industry unlocked
Joe Carson, Chief Security Scientist
and Advisory CISO, Thycotic
The aviation sector is being increasingly digitised
which, while providing numerous benefits for
consumers and passengers, also introduces new
risks and makes the industry a hot target for
cybercriminals. Industry experts from Thycotic
and Attivo Networks tell us about some of the
key threats, how the industry is rising to the
challenge and offer best practice advice for
CISOs on how to bolster their defences.
44
A
Airlines and airports spent a record US$50 billion
in 2018 on IT to support improvements to the
passenger journey and are now beginning to
enjoy the benefit of that investment.
Figures published by SITA for the first time show
that this investment has resulted in a significant
improvement in both the satisfaction levels for
passengers and average processing time.
The SITA 2019 Air Transport IT Insights shows
that 60% of airline CIOs recorded up to a
20% year-on-year improvement in passenger
satisfaction. During the same period, 45% of
them recorded up to 20% improvement in the
rate of passengers processed.
The benefits of digitisation are clear to see
– improved customer satisfaction and overall
efficiencies. But it also introduces new risks
and, like every other vertical, CISOs in the
aviation industry are having to step up their
cybersecurity measures.
Joe Carson, Chief Security Scientist and
Advisory CISO at Thycotic, and Chris Roberts,
Chief Security Strategist, Attivo Networks, have
provided insight about some of the key threats
and how they are being combatted.
What are some of the unique
cyberthreats to the aviation sector
and why?
JOE CARSON, CHIEF SECURITY SCIENTIST AND
ADVISORY CISO, THYCOTIC
The aviation industry is at risk to many unique
cyberattacks that can put human lives and
even global stability at serious risk. Our society
is largely dependent on the aviation
industry to keep us connected and the
world moving and any threat to that
industry puts our way of life at serious
risk. The modern aviation industry is
heavily dependent on technology and
software that is at risk to cyberattacks,
which could disrupt flight systems
making aircrafts fall from the sky or
force pilots to make premature landings.
We have seen recent events on what
could happen when software bugs
combined with sensors that have no
backups can result in pilots fighting with
flight controls such as the recent issues
with Boeing 737 Max. Other risks which
I see as the major threats are those that
could impact airports such as disrupting
safety systems, baggage handling or
logistics and schedules. Since airports
are more open and connected, they are
exposed to more threats.
Most attacks to date on the aviation
industry have been financial fraud related
such as business email compromise
and invoice fraud or cyberattacks that
impacted booking systems and loyalty
rewards programmes stealing millions of
airmiles from customers.
CHRIS ROBERTS, CHIEF SECURITY
STRATEGIST, ATTIVO NETWORKS
Unlike many other industries the airline
sector still depends on everyday use
of decades-old bespoke proprietary
systems. Air-ground communications
Issue 20
|
www.intelligentciso.com