Airlines on Defence Amid Cyber Warfare: IATA

Tony-Tyler-Cyber-Security-Conference-Singapore.jpg

Greater levels of automation mean the aviation industry is more vulnerable to cyber threats.

Airlines are facing "close to an asymmetric warfare" from cyber attackers given the difficulty of defending systems when the threat continually evolves, says International Air Transport Association chief executive Tony Tyler (pictured).

"No business is immune, but aviation is a specific target for those intent on doing cyber mischief and theft - or worse," he said in a speech at the Civil Aviation Cyber Security Conference in Singapore. "Airlines are the highest value target for fraudsters and close to 50 per cent of all phishing attempts are made against airlines and airline passengers, according to one security firm we work with."

IATA's membership includes most of the world's biggest airlines, including Qantas Airways and Virgin Australia Holdings, and the group operates financial systems through which flow $US388 billion of annual air travel related revenues.
.
The potential loss of passenger data including passport numbers and credit card information would be damaging for an airline, but hacking also could compromise the physical security of passengers or force airlines to ground planes.
"What we are facing is close to an asymmetric warfare in which it is easier to attack than defend," he said.
There has been increased scrutiny on the security of airline systems following an apparent cyber-attack on LOT Polish Airlines computers issuing flight plans in Warsaw last month. And this week, United Airlines grounded its US fleet, reportedly after a faulty computer network router disrupted its reservation systems. There was no indication it was a cyber attack, but it showed how vulnerable airlines are to technology failures.
Mr Tyler said the cost of successful cyber attack in any major industry could run into the "hundreds of millions of dollars" and leave a company's reputation in tatters. But in aviation, an attack could also paralyse operations or result in thousands of stranded passengers.

Airlines have increasingly turned to computers and outside contractors for tasks like payload calculations, which used to be done by pilots in the cockpit. Mr Tyler said the outsourcing of the task freed the pilots to focus on other pre-flight activities, and there was little double a computer could do the job faster and with at least as much accuracy. But he warned every automation brought a new challenge of securing the information it relied upon. 
"The number of entry points into systems is increasing steadily," he said. "The more systems we automate, the more vendors we have and the more interfaces we have that can be targeted for attack."
Mr Tyler said it was important that governments, which have resources and access to intelligence that could never be replicated in the private sector, helped support the airline industry's efforts to protect against cyber threats.
"Today, constraints of national classification systems and ambiguities around the legal rights and mechanisms for sharing information across borders are particularly challenging," he said. "However, the significant risks of not sharing information demand more progress in this area. It is not acceptable that one airline may have access to information and best practices regarding appropriate cyber measures and potential vulnerabilities while another carrier does not, simply because it is based in a different country."

Ein News

« The Focus on Terror has Distorted the Debate on Encryption
The Most Damaging Ramifications of DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.