Airlines on Defence Amid Cyber Warfare: IATA

Uploaded on 2015-07-20 in NEWS-Cybersecurity News, FREE TO VIEW

Tony-Tyler-Cyber-Security-Conference-Singapore.jpg

Greater levels of automation mean the aviation industry is more vulnerable to cyber threats.

Airlines are facing "close to an asymmetric warfare" from cyber attackers given the difficulty of defending systems when the threat continually evolves, says International Air Transport Association chief executive Tony Tyler (pictured).

"No business is immune, but aviation is a specific target for those intent on doing cyber mischief and theft - or worse," he said in a speech at the Civil Aviation Cyber Security Conference in Singapore. "Airlines are the highest value target for fraudsters and close to 50 per cent of all phishing attempts are made against airlines and airline passengers, according to one security firm we work with."

IATA's membership includes most of the world's biggest airlines, including Qantas Airways and Virgin Australia Holdings, and the group operates financial systems through which flow $US388 billion of annual air travel related revenues.
.
The potential loss of passenger data including passport numbers and credit card information would be damaging for an airline, but hacking also could compromise the physical security of passengers or force airlines to ground planes.
"What we are facing is close to an asymmetric warfare in which it is easier to attack than defend," he said.
There has been increased scrutiny on the security of airline systems following an apparent cyber-attack on LOT Polish Airlines computers issuing flight plans in Warsaw last month. And this week, United Airlines grounded its US fleet, reportedly after a faulty computer network router disrupted its reservation systems. There was no indication it was a cyber attack, but it showed how vulnerable airlines are to technology failures.
Mr Tyler said the cost of successful cyber attack in any major industry could run into the "hundreds of millions of dollars" and leave a company's reputation in tatters. But in aviation, an attack could also paralyse operations or result in thousands of stranded passengers.

Airlines have increasingly turned to computers and outside contractors for tasks like payload calculations, which used to be done by pilots in the cockpit. Mr Tyler said the outsourcing of the task freed the pilots to focus on other pre-flight activities, and there was little double a computer could do the job faster and with at least as much accuracy. But he warned every automation brought a new challenge of securing the information it relied upon. 
"The number of entry points into systems is increasing steadily," he said. "The more systems we automate, the more vendors we have and the more interfaces we have that can be targeted for attack."
Mr Tyler said it was important that governments, which have resources and access to intelligence that could never be replicated in the private sector, helped support the airline industry's efforts to protect against cyber threats.
"Today, constraints of national classification systems and ambiguities around the legal rights and mechanisms for sharing information across borders are particularly challenging," he said. "However, the significant risks of not sharing information demand more progress in this area. It is not acceptable that one airline may have access to information and best practices regarding appropriate cyber measures and potential vulnerabilities while another carrier does not, simply because it is based in a different country."

Ein News

« The Focus on Terror has Distorted the Debate on Encryption
The Most Damaging Ramifications of DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

SIEM Xpert

SIEM Xpert

SIEM Xpert is a leader in Cyber Security Trainings and services since 2015.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.