Cybersecurity in Aviation

It’s no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks, and the physical threats, that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.

That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane’s operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but these claims were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.

Today, there are a number of industry and government efforts underway to bolster the security of aviation systems. In some instances, the efforts are rearguard actions necessary to correct vulnerabilities that would never have existed if security had been a top priority built in “from the ground up.” Other initiatives are more forward-looking, and seek to ensure that the diverse collection of players that make up the aviation industry are communicating and coordinated in their efforts to secure both in-flight and ground-based digital systems.

Among the most notable of these cybersecurity programs:

1.    Aviation Information Sharing and Analysis Center (A-ISAC) – Established in 2012 with backing from aircraft manufacturer Boeing, the A-ISAC aims to serve as a focal point for security information sharing among its growing community of members – airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers and/or general aviation entities.

2.    Cyber Information Sharing and Collaboration Program (CISCP) – A cross-industry program established by the U.S. Department of Homeland Security, CISCP has moved from pilot stage to full implementation, and includes government intelligence analysts, airline representatives and airport officials working to share avionics-related security information.

3.    Air Domain Intelligence Integration and Analysis Center (ADIAC) – Hosted by the Transportation Security Administration and sponsored by the Office of the Director of National Intelligence, the ADIAC reportedly seeks to serve the same purpose as the broad-based CISCP, but with a laser-focus on cybersecurity information sharing in the aviation sector.

Even with these and other industry and government initiatives, ensuring the security of airborne and ground-based aviation systems presents daunting challenges. Much as in the broader business environment, the aviation sector, including passenger aircraft, are increasingly dependent upon software-driven systems, Internet connectivity and trustworthy digital data. With IoT systems bridging the digital and physical worlds, the dangers of security breaches don’t stop at data loss or exposure. Those dangers extend into the realm of equipment manipulation and, potentially, loss of life.

It’s encouraging that both industry players and government agencies are taking the cybersecurity threat to aviation seriously. Work still remains, however. The efforts in the US to counter this threat must be coordinated with similar initiatives around the world. There are many moving pieces, literally as well as figuratively, in the aviation sector, and they cross every international boundary. It’s important that aviation cybersecurity efforts, now that they’ve taken flight, continue to be attract the global attention, funding and coordination they deserve.

CSO

 

« Facebook, Twitter and Google Are A 'recruiting platform for terrorism''
WiFi Can Spy On You »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Support Link Technologies (SLT)

Support Link Technologies (SLT)

Support Link Technologies are an IT Solutions Company committed to achieving customer satisfaction through excellent customer service.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.