

ID and Access Services at Sydney Airport is responsible for the issue of Aviation Security Identification Cards (ASICs) and access control cards and privileges to the employees of approximately 900 companies that provide services on Sydney Airport. The ASIC scheme is a layer of security that ensures that only people who have been background checked to a certain level are permitted to be in the secure areas of airports without supervision. All persons at the airport requiring unescorted access to security sensitive areas are required under government regulations to have an ASIC. Applicants must undertake and pass a computer based security awareness test at ID and Access Services prior to issue. This test is based on the Sydney Airport Conditions of Use and the Security Awareness Guide.

Sydney Airport’s Security Awareness Guide provides guidance to staff who regularly work in Security Restricted Areas. It sets out the security context, their security responsibilities and how to apply them in their workplace. A positive security culture is one of the more important aspects of effective security. Airport employees undertake security awareness training to understand basic airport security measures, their obligations and what they are expected to do and how to report suspicious activity, criminal activity or security breaches.

Airlines and other organisations with a Sydney Airport operational need are issued the Sydney Airport Aviation Industry Participant (AIP) Security Guide to provide information needed to operate on and around the airport, and to be prepared in the event of a security emergency or incident.

Cyber security

Sydney Airport is ISO27001:2013 Information technology – Security – Information security management systems – Requirements certified. This framework is externally audited on governance, policies, processes and effectiveness of controls.

Cyber security is a standing agenda item in the Board Audit and Risk Committee and the Board is informed biannually with relevant reporting and risk profiles. Our Information Security Council, made up of key business decision makers, governs and drives information and cyber security strategies.

The General Manager, Information Technology has organisational responsibility for cyber security.

The Information and Cyber Security 2020 strategy is at the centre of our cyber programs to drive security governance, improved maturity levels and stronger user awareness via security culture campaigns.

Our 24x7 cyber security operations centre uses technologies and security controls such as logging, threat management, vulnerability management, AI and regular penetration testing to minimise the threat, likelihood and impact of cyber attacks. We collaborate with the Australian Government via the Joint Cyber Security Centre and partner with the Aviation Information Sharing and Analysis Centre on global aviation intelligence.

We deliver cyber security training and awareness campaigns for our people. Our CyberSafe program provides employees with techniques to protect themselves and the business. Escalation processes are clearly defined within our eLearning inductions, eLearning Information Cyber Modules which are mandatory.

Information security requirements are embedded in contracts and we conduct security compliance reviews of vendors, projects and solutions.

We have active awareness campaigns and training. The training for the average employee starts from induction through to compliance security workshops in the form of classroom and eLearning modules. We measure effectiveness on submissions and phishing simulation. The security administrators must complete additional training such as advanced modules, Privileged Access Management training and industry Certified Information Systems Security Professions (CISSP) certifications.