Cybersecurity in Aviation

It’s no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks, and the physical threats, that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.

That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane’s operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but these claims were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.

Today, there are a number of industry and government efforts underway to bolster the security of aviation systems. In some instances, the efforts are rearguard actions necessary to correct vulnerabilities that would never have existed if security had been a top priority built in “from the ground up.” Other initiatives are more forward-looking, and seek to ensure that the diverse collection of players that make up the aviation industry are communicating and coordinated in their efforts to secure both in-flight and ground-based digital systems.

Among the most notable of these cybersecurity programs:

1.    Aviation Information Sharing and Analysis Center (A-ISAC) – Established in 2012 with backing from aircraft manufacturer Boeing, the A-ISAC aims to serve as a focal point for security information sharing among its growing community of members – airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers and/or general aviation entities.

2.    Cyber Information Sharing and Collaboration Program (CISCP) – A cross-industry program established by the U.S. Department of Homeland Security, CISCP has moved from pilot stage to full implementation, and includes government intelligence analysts, airline representatives and airport officials working to share avionics-related security information.

3.    Air Domain Intelligence Integration and Analysis Center (ADIAC) – Hosted by the Transportation Security Administration and sponsored by the Office of the Director of National Intelligence, the ADIAC reportedly seeks to serve the same purpose as the broad-based CISCP, but with a laser-focus on cybersecurity information sharing in the aviation sector.

Even with these and other industry and government initiatives, ensuring the security of airborne and ground-based aviation systems presents daunting challenges. Much as in the broader business environment, the aviation sector, including passenger aircraft, are increasingly dependent upon software-driven systems, Internet connectivity and trustworthy digital data. With IoT systems bridging the digital and physical worlds, the dangers of security breaches don’t stop at data loss or exposure. Those dangers extend into the realm of equipment manipulation and, potentially, loss of life.

It’s encouraging that both industry players and government agencies are taking the cybersecurity threat to aviation seriously. Work still remains, however. The efforts in the US to counter this threat must be coordinated with similar initiatives around the world. There are many moving pieces, literally as well as figuratively, in the aviation sector, and they cross every international boundary. It’s important that aviation cybersecurity efforts, now that they’ve taken flight, continue to be attract the global attention, funding and coordination they deserve.

CSO

 

« Facebook, Twitter and Google Are A 'recruiting platform for terrorism''
WiFi Can Spy On You »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Opengear

Opengear

Opengear designs, manufactures and delivers the most feature-rich, cost-effective, flexible solutions for secure remote infrastructure management. Wit

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.