Ports Authority mandates cybersecurity plans for airport concessionaires

The Puerto Rico government is requiring certified protection plans amid a surge in attacks.
The Puerto Rico Ports Authority has formally requested all airport and port concessionaires to certify the implementation of a cybersecurity plan to strengthen the island’s defenses against rising cyberthreats.
“Cybersecurity in critical infrastructure networks, such as piers and airports, is vital to the national security of the United States,” said Ports Authority Executive Director Norberto Negrón. He cited the U.S. Coast Guard’s 2024 Annual State Port Control Report, which identifies cyberattacks as the leading threat to port operations.
Data from the Federal Aviation Administration’s 2023 Cybersecurity and Infrastructure Risk Assessment report show that 55% of organizations tied to airport operations — both international and regional — have suffered cyberattacks, mostly ransomware. The risk is particularly relevant in Puerto Rico, where attempted cyberattacks surged to 340 million in 2023, a 36.2% increase from 2022 and more than double the volume reported in 2021.
“We are the fifth jurisdiction in the nation with the most cyberattack attempts,” Negrón said.
The Ports Authority emphasized that concessionaires without a certified plan will be required to meet with agency officials and the Puerto Rico Innovation and Technology Services Office (PRITS) to evaluate and coordinate cybersecurity readiness.
“If a concessionaire does not have this type of certification or cybersecurity plan, we will be meeting with them, along with PRITS staff, to assess how this office can coordinate the assistance needed to prevent criminals from using a cyberattack to paralyze their operations or steal customer and employee data,” Negrón said. “This is a matter of utmost importance to Governor Jenniffer González’s administration and the Ports Authority.”
Negrón also announced plans to convene a cybersecurity forum for all concessionaires once the certification process is completed, to explore further joint initiatives and best practices.