Airlines on Defence Amid Cyber Warfare: IATA

Tony-Tyler-Cyber-Security-Conference-Singapore.jpg

Greater levels of automation mean the aviation industry is more vulnerable to cyber threats.

Airlines are facing "close to an asymmetric warfare" from cyber attackers given the difficulty of defending systems when the threat continually evolves, says International Air Transport Association chief executive Tony Tyler (pictured).

"No business is immune, but aviation is a specific target for those intent on doing cyber mischief and theft - or worse," he said in a speech at the Civil Aviation Cyber Security Conference in Singapore. "Airlines are the highest value target for fraudsters and close to 50 per cent of all phishing attempts are made against airlines and airline passengers, according to one security firm we work with."

IATA's membership includes most of the world's biggest airlines, including Qantas Airways and Virgin Australia Holdings, and the group operates financial systems through which flow $US388 billion of annual air travel related revenues.
.
The potential loss of passenger data including passport numbers and credit card information would be damaging for an airline, but hacking also could compromise the physical security of passengers or force airlines to ground planes.
"What we are facing is close to an asymmetric warfare in which it is easier to attack than defend," he said.
There has been increased scrutiny on the security of airline systems following an apparent cyber-attack on LOT Polish Airlines computers issuing flight plans in Warsaw last month. And this week, United Airlines grounded its US fleet, reportedly after a faulty computer network router disrupted its reservation systems. There was no indication it was a cyber attack, but it showed how vulnerable airlines are to technology failures.
Mr Tyler said the cost of successful cyber attack in any major industry could run into the "hundreds of millions of dollars" and leave a company's reputation in tatters. But in aviation, an attack could also paralyse operations or result in thousands of stranded passengers.

Airlines have increasingly turned to computers and outside contractors for tasks like payload calculations, which used to be done by pilots in the cockpit. Mr Tyler said the outsourcing of the task freed the pilots to focus on other pre-flight activities, and there was little double a computer could do the job faster and with at least as much accuracy. But he warned every automation brought a new challenge of securing the information it relied upon. 
"The number of entry points into systems is increasing steadily," he said. "The more systems we automate, the more vendors we have and the more interfaces we have that can be targeted for attack."
Mr Tyler said it was important that governments, which have resources and access to intelligence that could never be replicated in the private sector, helped support the airline industry's efforts to protect against cyber threats.
"Today, constraints of national classification systems and ambiguities around the legal rights and mechanisms for sharing information across borders are particularly challenging," he said. "However, the significant risks of not sharing information demand more progress in this area. It is not acceptable that one airline may have access to information and best practices regarding appropriate cyber measures and potential vulnerabilities while another carrier does not, simply because it is based in a different country."

Ein News

« The Focus on Terror has Distorted the Debate on Encryption
The Most Damaging Ramifications of DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

Arctic Wolf Networks

Arctic Wolf Networks

Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service that redefines the economics of cybersecurity.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.