Aviation industry leaders must fight growing cybersecurity threats according to a leading industry figure.
During the SITA Euro Air Transport IT Summit in Hamburg, SITA CEO Barbara Dalibard urged Europe’s aviation chiefs to rally and combat the problem.
While cybersecurity is already an industry priority for most airlines and airports, according to the IT trends study conducted by SITA this year, Dalibard argued that addressing the threat demands more attention and engagement at the board level.
“Recent global cyber attacks demonstrate the risks and the need for a proactive approach. The air transport industry is highly connected and reliant on partners. We must work as a community to fight the global threat to cybersecurity.
“While we are pleased to see a 46% increase in the number of airlines prepared to deal with major cyber threats over the past year, there is still more to be done. The industry should move from dealing with common cyber threats to being prepared for major ones.
“As the technology provider owned by industry members, SITA is committed to invest in, and lead, the community effort to maximize cybersecurity. Together we can ramp up the industry’s defenses and ensure we remain one step ahead of any threat.”
SITA’S research finds that staff at airlines (82%) and airports (85%) have a high degree of awareness of the state of the flight against this global threat.
But the industry needs to go beyond cybersecurity protection to focus on threat detection and security incident response management.
CIOs at 69% of airlines and 47% of airports are implementing security events and correlation monitoring. 77% of airlines and 60% of airports are establishing security incident response management programs.
SITA also published a white paper resulting from its collaboration with Airbus on Cybersecurity, and created a unique CyberSecurity Aviation Security Operations Center (SOC) which will work as a form of “cyber control tower” combining people and technology to detect, analyze, respond to and report on cybersecurity incidents.
Markus Braendle, head, Airbus Cybersecurity, says
“The air transport industry has unique cybersecurity challenges because of the varied and increasing use of smart end points across a largely distributed infrastructure.
“Digital transformation is enabling the air transport industry to deliver better services to its customers, but raising its threat exposure.
“Together SITA and Airbus CyberSecurity bring expertise and solutions to help airlines and airports monitor their digital assets to detect and respond to incidents.”
Tridents against ever-evolving threats
As revealed in the joint white paper by Airbus and SITA, in 2016 international cybersecurity specialists, DarkMatter estimated that the total cost of cybercrime to the global economy was more than US$450 billion.
Cybercriminals have been employing clever ways to disguise their actions and distract organizations from the threat. According to a 2016 study by the SANS Institute, 11% of organizations say it may take up to four months to detect a cyberattack.
The new CyberSecurity SOC will speed up detection and deliver cybersecurity to air transport stakeholders with three separate layers of defense.
- Human monitoring by highly skilled professionals with air transport industry and cybersecurity knowledge.
- Continuous monitoring and detection processes for the entire industry, working around the clock.
- Advanced tools like analytics, big data and machine learning, able to match the sophistication and tactics used by cybercriminals.
Research by Ponemon Institute highlights the increasing use of technologies in cybersecurity. By 2018, it predicted a 38% increase in the use of big data analytics and behavioral profiling; and a 21% increase in the use of automated forensics tools.
SOC’s response to cybersecurity breaches will also have a three-pronged approach.
- Event management will collect and analyze prioritized security event logs from critical applications and systems; servers and workstations; switches and other network appliances; as well as air transport industry specific assets
- Security incident management by a dedicated SIEM (Security Incident and Event Management) tool will correlate events and match them with generic and air transport specific rules; present matches to specialized analysts who can evaluate them in the air transport business context; identify security incidents, and create alerts.
- Reporting management will keep organizations informed at all times with pre-defined sets of reporting processes, comprehensive alert reports and reports specific to the air transport industry context.
As SITA and Airbus write in the white paper:
“As cybersecurity becomes more complex, sophisticated and co-ordinated, no one is immune. For any organization in any industry, the ability to respond to a cyberthreat quickly and effectively is paramount.”