Cybersecurity in Aviation

It’s no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks, and the physical threats, that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.

That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane’s operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but these claims were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.

Today, there are a number of industry and government efforts underway to bolster the security of aviation systems. In some instances, the efforts are rearguard actions necessary to correct vulnerabilities that would never have existed if security had been a top priority built in “from the ground up.” Other initiatives are more forward-looking, and seek to ensure that the diverse collection of players that make up the aviation industry are communicating and coordinated in their efforts to secure both in-flight and ground-based digital systems.

Among the most notable of these cybersecurity programs:

1.    Aviation Information Sharing and Analysis Center (A-ISAC) – Established in 2012 with backing from aircraft manufacturer Boeing, the A-ISAC aims to serve as a focal point for security information sharing among its growing community of members – airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers and/or general aviation entities.

2.    Cyber Information Sharing and Collaboration Program (CISCP) – A cross-industry program established by the U.S. Department of Homeland Security, CISCP has moved from pilot stage to full implementation, and includes government intelligence analysts, airline representatives and airport officials working to share avionics-related security information.

3.    Air Domain Intelligence Integration and Analysis Center (ADIAC) – Hosted by the Transportation Security Administration and sponsored by the Office of the Director of National Intelligence, the ADIAC reportedly seeks to serve the same purpose as the broad-based CISCP, but with a laser-focus on cybersecurity information sharing in the aviation sector.

Even with these and other industry and government initiatives, ensuring the security of airborne and ground-based aviation systems presents daunting challenges. Much as in the broader business environment, the aviation sector, including passenger aircraft, are increasingly dependent upon software-driven systems, Internet connectivity and trustworthy digital data. With IoT systems bridging the digital and physical worlds, the dangers of security breaches don’t stop at data loss or exposure. Those dangers extend into the realm of equipment manipulation and, potentially, loss of life.

It’s encouraging that both industry players and government agencies are taking the cybersecurity threat to aviation seriously. Work still remains, however. The efforts in the US to counter this threat must be coordinated with similar initiatives around the world. There are many moving pieces, literally as well as figuratively, in the aviation sector, and they cross every international boundary. It’s important that aviation cybersecurity efforts, now that they’ve taken flight, continue to be attract the global attention, funding and coordination they deserve.

CSO

 

« Facebook, Twitter and Google Are A 'recruiting platform for terrorism''
WiFi Can Spy On You »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.

Locket Cybersecurity

Locket Cybersecurity

Locket’s certified students provide pro-bono security audits for small and medium-sized businesses in the Chicagoland area.