Enhancing Airport Access with Emerging Mobility (2025)
Chapter: 11 Managing Future Changes in Landside Operations
CHAPTER 11
Managing Future Changes in Landside Operations
Preparing for New Users and Technologies
Integration of Connected and Automated Vehicle Operations into Airport Curbside
While self-driving vehicles are still in their infancy, driverless “robot-taxi” fleet operators have started limited pilot testing for commercial deployment of these technologies in selected cities. Airports can learn from these early ridesharing services, considering them a test bed to evaluate how connected and automated vehicle (CAV) technologies for both on-demand and privately owned mobility can be integrated and interact at airports. Furthermore, airports might have to accommodate ridesharing services if such services are provided in their area. Ultimately, integrating self-driving vehicles in the airport environment will be a “crawl, walk, run” process for everyone. Airports should be part of this effort in order to learn from pilot tests, develop scalable integration strategies, and prepare for further implementation.
Through reviewing patterns of incidents related to automated vehicles (AVs) that have happened in the recent past, planners and airport sponsors can learn how self-driving vehicles may operate in the airport curbside setting. Some of these patterns may include picking up and dropping off passengers at unsafe locations, vehicles making abrupt stops and obstructing traffic flow while trapping occupants inside, collisions with pedestrians and other vehicles, interference with emergency response, and inability to interact with law enforcement. In April 2022, the City of San Francisco informed the California Public Utilities Commission of an incident where a driverless car stopped and blocked a San Francisco Fire Department truck that was responding to a fire. In October 2023, the California Department of Motor Vehicles suspended robot-taxi operator Cruise’s permit to operate and test driverless vehicles in the state. Therefore, standard operating procedures (SOPs), licenses, and agreements must be set in place with appropriate staff training for the airport to mitigate safety concerns and derive the maximum benefit from integrating emerging modes of transportation.
Regulating Early CAV Operations
The regulatory framework of ridesharing and CAVs in the United States is currently evolving; therefore, regulations might vary significantly across states (regulated aspects are presented in Table 36). This is a hinderance to establishing nationwide systems for self-driving vehicles. Along with unclear regulations, there is a lack of clarity on who is liable in the event of an accident involving an AV, which has made it difficult for ridesharing companies to secure liability insurance. These factors, combined with technical challenges that need to be addressed before self-driving vehicles can be deployed on a widespread basis, have slowed further deployment of CAVs for ridesharing purposes and have increased the associated cost of early testing on the street.
Table 36. Regulatory Frameworks Permitting AV Testing in Some U.S. States
| Regulations | Requirements |
|---|---|
| NHTSA guidance | NHTSA has issued guidance for the testing and deployment of AVs, which provides a framework for states to regulate the testing of AVs on public roads. |
| State-level legislation | Several states, including California, Arizona, and Florida, have enacted legislation allowing for the testing of AVs on public roads. These laws typically set requirements for vehicle and operator testing, insurance and liability, and data collection and reporting. |
| Permits | States may require permits for AV testing, which may include conditions such as a minimum number of miles driven, a certain level of driver supervision, and reporting requirements. |
| Insurance requirements | Most states require AV testers to have liability insurance coverage, which may be provided through a bond or through a self-insurance program. |
| Data sharing | Some states may require AV testers to share data with the state, including data on accidents, malfunctions, and other incidents involving AVs. |
In addition, airports can learn from the introduction of transportation network companies (TNCs) to develop strategies on CAVs and potentially other emerging modes and technologies. They can also review policies issued by cities and other local governments, such as restricting the movement of empty vehicles at peak hours to alleviate congestion or requiring self-driving-vehicle operators to share certain data with the airport operator in order to predict and manage traffic.
Developing Operating Procedures that Account for New Users
Deployment of self-driving vehicles requires developing a strong security culture to address or mitigate risks. This includes establishing SOPs for identifying and responding to unexpected or unsafe CAV behavior (Tyagi and Aswathy 2021) and incorporating them into airport emergency plans (AEPs) by following FAA guidance in AC 150/5200-31C Change 2: Airport Emergency Plan (FAA 2009). Airports should also expand their “if you see something, say something” policies to address CAV-specific security threats and develop awareness campaigns for airport guests and employees alike. When developing these SOPs, airport stakeholders should strive to address the specificities of CAV-related incidents and what separates them from incidents involving conventional vehicles.
Incidents involving CAVs can arise from component malfunction, inaccurate or corrupted data, or hijacking (by an occupant or remotely); these incidents would require responses focused on stopping the affected CAV while safeguarding people and property within the incident area. Since CAV technologies—and the security threats affecting them—are rapidly evolving, AEPs will have to be updated frequently to reflect these realities.
Management and Pricing for Curbside and Parking
Curbside management involves balancing the different users of limited curb space by confirming that the space is adequately and efficiently used, setting and enforcing safety rules, and developing policies to charge certain users—especially commercial vehicles—for using this airport resource. Curbside management is concerned with the level and typology of traffic, especially during peak hours. The U.S. airport curbside ecosystem has been through several major evolutions recently, including the rise of TNCs and the COVID-19 pandemic.
Self-driving vehicles will challenge the status quo again with the emergence of new actors on the ground mobility market and a further shift from personal vehicles toward on-demand ridesharing. Self-driving technology features a few novelties with implications for curbside enforcement, especially in terms of incident management. However, airports can get creative with connected vehicles since they can share georeferenced information with infrastructure owner-operators (IOOs), such as airport operators. Airports can use these data to meter the utilization of the landside resource, enforce curbside rules, and charge users in a seamless and precise way.
Pricing policies can serve different objectives, such as
- Influencing resource utilization (e.g., short- vs. long-term parking pricing),
- Addressing acute congestion (e.g., curbside pricing and the LAX-it Program at Los Angeles International Airport [LAX]),
- Attenuating peak demand (e.g., dynamic pricing when the demand exceeds a certain level),
- Fighting pollution dynamically (e.g., higher fee for internal combustion engine [ICE] vehicles when air quality is poor),
- Reducing greenhouse gas (GHG) emissions (e.g., fee based on EPA or state emission standards),
- Recovering costs or creating new revenue streams (e.g., toll road approach) based on actual utilization (e.g., based on vehicle weight, duration, and location of pick-up or drop-off), and
- Promoting certain mobility practices (e.g., lower fee for HOVs).
The decision-making process should consider the following factors:
- Short- and long-term trends on curbside and parking demand,
- User categories and vehicle types,
- Impact of pricing policy on the demand,
Example: LAX Curbside Pricing
LAX charges a fee to ground transportation providers for accessing the curbside within the central terminal area (CTA). The fee amount depends on the type of service provided:
- Shuttles, courtesy vehicles, and charter companies pay a $150 annual administrative fee per company.
- All providers pay a per-trip (taxi, charter, TNC) or per-circuit (shuttle, courtesy vehicle) fee:
- – Courtesy vehicles: $1.50–$3.85 per circuit.
- – Scheduled shuttles: $1.81–$4.00 per circuit.
- – Charter services: $5.00–$25.00 per trip.
- – Taxis: $1.70 per trip.
- – TNCs: $4.00 per trip.
- On-airport rental car companies providing courtesy vehicles have an access fee of 10 percent of gross revenue.
In 2019, LAX introduced LAX-it, a remote pick-up and drop-off system specifically for TNCs. Located near Terminal 1, passengers have the option to either walk or use a complimentary airport shuttle service to access the terminals. This system will last until the delivery of a new automated people mover (APM) connecting the consolidated rental car (CONRAC) and ground transportation center (GTC) facilities to the CTA. TNC operations will then move into the GTC.
- Evolution of curbside and parking revenues,
- Impact of pricing policy on mode choice,
- Effect on customer experience,
- Multimodal implications, and
- Equity and sustainability aspects.
Finally, the curbside situation will evolve across time with the incremental growth of the share of self-driving vehicles among vehicular traffic, the development of new use cases and business models, and the rollout of new driving automation features. The curbside management approach and pricing policies will need to adapt to these changes.
Airport operators have shown resilience when facing this type of challenge. When TNCs started operating in the early 2010s, airports were initially caught off guard since these vehicles were mixed with privately owned vehicles, and regulatory frameworks did not account for this new business model. Operators rapidly developed policies for regulating and charging these new landside users. Airports should be ready to face comparable changes over the next few decades.
Promoting Operational Efficiency and Resilience
Collaborative Decision-Making for Ground Access
Airport Collaborative Decision-Making (ACDM) is an airport-focused process applied to support activities, such as demand and capacity balancing and the management of adverse conditions. It typically consists of two key ideas:
- Air traffic management (ATM) should be based on the same flight data, updated in real time and shared between the different stakeholders. However, information sharing alone is not sufficient to realize ACDM and its objectives.
- Decision-making should be coordinated and collaborative, especially during adverse conditions such as crises. Collaborative operating procedures should be defined to facilitate the decision-making process and crisis management.
While the ACDM concept was developed to enhance airside and airspace operations, its general philosophy and some of its real-time processes can be extended to the landside domain. ACRP Research Report 229: Airport Collaborative Decision Making (ACDM) to Manage Adverse Conditions provides an extensive guide on ACDM implementation “from the curbside to the gate” (Le Bris et al. 2021).
A first step in the implementation of ACDM on the landside is the development of procedures for sharing information on operations planning and real-time operations between the stakeholders, as well as the development of joint operating procedures for addressing adverse conditions together.
ACDM also provides a framework to implement a collaborative approach to project and program management and change management with stakeholders for all changes that can impact operations. This approach is described in Chapter 3 of ACRP Research Report 229. The report also includes quick reference sheets that offer valuable information on best practices and case studies, including some that relate to airport access.
Integrating Operations Management Across Stakeholders
The next step in the construction of a collaborative framework with stakeholders is the integration of landside operations management. This can be achieved through the implementation of an integrated airport operations center (APOC) with direct communication channels to key
landside stakeholders. Some parties involved in airport access, such as the local transit authority, may have a workstation readily available at the APOC to facilitate coordination of the response to specific adverse events. At some APOCs, third-party (i.e., non-airport) workstations can be “common use” to adapt to various types of events without underutilizing resources. ACRP Research Report 229 addresses the physical integration of operations management into collaborative APOCs.
ACDM was defined to provide a way to collaboratively prevent and address disruptions and to enhance ATM. This latter segment of ACDM can theoretically be applied to airport access to some extent, with landside and ground transportation providers working together with the airport to optimize the passenger experience and reduce disruption costs. For instance, the operations of train and bus services serving the airport could be managed to enhance punctuality over other performance criteria. Furthermore, ground transportation could be coordinated in part with flights to optimize transfers, prevent missed flights, and minimize waiting times at the curb. For instance, the availability of on-demand vehicles—including driverless vehicles—at the airport could be finely tuned based on actual flight times. TNCs already make tactical decisions at some airports to adjust their offerings based on the air traffic situation.
The feasibility of a fully integrated multimodal ACDM system was explored as part of a 2013–2014 study sponsored by the European Commission’s Seventh Framework Programme. This effort was aimed at identifying the opportunities to link airside and landside ACDM in a unified concept, labeled META-CDM for Multimodal (or Multiuser), Efficient Transportation in Airports and Collaborative Decision Making (Laplace et al. 2014). The study demonstrated that it was possible to extend the milestone approach of ACDM to ground transportation in order to provide accurate information to users, enhance the management of regular operations, and reduce the impact of adverse conditions.
Safety Implications for Landside Operations
Typology of Airport Curbside Safety Events
According to data compiled by NHTSA, a total of 5,376 pedestrians and 818 bicyclists were killed in crashes involving motor vehicles in the United States in 2015. Overall, pedestrian and bicyclist fatalities have increased over the past two decades. Airports are not spared from these trends, and accidents involving vehicles and pedestrians or cyclists on curbsides and other airport roads happen regularly (see examples in Table 37). To reverse this trend, FHWA suggests the development of pedestrian and bicycle action plans.
Guidance is available in the FHWA’s (2017) document, How to Develop a Pedestrian and Bicycle Safety Action Plan. Additional guidance for planning purposes is available in Transportation Safety Planning and the Zero Deaths Vision: A Guide for Metropolitan Planning Organizations and Local Communities (Tang et al. 2018).
In addition, Safe Transportation for Every Pedestrian (STEP) is a set of resources for roadway practitioners to enhance pedestrian safety. The electronic library provides documents, countermeasure sheets, and 33 case studies and features STEP Studio, an electronic resource that compiles design guidance, research, and best practices to identify appropriate countermeasures. STEP Studio proposes a step-by-step methodology for selecting and implementing adequate countermeasures for improving pedestrian-crossing safety:
- Collect data and engage the public,
- Inventory conditions and prioritize location,
- Analyze crash types and safety issues,
Table 37. Selected Pedestrian Accidents at Airports
| Airport | Location | Crash Type | Date | Crash Severity | Description |
|---|---|---|---|---|---|
| SFO | Curbside, arrivals level | Pedestrian, lane departure | 7/2/2019 | 1 fatality, 2 injured | Pedestrians impacted by a sport utility vehicle (SUV) that was accelerating from the curb. |
| MIA | Terminal H, upper level | Pedestrian | 9/13/2013 | 1 fatality | Pedestrian was impacted by an SUV while walking across the pedestrian walkway. |
| LAX | Terminal 1, lower level | Pedestrian, lane departure | 8/31/2022 | 1 injured, 1 uninjured | Pedestrians struck by van; the vehicle impacted a structure thereafter. |
| IND | Curbside, lower level | Pedestrian, lane departure, parked motor vehicle | 8/5/2022 | 1 injured | Motorist lost control of vehicle and collided with a pedestrian and several other vehicles. |
| ATL | Domestic terminal, curbside | Pedestrian | 4/14/2022 | No reported injuries | Distracted motorist impacted a mother and two small children while crossing at domestic terminal’s crosswalk. |
Note: ATL = Hartsfield–Jackson Atlanta International Airport; IND = Indianapolis International Airport; MIA = Miami International Airport; SFO = San Francisco International Airport.
- Select countermeasures,
- Consult design and installation resources, and
- Identify opportunities and monitor outcomes.
Table 37 presents a selection of pedestrian accidents at airports.
Although CAVs present an opportunity to improve roadway safety by reducing or removing the human-error factor that can contribute to accidents, they also present a challenge when interacting with the current road and law enforcement conditions. CAVs will require additional training for law enforcement officers. Different types of vehicle interactions with law enforcement have been proposed, most of which include direct communication with the command center after a vehicle is pulled over.
Safety Events Related to CAV Testing
As self-driving vehicles have been introduced on public roads through pilot programs, they have been involved in several roadway safety occurrences and technical issues that can provide lessons learned on the early deployment of this technology on public roads:
- Tempe, Arizona; March 18, 2018: A pedestrian crossing the street was struck and killed by a self-driving Uber SUV. The cause was determined to be a failure of the vehicle’s software to correctly identify the victim as a pedestrian.
- Mountain View, California; March 23, 2018: A self-driving Tesla Model X crashed into a concrete barrier on the highway, killing its driver. The cause was determined to be a combination of driver inattention and the vehicle’s autopilot system failing to detect the barrier.
- Detroit, Michigan; May 1, 2019: A self-driving Waymo vehicle was involved in a crash with another vehicle, causing minor injuries to both drivers. The cause was determined to be the driver of the other vehicle running a red light.
- Las Vegas, Nevada; November 8, 2019: A self-driving shuttle bus was involved in a crash with a delivery truck, causing minor damage to both vehicles. The cause was determined to be the driver of the delivery truck failing to yield to the shuttle.
- San Francisco, California; January 28, 2020: A self-driving Nuro vehicle was involved in a crash with a conventional vehicle, causing minor injuries to the driver. The cause was determined to be the driver running a red light.
Self-driving vehicles have also been involved in several notable incidents, presented in Figure 83 and Table 38.
Information Systems and Data Sharing
Integration into the Airport Setting
Ground transportation modes are increasingly connected to and reliant on information systems. Their integration into the airport environment is a crucial step to ensure safety, security, and efficiency. However, these systems are often developed by different vendors and lack interoperability, resulting in a complex integration process. Many airports have developed minimum
Table 38. Overview of Safety Events Involving CAVs
| Issue | Consequences | Notable Events |
|---|---|---|
| Stopping in the middle of the road | Traffic congestion | May–December 2022: CAVs operated by Waymo and Cruise have suddenly stopped at intersections and busy city streets, as shown in Figure 83, obstructing traffic flow and trapping the CAVs’ occupants inside. The stopped CAVs required company engineers to manually move them out of the way. |
| Blocking emergency vehicles | Emergency resources obstruction | Starting in May 2022: CAVs have obstructed emergency response services’ operations after suddenly stopping for up to several hours. In one instance, a Cruise CAV stopped and blocked a San Francisco Fire Department vehicle responding to a fire. |
| Causing rear-end collisions with hard breaking | Possible physical damage to vehicle or injuries | December 2022: NHTSA opened an investigation into Cruise over concerns about their CAVs causing rear-end collisions with hard braking. |
| Inability to identify foreign objects | Possible physical damage to vehicle or injuries | December 2022–January 2023: San Francisco County Transportation Authority filed a letter of protest against Cruise after one CAV ran over a fire hose being used at an active fire scene. Another CAV almost did the same, requiring firefighters to break a window in order to stop it. |
| Picking up and dropping off passengers at unsafe locations | Possible injuries or casualties | June–December 2022: San Francisco County Transportation Authority recorded multiple complaints of picking up and dropping off passengers in bicycle lanes with cyclists nearby. |
| Deploying emergency resources to non-emergency situations | Waste of public money and the diversion of emergency resources from others who need it | June 2022: San Francisco County Transportation Authority reported three instances of Cruise employees calling 911 on unresponsive passengers inside their vehicles, triggering a response by emergency services. These passengers were found to have fallen asleep during their ride. |
| Driving into bike lanes | Possible physical damage to vehicle, injuries, or casualties | January 2023: There have been reports of CAVs that were unable to detect bicycle lanes. One instance involved a Cruise AV turning onto and remaining on a bicycle lane. |
| Inability to interact with law enforcement | Possible physical damage to vehicle, injuries, or casualties | April 22, 2022: A Cruise AV was stopped by police for driving without headlights. After officers examined the AV and returned to the patrol car, the AV advanced to a safer location for stopping while yielding to officers. |
| Changing lanes and difficulty maneuvering the vehicle | Possible physical damage to vehicle, injuries, or casualties | October 2020: A Waymo vehicle was involved in a sideswipe while attempting to change lanes. September 2022: 911 operators received calls regarding erratic and inconsistent driving by CAVs, including using the wrong turn signal. |
standards and processes in order to coordinate the introduction of new information and telecommunication systems as well as prevent interferences with existing airport systems, including radio communications and navigation. Local jurisdictions might have their own requirements as well, in addition to the licensing processes of the Federal Communications Commission (FCC).
Cheng (2001) highlights the necessity of an integration framework to overcome these challenges. Cheng emphasizes the importance of a well-planned approach with a guiding framework to prevent project failure and ensure manageable maintenance. The proposed framework comprises two essential models: (1) the integration information model, which advises on managing integration requirements using methods like the airport business integration guide or a centralized automated repository, and (2) the integration architecture model, which guides the design of the integration system architecture, featuring a multi-layered structure with subsystems, middleware components, and standardized integration service via application programming interfaces (APIs). These models aim to assist airport authorities in effectively planning, procuring, and managing information and communication systems, while also providing a foundation for integration contractors to define their strategies for requirements analysis and architecture design.
These models can be adapted for managing the integration of emerging modes and technologies at airports:
-
Integration information model: This model offers a structured method for handling information interchange requirements at airports, focusing on avoiding complex integration issues and ensuring sustainability. To incorporate new modes and technologies into this model, airports can follow a systematic approach:
- – Identify emerging modes and technologies: The first step is to identify the emerging modes and technologies that the airport needs to integrate into its airport access options.
- – Adapt airport business functions and units: The airport should enhance the description of its business functions and units to encompass those pertinent to the identified emerging modes and technologies. It needs to identify new functions and units tasked with managing and implementing the technology, such as overseeing self-driving vehicle operations or handling electric vehicle (EV) charging infrastructure.
- – Define airport business events for emerging technologies: The airport should identify and define new business events associated with emerging technologies, such as events related to the schedules of mass transit systems, charging station availability, or maintenance needs for EVs.
- – Introduce new event-data objects: The airport should extend the event-data object element to include information related to emerging technologies. It needs to define the data objects associated with EV parameters, self-driving vehicle status, or any specific data pertinent to the integration of new modes and technologies.
- – Adjusting airport business processes: The airport should modify or introduce new airport business processes that specifically address the integration of emerging modes and technologies. For instance, create processes for managing the charging infrastructure, coordinating self-driving vehicle movements, or handling maintenance procedures for innovative ground transportation solutions.
- – Establish or adapt integration control board (ICB) for emerging technologies: The airport should establish or adapt the ICB to include domain experts and stakeholders related to the emerging modes and technologies. All relevant business units, information technology (IT), and technical managers involved in the integration of new transportation solutions should be represented. Working groups should be created for the analysis and specification of integration requirements related to emerging technologies. These working groups can collaborate on interface specifications, testing plans, and procedures specific to the integration of innovative ground transportation systems. The ICB should provide a mechanism for stakeholders—including contractors, business units, and airport authorities—to easily access and contribute to the integration information model elements associated with emerging technologies. Proper communication channels, such as forums or teleconferencing, should be established to facilitate discussions, address concerns, and exchange opinions regarding the integration of new modes and technologies.
- Integration architecture model: This model provides technical guidance for airport IT architecture planning, systems integration design, and development. It includes layers such as network communications, database network interface, middleware framework, data access components, business integration service, airport operational databases (AODBs), and subsystems. Each layer serves specific functions, from providing end-to-end network connectivity to managing centralized data services. The integration service components—housed in the business integration services layer—act as software components, facilitating business integration services via APIs. The AODB layer plays a crucial role in providing centralized data management services for airport operational and historical data. The symmetrical architecture, with AODBs at the same level as other subsystems, enhances system flexibility. System management functions, crucial for overseeing complex distributed application systems, are treated
- as another subsystem in the architecture. The integration service management tool, in the business integration services layer, ensures that business integration services are configurable, contributing to the overall adaptability of the integrated airport system. To implement this model for accommodating emerging modes and technologies, airports can follow a systematic process:
- – Reliability: Establish a robust system that ensures reliability, especially in critical subsystems like baggage handling or passenger check-in. Implement a contingency plan for manual operations to prevent disruptions.
- – Maintainability: Design an overall system that can be easily maintained and address software bugs swiftly to minimize the impact on business operations and integrated subsystems.
- – Evolvability: Embrace a hierarchical component-based, open-system architecture so that the integrated system can adapt to continuous changes in business requirements and technologies. This ensures that only related components need to be modified when there is a change, preserving the integrity of the overall system.
- – Extensibility: Design the system with a hierarchical structure and a component-based open systems approach to facilitate easy integration of new functions, supporting both new business functions and improvements to existing operations.
- – Scalability: Ensure that the architecture allows for scalability by easily adding more systems or components to enhance system performance, as well as addressing potential bottlenecks through measures like adding more event servers or servers with more power.
- – Interoperability: Prioritize interoperability to enable seamless data exchange between system components. Promote and follow international standards, using centrally managed metadata originating from the integration information model to achieve data standardization.
Preserving Aviation Safety When Introducing New Technologies
In 2021, the introduction of 5G C-band antennas near aviation facilities raised concerns over potential electromagnetic interference with certain aircraft altimeters. 5G is a recent standard of cellular technology that increases data exchange speed and improves flexibility of wireless services. In the United States, 5G services use frequencies in a radio spectrum called the C-band, between 3.7 and 3.98 gigahertz. Civil aviation radio altimeters operate in the band between 4.2 and 4.4 gigahertz. This provides a 0.22-gigahertz separation from the C-band telecommunications system.
According to FAA analysis, 5G emissions may interfere with radio altimeters’ ability to provide a precise estimate of an aircraft’s height above the ground (Federal Aviation Administration 2021c). This issue mainly concerns aircraft with older altimeters that lack protection from neighboring bands. FAA adopted new Airworthiness Directives for transport and commuter category airplanes as well as helicopters equipped with a radio altimeter (Federal Aviation Administration 2021c). The Airworthiness Directives required revisions to the limitations section of flight manuals and the incorporation of limitations to certain operations requiring radio altimeter data that prohibit them when in the presence of 5G C-band interference in areas, and at airports within the areas, where 5G was introduced initially.
Engineering Brief No. 107: Aeronautical Study of 5G C-Band Antennas provides important reminders and new guidance regarding the introduction of 5G antennas in the airport vicinity (Federal Aviation Administration 2023c). Most of the requirements and resources provided in the document are not 5G-specific; they might apply to future telecommunications standards and technologies, including broadband cellular networks.
Emerging Cybersecurity Issues
Intelligent transportation systems (ITSs) involve a broad range of devices, sensors, components, data, and communications that must be protected from malicious attacks, unauthorized
access, and other damage that might interfere with their intended safety functions. Therefore, the cybersecurity of connected and automated transportation technologies is a major aspect of implementation in a context where transportation is among the top 10 cyberattack targets (IBM 2023).
Cyberattacks on transportation can take various forms and target different aspects of the sector’s infrastructure and systems. Common types of cyber threats and attack patterns include:
- Vehicle hijacking and tampering: Vehicle vulnerabilities can lead to unauthorized access, manipulation of vehicle functions, or even remote hijacking of the vehicle. For instance, hackers could access driverless vehicle control systems, disrupt operations, and jeopardize safety (Liu et al. 2020; Katrakazas et al. 2020). Malicious actors can also tamper with sensors or other critical components (Benyahya et al. 2022; Channon and Marson 2021).
- Traffic control system manipulation: Cybercriminals may attempt to compromise traffic control systems, including traffic lights and signals. Unauthorized access to these systems could lead to traffic disruptions, accidents, or the manipulation of traffic flow for malicious purposes.
- GPS spoofing and jamming: GPS spoofing and jamming attacks can impact navigation systems, which can lead to misdirection or loss of control of vehicles.
- Ransomware attacks: Ransomware attacks involve the deployment of malicious software that encrypts critical systems and data, then demands a ransom for their release. If systems are compromised, it can lead directly or indirectly to significant disruptions, such as those of the 2021 Colonial Pipeline ransomware attack.
- Credential theft and unauthorized access: Cyber attackers may seek to gain unauthorized access to transportation networks, control systems, or databases by stealing credentials. Once inside, they could manipulate data, disrupt operations, or gather sensitive information.
- Personal data hacking: Personal data about drivers and users, including tracking information, could be intercepted or extracted from vehicles (Khan et al. 2023b; Pham and Xiong 2021).
- Financial fraud: Transportation organizations often handle financial transactions, making them potential targets for financial fraud. This could include fraudulent transactions, embezzlement, or manipulation of financial records.
Cyber-Risk Management
In March 2023, the White House issued a national cybersecurity strategy outlining a comprehensive approach to cybersecurity and calling for owners and operators of critical infrastructure to have cybersecurity protections (The White House 2023). TSA subsequently issued new cybersecurity requirements for certain TSA-regulated transportation stakeholders, including airport and aircraft operators (Transportation Security Administration 2023b). Impacted TSA-regulated entities shall (1) develop an approved implementation plan that describes measures to improve their cybersecurity resilience, and (2) prevent disruption and degradation to their infrastructure.
They must proactively assess the effectiveness of these measures, which include the following actions:
- Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
- Create access control measures to secure and prevent unauthorized access to critical cyber systems;
- Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies [. . .]; and
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology. (Transportation Security Administration 2023b)
These high-level mitigation actions are not aviation-specific and can be useful to airport access stakeholders. In addition, data encryption, regular security audits, cybersecurity training, and
a holistic approach to cybersecurity as part of the airport security management system are crucial for maintaining a resilient and secure transportation infrastructure.
Additional TSA resources regarding ground transportation cybersecurity are available in the Surface Transportation Cybersecurity Toolkit (Transportation Security Administration n.d.), which is an online collection of documents designed to provide information on cyber-risk management to surface transportation operators who have fewer than 1,000 employees.
The Cybersecurity and Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA publishes various resources and tools, as well as vulnerability bulletins, that are useful to practitioners and operators. The National Institute of Standards and Technology (NIST) (2023) has developed a cybersecurity framework consisting of guidelines, best practices, and standards designed to help organizations manage and improve their cybersecurity. The framework was created to be adaptable to different risk profiles, allowing organizations to tailor its implementation to their specific needs and requirements.
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge is a publicly accessible knowledge base used to describe the actions and behaviors of cyber adversaries (MITRE Corporation n.d.). It provides a comprehensive and detailed framework that categorizes the various tactics, techniques, and procedures that adversaries use to achieve their objectives across the different stages of the cyberattack.
Risk Management and Emerging Access Technologies
From Landside Risk Management to Integrated Management Systems
Risk management focuses on identifying, assessing, and mitigating risks associated with movement and activities. Managing operational risks in the landside environment is crucial for maintaining the safety, security, and efficiency of airport operations. Integrating new emerging ground access transportation systems to this environment will increase risk by adding new potential risks. The landside is often characterized by high volumes of passenger and vehicle traffic, diverse stakeholder interactions, and a dynamic mix of activities. Consequently, it presents a unique set of challenges and potential risks that must be effectively addressed to ensure a seamless airport experience.
The primary objective of operational risk management for the airport landside is to identify and evaluate risks that could compromise the safety of individuals, disrupt operations, or negatively impact the airport’s reputation. Risks in the landside can include traffic congestion, pedestrian accidents, vehicle collisions, public health concerns, crime, and emergency situations, among others.
Risk management involves collaboration and coordination among various stakeholders, including airport operators, local authorities, transportation providers, and law enforcement agencies. Effective communication and cooperation between these entities are essential for implementing and enforcing mitigation measures for operational risk on the landside. Furthermore, landside operational risk management requires continuous monitoring, evaluation, and improvement. By analyzing data on landside incidents, conducting regular risk assessments, and seeking feedback from passengers and staff, airports can identify trends, vulnerabilities, and areas for improvement. This information can then be used to update protocols, enhance infrastructure, and implement measures to mitigate risks effectively.
Landside risk management is closely linked to overall airport security and safety management systems. Integrating landside risk management with broader integrated management systems
(IMSs) ensures a comprehensive approach to risk identification and mitigation across the various airport management domains, including environmental and quality management.
An integrated management system is a unified framework that consolidates diverse management standards and requirements within an organization. Instead of independently managing various systems, an IMS integrates these processes to streamline operations, minimize duplication of efforts, and enhance overall efficiency. When integrating emerging modes and technologies in the airport environment, five management systems should be considered as part of a landside IMS:
- Quality Management System (QMS): Defined in ISO 9001, QMS includes policies, processes, and procedures to meet customer requirements and ensure consistent product or service quality.
- Environmental Management System (EMS): Defined in ISO 14001, EMS addresses environmental aspects and impacts, promoting sustainable practices and compliance with environmental regulations.
- Occupational Health and Safety Management System (OHSMS): Defined in ISO 45001, OHSMS focuses on providing a safe and healthy workplace, preventing work-related injuries and illnesses, and complying with relevant occupational health and safety regulations.
- Security Management System (SeMS): Defined in ISO 28000, SeMS identifies, assesses, and manages security risks within an organization.
- Energy Management System (EnMS): Defined in ISO 50001, EnMS consistently identifies and enhances an organization’s energy use and environmental impact.
Table 39 provides an overview of key management systems for a landside IMS, their corresponding International Organization for Standardization (ISO) standards, the operational focus or domain within airport landside management, and illustrative case examples demonstrating their application.
Airport Emergency Management
Emerging ground access technologies at airports will require amending AEPs to manage adverse operating conditions. The new procedures developed for each technology should account for the specific challenges and risks associated with emerging technologies and provide a comprehensive framework for responding to incidents, along with requirements specified by the
Table 39. Key Management Systems for Landside IMS
| Management System | Relevant ISO Standard | Operational Domain | Examples |
|---|---|---|---|
| QMS | ISO 9001 | Passenger experience | Current: road congestion at LAX |
| Stakeholder integration | 2023: LAX-it process at LAX with TNCs | ||
| EMS | ISO 14001 | Ground transportation emissions | 2022: free electric shuttle at San Diego International Airport (SAN) to downtown |
| OHSMS | ISO 45001 | Public safety | 2014: Metro accident at Chicago O’Hare International Airport (ORD) |
| SeMS | ISO 28000 | Occupational safety | 2017: Long Island Rail Road train accident leading to rail worker’s death |
| Aviation safety | 2022: 5G implementation interference with aircraft altimeters | ||
| Transportation security | 2007: Glasgow International Airport (GLA), United Kingdom, ramming attack | ||
| Cybersecurity | 2019: Cleveland Hopkins International Airport (CLE) cyberattack on computer system | ||
| EnMS | ISO 50001 | Vehicle charging management | 2017: power outage at Hartsfield–Jackson Atlanta International Airport (ATL) |
FAA. If the FAA mandates AEPs for all Part 139 airports, then they become a recommended best practice for other airports, too. AEPs are comprehensive documents that outline the specific actions, responsibilities, and procedures to be followed in the event of an emergency. They are typically developed in collaboration with airport authorities, emergency responders, airlines, ground handlers, and other relevant stakeholders. The plans are tailored to the unique characteristics and needs of each airport, considering factors such as airport size, infrastructure, geographical location, and anticipated risks.
AEPs typically consist of the following key components:
-
Emergency response structure: This section defines the organizational structure and assigns roles and responsibilities to various stakeholders involved in emergency response, such as airport management, emergency services, airlines, and other support personnel. It outlines the chain of command and communication protocols during an emergency.
- – Airport access features: Include all stakeholders involved with emerging modes that are integrating the airport environment into the organizational structure and assign their respective roles and responsibilities.
-
Emergency procedures: This section details the specific actions to be taken during different types of emergencies, including evacuation procedures, aircraft rescue and firefighting protocols, medical response procedures, hazardous material containment procedures, and security threat management.
- – Airport access features: For each mode, develop a specific action plan and procedures to be taken during different types of emergencies. For example, designate emergency exit routes and access points for emergency vehicles to reach critical areas promptly, or define pathways for the evacuation of passengers and airport staff.
-
Communication and notification: This component outlines the communication protocols and channels to be used during emergencies, including internal communication within the airport, coordination with external emergency services, and notification of relevant authorities, airlines, and passengers. It also addresses public communication strategies to ensure timely and accurate information dissemination to airport users and the media.
- – Airport access features: Ensure the involvement of all stakeholders for each mode in developing communication protocols and coordinating with external emergency services to facilitate real-time information exchange among the partners.
-
Resources and logistics: This section covers the allocation and management of resources required during an emergency, such as firefighting equipment, medical supplies, emergency vehicles, and support services. It includes provisions for resource tracking, mobilization, and coordination to ensure efficient response operations.
- – Airport access features: Every new mode should be actively involved in the allocation and management of resources.
-
Training and exercises: This component addresses the training and preparedness activities necessary to ensure that all personnel involved in emergency response are adequately trained, aware of their roles, and capable of executing their assigned tasks. It includes regular drills, exercises, and simulations to test the effectiveness of the emergency plan and identify areas for improvement.
- – Airport access features: Tailored training and exercise programs should be created and adhered to for each mode, ensuring comprehensive personnel training. Coordination of joint training drills among diverse stakeholders is essential.
- Recovery and business continuity: This section outlines strategies and procedures for post-incident recovery and the resumption of normal airport operations. It covers aspects such as damage assessment, restoration of critical services, coordination with airlines and tenants, and the management of passenger and employee welfare during the recovery phase.
-
- – Airport access features: Effective coordination and collaboration among all transportation stakeholders and the airport are crucial for a comprehensive assessment and the development of strategies to facilitate post-incident recovery.
By having comprehensive AEPs in place, airports can effectively and efficiently respond to emergencies, mitigate risks, minimize the impact on operations, and ensure the safety of passengers, employees, and the surrounding community. Regular reviews and updates of these plans are necessary to incorporate lessons learned from previous incidents and adapt to evolving risks and best practices.
Integrating New Energy Vectors
The evolution of emerging modes and technologies extends beyond addressing passenger flows, roadway congestions, and connectivity; it is also a proactive response to the challenges posed by air quality and transportation emissions. This transition goes hand in hand with a shift toward more sustainable energy sources. As the transportation industry embraces this transformation, new energy sources are on the horizon, and they need to be incorporated in a safe and resilient way into the airport setting. This evolution requires that airports play a crucial role not only in accommodating vehicle technologies but also in providing the requisite infrastructure to support the sustainable supply and use of new energy sources.
A prominent and impactful trend is the growing electrification of various modes. EVs are gaining traction, and industry forecasts underscore the continuous growth of the EV market share in the future. This movement extends beyond personal vehicles, taxis, TNCs, public buses, and bus rapid transit (BRT) systems—it also includes reshaping the landscape of vehicles operating within airport premises. Ground support equipment (vehicles and buses) responsible for passenger transport within airport boundaries are transitioning toward electrically powered models. In keeping with the commitment to a more sustainable transportation landscape, electric vertical takeoff and landing (eVTOL) aircraft are being intentionally designed to fly with electric or hybrid propulsion systems. New urban and intercity passenger-rail projects often prioritize electrification, and this shift extends beyond conventional overhead wire implementation. There is a rising interest in innovative solutions, including the development of battery-electric, fuel cell–electric, and hybrid train technologies.
Airports will have to supply some of these new energy sources within their infrastructure—especially for EVs. This shift will change the electric demand profile of airports, and these needs should be considered through utility planning. As explained in ACRP Research Report 236: Preparing Your Airport for Electric Aircraft and Hydrogen Technologies (Le Bris et al. 2022), the anticipated increase of the electric demand warrants the adoption of new power management strategies at airports in order to optimize the efficiency and use of existing electrical assets. The variability in electricity costs throughout the day and across seasons—influenced by charging structures like demand charges, time-of-use rates, demand response programs, and global adjustments—adds complexity to energy pricing. Leveraging power management technologies can allow airports to monitor consumption in real time and implement load-shifting strategies, minimizing the need for distribution system upgrades.
The transition to electric power also requires consideration of scenarios involving sustained power outages, such as climate-related or natural disaster emergencies. While reliability has improved, the impact of such disruptions justifies considering power resilience specifically. ACRP Research Report 236 (Le Bris et al. 2022) provides a guide on the matter. New storage and distribution systems for electricity, hydrogen, natural gas, and other energy sources for landside mobility create specific operational risks for airports in the different risk management domains presented earlier. The safety, sustainability, and resiliency of these technologies require collaborative assessment and mitigation of these risks with stakeholders.
