Airport security apparently doesn’t apply online at New York City airports.
John F. Kennedy International (JFK), Newark (EWR) and LaGuardia (LGA) rank among the flight hubs with the least secure websites, potentially jeopardizing people’s credit card details, travel records and other sensitive information.
That was according to a recent survey by digital privacy company VeePN, which tested security at the US’ 31 largest airports.
They rated each hub on their security headers — Hypertext Transfer Protocol (HTTP) response instructions from a web server to a browser, telling it how to securely handle website content. These are a crucial component of any website, helping safeguard against cyberattacks.
VeePN also factored in the airport network’s SSL security, which ensures that data is secure and less vulnerable to hackers.
Each airport was given a grade in each category, as well as an overall score out of 100.
They found a major discrepancy in airport security among airports. “These results show significant variation in airport website security across the U.S,” declared Anthony Brown, a Web Software Developer at VeePN. “The difference between the highest and lowest scores is quite stark at almost 50 points.”
To wit, top performing flight hub Miami International Airport scored an impressive 97.5 out of 100 with an A grade for security headers and an A+ for SSL.
By contrast, the two worst performers — Daniel K. Inouye International Airport in Honolulu, Hawaii and Phoenix Sky Harbor International Airport near Phoenix, Arizona — received a score of just 50 of out of 100.
They also both received Fs in the Security Headers category.
Meanwhile, the Big Apple three had particularly porous cyber defenses. John F. Kennedy International (JFK), Newark (EWR) and LaGuardia (LGA) all scored just 57.5 out of 100 and Fs when it came to having watertight security headers.
In fact, a total of 12 airports failed this metric.
“These F grades in security headers highlight a widespread vulnerability among many of America’s busiest air travel hubs,” Brown said. “Many of the airports with lower scores could make simple improvements to boost their security considerably. Updating security headers is a straightforward fix that would benefit many of the lower-ranked websites.”
Thankfully, the nation’s flight hubs performed markedly better in the SSL Labs category, with 23 of the 31 airports receiving an A or A+ grade.
“Airport websites often handle sensitive traveler information and reservations, making their digital security particularly important,” Brown concluded. “The best-performing airports demonstrate that achieving high security standards is possible, and others should follow their example.”
The ten airports with the most secure websites
- Miami International Airport, Florida (97.5)
- San Diego International Airport, California (95)
- Fort Lauderdale-Hollywood International Airport, Florida (92.5)
- Denver International Airport, Colorado (90)
- Orlando International Airport, Florida (90)
- Logan International Airport, Massachusetts (87.5)
- Dallas Forth Worth International Airport, Texas (85)
- Charlotte Douglas International Airport, North Carolina (85)
- Detroit Metropolitan Airport, Michigan (82.5)
- Salt Lake City International Airport, Utah (82.5)
The ten airports with the least secure websites
- Phoenix Sky Harbor International Airport, Arizona (50)
- Daniel K. Inouye International Airport, Hawaii (50)
- Harry Reid International Airport, Nevada (57.5)
- Nashville International Airport, Tennessee (57.5)
- LaGuardia Airport, New York (57.5)
- George Bush Intercontinental Airport, Texas (57.5)
- Newark Liberty International Airport, New Jersey (57.5)
- John F. Kennedy International Airport, New York (57.5)
- Tampa International Airport, Florida (65)
- Seattle-Tacoma International Airport, Washington (72.5)
