Security Warning To Airlines of New Cyber Attacks

slide_4.jpg

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs

Airlines are increasingly at risk of cyber attacks that could pose significant safety issues and force carriers to ground their fleets to protect passenger welfare, causing major financial damage, security experts say.
"There are huge risks and challenges facing the airlines," Eric Lowenstein, a Sydney-based cyber-risks practice leader at insurance group Aon, said. "We are not just talking about [passenger data] privacy."

LOT Polish Airlines last month was forced to cancel 10 flights and delay 12 others in response to an attack against computers issuing flight plans at Warsaw's Okecie Airport that overloaded its network. That came a few weeks after United Airlines had grounded all its flights in the US, reportedly after bogus flight plans appeared in its system. 

In May, a US Federal Bureau of Investigation affidavit claimed American security researcher Chris Roberts had hacked into aircraft systems through the in-flight entertainment system, causing the plane to drift sideways in flight. This has yet to be verified but it has raised significant concerns in the security and insurance industry circles.

In April, Hobart Airport's website was hacked by supporters of radical group Islamic State, although no threat was made against flights in that case. "For those flying out of Hobart, it becomes a more elevated risk and security concern," Mr Lowenstein said. 

Jay Youlten, the regional director Australia, New Zealand and South Pacific at travel technology group SITA, said it was tough to prevent all security breaches.
"It is kind of like locks for cars – as soon as somebody creates the latest lock, someone has figured out how to break it," he said. "So there is a huge investment in technology to make sure these things are protected."
He said now that many airlines were providing high-speed in-flight Wi-Fi  services to passengers, it was becoming particularly important to create a demarcation between critical systems on board aircraft and passengers surfing the internet.
"The connectivity from the satellite or wherever to the aircraft, it is a major area that obviously has to have that integrity of security on it, and it does," Mr Youlten said. "But like I said, there are always challenges from people coming up with new ways to do things."

To date, the public has expressed relatively little concern about the possibility of data breaches by airlines, although to date polls have focused on the loss of personal information.

A study by security firm Unisys released last week found a third of Australians expected a data breach in the airline industry in the next 12 months. That was the lowest of any sector and far below the 58 per cent expecting a breach from the telecom industry.

But John Kendall, Unisys security program director Asia Pacific, said he believed the airline sector was increasingly at risk, in part because it hadn't yet been subject to the kind of high-profile attacks that have hit the banking and retail sectors.
"It is absolutely inevitable," he said of an airline attack, noting they held a wealth of data, including name, birthdates, passport details, credit cards and destinations, that made them a juicy target for identity thieves. "This is not all about passenger information either. We are starting to see the start of hacks into avionic systems."
Mr Lowenstein said it was essential that airlines had adequate insurance in place to protect against cyber attacks, because as a rule of thumb a simpler data breach like passenger information would cost $145 a record in terms of credit monitoring and setting up call centres. 

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs due in part to the need to rebook passengers and provide them with accommodation.

Sources said in the airline industry, technology suppliers usually bore the risk of having adequate insurance under their supply contracts.

It is understood neither Qantas Airways nor Virgin Australia Holdings has a separate cyber-security insurance policy but both have multi-layered security precautions in place. An Australian Securities and Investments Commission report on cyber resilience issued in March encouraged board-level oversight of cyber risks.

A Virgin spokeswoman said the airline's chief information security officer managed cyber risk, including regular briefings and consultations with the board and senior management team. It is understood the Qantas board is also regularly briefed on cyber-security issues.
SMH: http://bit.ly/1NR2qrE

 

« VP of Marketing
UK Police 'Skim the Surface' of Cybercrime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Total Cyber-Sec

Total Cyber-Sec

Total Cyber-Sec is a company specialized in providing Professional Information Security and Cybersecurity Services.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.