Security Warning To Airlines of New Cyber Attacks

slide_4.jpg

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs

Airlines are increasingly at risk of cyber attacks that could pose significant safety issues and force carriers to ground their fleets to protect passenger welfare, causing major financial damage, security experts say.
"There are huge risks and challenges facing the airlines," Eric Lowenstein, a Sydney-based cyber-risks practice leader at insurance group Aon, said. "We are not just talking about [passenger data] privacy."

LOT Polish Airlines last month was forced to cancel 10 flights and delay 12 others in response to an attack against computers issuing flight plans at Warsaw's Okecie Airport that overloaded its network. That came a few weeks after United Airlines had grounded all its flights in the US, reportedly after bogus flight plans appeared in its system. 

In May, a US Federal Bureau of Investigation affidavit claimed American security researcher Chris Roberts had hacked into aircraft systems through the in-flight entertainment system, causing the plane to drift sideways in flight. This has yet to be verified but it has raised significant concerns in the security and insurance industry circles.

In April, Hobart Airport's website was hacked by supporters of radical group Islamic State, although no threat was made against flights in that case. "For those flying out of Hobart, it becomes a more elevated risk and security concern," Mr Lowenstein said. 

Jay Youlten, the regional director Australia, New Zealand and South Pacific at travel technology group SITA, said it was tough to prevent all security breaches.
"It is kind of like locks for cars – as soon as somebody creates the latest lock, someone has figured out how to break it," he said. "So there is a huge investment in technology to make sure these things are protected."
He said now that many airlines were providing high-speed in-flight Wi-Fi  services to passengers, it was becoming particularly important to create a demarcation between critical systems on board aircraft and passengers surfing the internet.
"The connectivity from the satellite or wherever to the aircraft, it is a major area that obviously has to have that integrity of security on it, and it does," Mr Youlten said. "But like I said, there are always challenges from people coming up with new ways to do things."

To date, the public has expressed relatively little concern about the possibility of data breaches by airlines, although to date polls have focused on the loss of personal information.

A study by security firm Unisys released last week found a third of Australians expected a data breach in the airline industry in the next 12 months. That was the lowest of any sector and far below the 58 per cent expecting a breach from the telecom industry.

But John Kendall, Unisys security program director Asia Pacific, said he believed the airline sector was increasingly at risk, in part because it hadn't yet been subject to the kind of high-profile attacks that have hit the banking and retail sectors.
"It is absolutely inevitable," he said of an airline attack, noting they held a wealth of data, including name, birthdates, passport details, credit cards and destinations, that made them a juicy target for identity thieves. "This is not all about passenger information either. We are starting to see the start of hacks into avionic systems."
Mr Lowenstein said it was essential that airlines had adequate insurance in place to protect against cyber attacks, because as a rule of thumb a simpler data breach like passenger information would cost $145 a record in terms of credit monitoring and setting up call centres. 

A security breach causing an airline to ground multiple aircraft could easily lead to millions of dollars of costs due in part to the need to rebook passengers and provide them with accommodation.

Sources said in the airline industry, technology suppliers usually bore the risk of having adequate insurance under their supply contracts.

It is understood neither Qantas Airways nor Virgin Australia Holdings has a separate cyber-security insurance policy but both have multi-layered security precautions in place. An Australian Securities and Investments Commission report on cyber resilience issued in March encouraged board-level oversight of cyber risks.

A Virgin spokeswoman said the airline's chief information security officer managed cyber risk, including regular briefings and consultations with the board and senior management team. It is understood the Qantas board is also regularly briefed on cyber-security issues.
SMH: http://bit.ly/1NR2qrE

 

« VP of Marketing
UK Police 'Skim the Surface' of Cybercrime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Foundation Futuristic Technologies (FFT)

Foundation Futuristic Technologies (FFT)

FFT is a global leader in computer forensics and digital investigation solutions.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.