Security Warning To Airlines of New Cyber Attacks

slide_4.jpg

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs

Airlines are increasingly at risk of cyber attacks that could pose significant safety issues and force carriers to ground their fleets to protect passenger welfare, causing major financial damage, security experts say.
"There are huge risks and challenges facing the airlines," Eric Lowenstein, a Sydney-based cyber-risks practice leader at insurance group Aon, said. "We are not just talking about [passenger data] privacy."

LOT Polish Airlines last month was forced to cancel 10 flights and delay 12 others in response to an attack against computers issuing flight plans at Warsaw's Okecie Airport that overloaded its network. That came a few weeks after United Airlines had grounded all its flights in the US, reportedly after bogus flight plans appeared in its system. 

In May, a US Federal Bureau of Investigation affidavit claimed American security researcher Chris Roberts had hacked into aircraft systems through the in-flight entertainment system, causing the plane to drift sideways in flight. This has yet to be verified but it has raised significant concerns in the security and insurance industry circles.

In April, Hobart Airport's website was hacked by supporters of radical group Islamic State, although no threat was made against flights in that case. "For those flying out of Hobart, it becomes a more elevated risk and security concern," Mr Lowenstein said. 

Jay Youlten, the regional director Australia, New Zealand and South Pacific at travel technology group SITA, said it was tough to prevent all security breaches.
"It is kind of like locks for cars – as soon as somebody creates the latest lock, someone has figured out how to break it," he said. "So there is a huge investment in technology to make sure these things are protected."
He said now that many airlines were providing high-speed in-flight Wi-Fi  services to passengers, it was becoming particularly important to create a demarcation between critical systems on board aircraft and passengers surfing the internet.
"The connectivity from the satellite or wherever to the aircraft, it is a major area that obviously has to have that integrity of security on it, and it does," Mr Youlten said. "But like I said, there are always challenges from people coming up with new ways to do things."

To date, the public has expressed relatively little concern about the possibility of data breaches by airlines, although to date polls have focused on the loss of personal information.

A study by security firm Unisys released last week found a third of Australians expected a data breach in the airline industry in the next 12 months. That was the lowest of any sector and far below the 58 per cent expecting a breach from the telecom industry.

But John Kendall, Unisys security program director Asia Pacific, said he believed the airline sector was increasingly at risk, in part because it hadn't yet been subject to the kind of high-profile attacks that have hit the banking and retail sectors.
"It is absolutely inevitable," he said of an airline attack, noting they held a wealth of data, including name, birthdates, passport details, credit cards and destinations, that made them a juicy target for identity thieves. "This is not all about passenger information either. We are starting to see the start of hacks into avionic systems."
Mr Lowenstein said it was essential that airlines had adequate insurance in place to protect against cyber attacks, because as a rule of thumb a simpler data breach like passenger information would cost $145 a record in terms of credit monitoring and setting up call centres. 

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs due in part to the need to rebook passengers and provide them with accommodation.

Sources said in the airline industry, technology suppliers usually bore the risk of having adequate insurance under their supply contracts.

It is understood neither Qantas Airways nor Virgin Australia Holdings has a separate cyber-security insurance policy but both have multi-layered security precautions in place. An Australian Securities and Investments Commission report on cyber resilience issued in March encouraged board-level oversight of cyber risks.

A Virgin spokeswoman said the airline's chief information security officer managed cyber risk, including regular briefings and consultations with the board and senior management team. It is understood the Qantas board is also regularly briefed on cyber-security issues.
SMH: http://bit.ly/1NR2qrE

 

« VP of Marketing
UK Police 'Skim the Surface' of Cybercrime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.