We are committed to ensuring the highest levels of safety and security across our operations.

Security at Sydney Airport underpins our organisation and ensures the confidence of all airport community stakeholders is maintained.

The Safety, Security and Sustainability (SSS) Committee assists the Board in fulfilling its security responsibilities. The SSS Committee Charter sets out its objectives and functions.

The Aviation Transport Security Act 2004 provides a framework to mitigate risk to the Australian public (and the Australian economy) by establishing minimum security requirements for civil aviation in Australia. The current aviation security framework, established through the Act and the Aviation Transport Security Regulations 2005 and administered by the Department of Home Affairs, is designed to deter, detect and prevent acts of unlawful interference.

The General Manager, Operations has organisational responsibility for security.

Sydney Airport engages a private security service provider under contract to perform services including passenger and checked baggage screening, control room security surveillance, enhanced airside inspection and security patrols.

Australian Federal Police officers are present at Sydney Airport and provides first response to all aviation security incidents and reports of crime within the airport precinct. They provide Counter Terrorist First Response to deter and respond to acts of terrorism and emergency incidents. They also target and investigate crime in the aviation environment and provide a community policing presence at the airport.

Sydney Airport's Transport Security Program sets out how we detect and deter unlawful interference with aviation at Sydney Airport. The objective of this program is to safeguard Sydney Airport's operations, including personnel, assets and infrastructure, against unlawful interference with aviation.

The Airport Services Centre at Sydney Airport is responsible for the issue of Aviation Security Identification Cards (ASICs) and access control cards and privileges to the employees of approximately 900 companies that provide services on Sydney Airport. The ASIC scheme is a layer of security that ensures that only people who have been background checked to a certain level are permitted to be in the secure areas of airports without supervision. All persons at the airport requiring unescorted access to security sensitive areas are required under government regulations to have an ASIC. Applicants must undertake and pass a computer-based security awareness test at ID and Access Services prior to card issue. This test is based on the Sydney Airport Conditions of Use and the Security Awareness Guide.

Sydney Airport’s Security Awareness Guide provides guidance to staff who regularly work in Security Restricted Areas. It sets out the security context, their security responsibilities and how to apply them in their workplace. A positive security culture is one of the more important aspects of effective security. Airport employees undertake security awareness training to understand basic airport security measures, their obligations and what they are expected to do and how to report suspicious activity, criminal activity or security breaches.

Airlines and other organisations with a Sydney Airport operational need are issued the Sydney Airport Aviation Industry Participant (AIP) Security Guide to provide information needed to operate on and around the airport, and to be prepared in the event of a security emergency or incident.

Cyber security, technology and innovation

Digitisation and technology have the potential to transform the customer journey, optimise airport systems and personalise the travel experience.

We are committed to embracing innovation and technology across the business and continuously look for new and improved ways of doing things. We see opportunities to adopt innovative solutions that enhance the passenger experience, improve the operations of the airport and allow us to engage more effectively with our community.

Technology enables Sydney Airport to provide leading customer service and commercial results. We recognise the role technology plays in improving the productivity of the airport and the importance of maintaining flexible and resilience infrastructure and technology platforms to adapt to change rapidly.

Our technology disaster recovery and incident management processes support the resilience of our operations. Desktop exercises are conducted to test processes, communications and recovery times.

Cyber security

Sydney Airport is ISO27001:2013 Information technology – Security – Information security management systems – Requirements certified. This framework is externally audited on governance, policies, processes and effectiveness of controls.

Cyber security is a standing agenda item in the Board Audit and Risk Committee and the Board is informed biannually with relevant reporting and risk profiles. Our Information Security Council, made up of key business decision makers, governs and drives information and cyber security strategies.

The General Manager, Technology, Data and Digital has organisational responsibility for cyber security. The Information and Cyber Security strategy is at the centre of our cyber programs to drive security governance, improved maturity levels and stronger user awareness via security culture campaigns. Our Privacy Policy sets out how we handle personal information to comply with our obligations.

We implement cyber security controls aligned with the Australian Cyber Security Centre (ACSC) eight essential mitigation strategies and mandated by the Department of Home Affairs.

Our 24x7 cyber security operations centre uses technologies and security controls such as logging, threat management, vulnerability management and regular penetration testing to minimise the threat, likelihood and impact of cyber-attacks. We collaborate with the Australian Government via the Joint Cyber Security Centre and partner with the Aviation Information Sharing and Analysis Centre on global aviation intelligence.

We deliver cyber security training and awareness campaigns for our people. Our CyberSafe program provides employees with techniques to protect themselves and the business. Escalation processes are clearly defined within our eLearning inductions, eLearning Information Cyber Modules which are mandatory.

Information security requirements are embedded in contracts, and we conduct security compliance reviews of vendors, projects and solutions.

We have active awareness campaigns and training. The training for the average employee starts from induction through to compliance security workshops in the form of eLearning modules. We measure effectiveness on submissions and phishing simulation. The security administrators must complete additional training such as advanced modules, Privileged Access Management training and industry Certified Information Systems Security Professions (CISSP) certifications.