Intelligent CISO Issue 20 | Page 44

industry unlocked Joe Carson, Chief Security Scientist and Advisory CISO, Thycotic The aviation sector is being increasingly digitised which, while providing numerous benefits for consumers and passengers, also introduces new risks and makes the industry a hot target for cybercriminals. Industry experts from Thycotic and Attivo Networks tell us about some of the key threats, how the industry is rising to the challenge and offer best practice advice for CISOs on how to bolster their defences. 44 A Airlines and airports spent a record US$50 billion in 2018 on IT to support improvements to the passenger journey and are now beginning to enjoy the benefit of that investment. Figures published by SITA for the first time show that this investment has resulted in a significant improvement in both the satisfaction levels for passengers and average processing time. The SITA 2019 Air Transport IT Insights shows that 60% of airline CIOs recorded up to a 20% year-on-year improvement in passenger satisfaction. During the same period, 45% of them recorded up to 20% improvement in the rate of passengers processed. The benefits of digitisation are clear to see – improved customer satisfaction and overall efficiencies. But it also introduces new risks and, like every other vertical, CISOs in the aviation industry are having to step up their cybersecurity measures. Joe Carson, Chief Security Scientist and Advisory CISO at Thycotic, and Chris Roberts, Chief Security Strategist, Attivo Networks, have provided insight about some of the key threats and how they are being combatted. What are some of the unique cyberthreats to the aviation sector and why? JOE CARSON, CHIEF SECURITY SCIENTIST AND ADVISORY CISO, THYCOTIC The aviation industry is at risk to many unique cyberattacks that can put human lives and even global stability at serious risk. Our society is largely dependent on the aviation industry to keep us connected and the world moving and any threat to that industry puts our way of life at serious risk. The modern aviation industry is heavily dependent on technology and software that is at risk to cyberattacks, which could disrupt flight systems making aircrafts fall from the sky or force pilots to make premature landings. We have seen recent events on what could happen when software bugs combined with sensors that have no backups can result in pilots fighting with flight controls such as the recent issues with Boeing 737 Max. Other risks which I see as the major threats are those that could impact airports such as disrupting safety systems, baggage handling or logistics and schedules. Since airports are more open and connected, they are exposed to more threats. Most attacks to date on the aviation industry have been financial fraud related such as business email compromise and invoice fraud or cyberattacks that impacted booking systems and loyalty rewards programmes stealing millions of airmiles from customers. CHRIS ROBERTS, CHIEF SECURITY STRATEGIST, ATTIVO NETWORKS Unlike many other industries the airline sector still depends on everyday use of decades-old bespoke proprietary systems. Air-ground communications Issue 20 | www.intelligentciso.com