Poor Cyber Resilience In Aviation

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks. Furthemore, 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
 
Swiss web security company ImmuniWeb has published a detailed report on the cybersecurity posture of the world's biggest airports, finding that almost all of them had an alarming lack of systems in place to protect their websites, mobile applications and public clouds.
 
Background
Cyber resilience involves more than security. It requires focus on protecting critical functions, not only assets. Cybersecurity challenges, including privacy issues, remain largely underestimated. To ensure a secure and resilient ecosystem, it is essential that public and private-sector leaders embrace a collaborative and risk-informed approach globally, by sharing practices, insights and threat intelligence.
 
Technological advances are creating tremendous opportunities for improved fight efficiency, customer service, security, safety operations and passenger experience, both in the air and on the ground. Aviation is a vital industry that contributes substantially to economic development and improved living conditions. According to the ICAO, the 4.1 billion passengers transported in 2017 are expected to grow to around 10 billion by 2040.  According to IATA, 35% of world trade by value is transported by air cargo, equivalent to $6.4 trillion of goods. The role of the aviation industry in commerce, trade and transport infrastructure makes it indispensable to the global economy. 
 
Existing aviation safety and security cultures should be governed by a cyber strategy that is linked to evolving technology and a set of agreed principals. 
 
Cyberattacks are one of the top 10 global risks of highest concern for the next decade, according to the World Economic Forum Global Risks Report 2019, with data fraud and theft ranked fourth and cyberattacks fifth among these. Globally their potential cost could be up to $90 trillion in net economic impact by 2030 if cybersecurity efforts do not keep pace with growing interconnectedness, according to the Atlantic Council and the Zurich Insurance Group, among others. 
 
Whereas government and corporate leaders are deeply engaged in promoting effective cybersecurity strategies and global spending on security continues to accelerate, the annual number of cyberattacks globally hit an all-time high in 2018. 
 
Top 3 Most Secure Airports
The three international airports that successfully passed all the tests without a single major issue being detected:
  • Amsterdam Airport Schiphol (EU)
  • Helsinki-Vantaa Airport (EU)
  • Dublin Airport (EU)
They may serve a laudable example not just to the aviation industry but to all other industries as well. Airports should have cybersecurity teams that are running continuous discovery programs and constantly performing an inventory of all digital assets. 
 
If possible, programs should be deployed that can give security teams a visualisation of external attack surfaces as well as risk exposure with an attack surface management solution that can monitor the Dark Web and code repositories. 
 
WEF:             TechRepublic:             ImmuniWeb:           WEF
 
You Might Also Read:
 
New York’s Albany Airport Pays Ransom:
 
Warning For Pilots To Counter Airborne Hacking:
 
 
 
« Saudi Aramco Under Repeated Attack
New York Launches $100m Cyber Security Hub »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

BlastWave

BlastWave

BlastWave’s BlastShield integrates three innovative products into a single solution to help prevent inadvertent and intentional attacks.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.