This presentation introduces the role of the ACI Europe Cyber Security Committee and its guidance on penetration testing for airport operational technology (OT) and industrial control systems (ICS), addressing the unique safety, operational and regulatory challenges of uptime-critical aviation environments (e.g. baggage handling, lighting, fuel management and access control technologies). The session highlights risk-based testing, adapted methodologies for legacy and proprietary systems, and the importance of careful planning, coordination and compliance.

• Understand why OT/ICS penetration testing in airports requires specialized, safety-focused approaches
• Identify risks and requirements when testing critical airport systems without disrupting operations
• Recognize the value of white-box and hybrid testing over automated approaches
• Improve OT/ICS security maturity while maintaining operational trust and resilience