Air Travel Needs Stronger Cyber Security

Cybersecurity topics should not be considered only at a technical layer: even if these attacks are mainly performed on the IT infrastructure. Today, cyber threats have been looming over all sectors of the economy.

The same can be said of the air transport industry. It is not surprising that cyber-security has become a top priority for the industry.

The air transport sector faces unprecedented risk from cybercrime, the result of digital transformation and extensive reliance on information and communication technologies. 

It’s no surprise that the EU’s European Aviation Safety Agency ranked cyber-security as the aviation industry’s number one challenge. But that was back in 2016 and, since then, the malicious use of technology across air transport has increased at an exponential rate.

Airlines and airports are ideal targets for hackers. They’re highly visible, for one thing. They offer huge potential for disruptions, and they’re closely tied to the identity of the host country, making them an ideal symbolic target. 

In this highly complex IT environment, there are myriad possible entry points for hackers to test potential vulnerabilities, introduce malware or launch more dangerous and life-threatening attacks. 

They rely on open communications across a complex matrix, not only the airlines and airports but also ground handlers, governments, air traffic management, OEMs, retailers and many more players. Consistent with other industries, ransomware (58%), phishing (52%) and advanced persistent threats (47%) are regular and frequent risks that are seen in the air transport industry.

Cyber-Attacks: a Tech or Business Issue
Industry leaders are starting to introduce core building blocks needed in the defence against cyber-attacks. Airports and airlines are increasingly turning to a wide range of technology to better manage their operations and provide an improved service to their passengers. 

Securing these technology systems, protecting the information and data that these systems manage, requires an effective cybersecurity solution. Several airlines and airports around the world have been constantly under stress as along with ensuring that operations run in a cost-effective and secure manner. 

Apart from that, there is also an added responsibility to have a resilient response in place when it comes to cyber-attacks. Regulatory compliance and data privacy regulations have stimulated spending on security during the past three years. 
A recent example is GDPR coming into effect in Europe during 2018. These regulations translate into increased spending, particularly in data security tools such as identity & access management technology.

Often, cyber-attacks have been linked with it just being a business issue given that the consequences it can have on the aviation business are fatal. ​These cyber-attacks primarily target IT infrastructure hurting its passengers, airlines, airports and most importantly the business operations. 

In 2018, Atlanta Airport was disrupted by major cyber-attack, suffering cancellation of flights, passenger delays due to a major cyber-attack. This cost the city of Atlanta millions of dollars to fix the issue. Hence, it is quite evident that such threats cannot be taken up lightly as it possesses a threat to both technical and business operations.

Cyber-security topics should not be considered only at a technical layer: even if these attacks are mainly performed on the IT infrastructure, in reality, their impacts are very operational. A recent industry study revealed that airlines and airports plan higher spend on technology with priorities placed firmly on strengthening cyber-security capabilities. 

Cybersecurity is one of two areas where most airlines have a ‘major program’ with large growth, where some 89% mention investment in cyber-security initiatives (the other area being applications for passenger mobile services, at 90%). 

For airports, preventing disruption of operations is one of their top three concerns (97%). CIO agendas sharply focused on cybersecurity too, where it tops the list. Some 95% of airports confirm that cybersecurity initiatives are a priority area for their IT investments, whether as a ‘major program’ or for ‘R&D’.

Best practices for best defence
The critical requirement for strong cybersecurity is widely recognised, but existing challenges are delaying progress. These challenges include a lack of resources, budget and skills needed for advancing cybersecurity protection. 
Worryingly, our research suggests that at present only 41% of air transport organisations are considering and tracking cyber risks. However, awareness is improving and a further 42% are planning to list cybersecurity as part of a global risk register by 2021. 

Cyber-security budgets are expected to grow and spending is shifting towards detection and prevention of cyber threats. The biggest barrier to effective cyber-security programs is a lack of resources, which affects 78% of air transport organisations. 
We recommend appointing a dedicated Chief Information Security Officer (CISO). A dedicated CISO can be of pivotal importance for the empowerment and positioning of security teams at C-level for effective implementation of a cybersecurity program. Despite this, as of 2018, only 31% of the organisations have a dedicated CISO.

Building a good foundation is a top priority in all areas of cyber-security. Hence, having a Security Operations Center (SOC) is key to an efficient cyber-security solution as it acts like a cyber-control tower with an integrated combination of processes, people and technology to detect, analyse, respond to, and report on cybersecurity incidents. 

A SOC is often the first component security executives look at when building up their cyber defence capabilities. Only 33% of organisations have a SOC implemented today, but a further 47% plan for such investment by 2021.
With such information and technology in place, the aviation industry will increasingly be able to search for those attackers deeply nested into infrastructures of multiple organisations. This will result in providing a coordinated response to those who seek to take advantage of temporary security lapses, addressing the cyber-security concerns that loom over as a threat to everyone.

The leading driver for cyber-security investment is shifting from mere compliance to proactive protection with a focus on the detection of external threats and prevention of disruption. 

Technologies such as CASB, IoT Security and Identity-as-a-Service will see a strong increase in deployment in the next three years as the air transport industry’s digital transformation progresses and protecting the extended network takes centre stage.

Financial Express:

You Might Also Read:

Staying Secure When Travelling For Business:

Blockchain’s Newest  Application Is Civil Aviation:

 

 

 

 

« Most Cyber Insurance Claims Result from Human Error
Five Hi -Tech Ways To Fight Off Cyber Attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Cyrebro

Cyrebro

CYREBRO is your online cybersecurity central command managed SOC that integrates all your security events with strategic monitoring, proactive threat intelligence, and rapid incident response.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.