Airlines on Defence Amid Cyber Warfare: IATA

Uploaded on 2015-07-20 in NEWS-Cybersecurity News, FREE TO VIEW

Tony-Tyler-Cyber-Security-Conference-Singapore.jpg

Greater levels of automation mean the aviation industry is more vulnerable to cyber threats.

Airlines are facing "close to an asymmetric warfare" from cyber attackers given the difficulty of defending systems when the threat continually evolves, says International Air Transport Association chief executive Tony Tyler (pictured).

"No business is immune, but aviation is a specific target for those intent on doing cyber mischief and theft - or worse," he said in a speech at the Civil Aviation Cyber Security Conference in Singapore. "Airlines are the highest value target for fraudsters and close to 50 per cent of all phishing attempts are made against airlines and airline passengers, according to one security firm we work with."

IATA's membership includes most of the world's biggest airlines, including Qantas Airways and Virgin Australia Holdings, and the group operates financial systems through which flow $US388 billion of annual air travel related revenues.
.
The potential loss of passenger data including passport numbers and credit card information would be damaging for an airline, but hacking also could compromise the physical security of passengers or force airlines to ground planes.
"What we are facing is close to an asymmetric warfare in which it is easier to attack than defend," he said.
There has been increased scrutiny on the security of airline systems following an apparent cyber-attack on LOT Polish Airlines computers issuing flight plans in Warsaw last month. And this week, United Airlines grounded its US fleet, reportedly after a faulty computer network router disrupted its reservation systems. There was no indication it was a cyber attack, but it showed how vulnerable airlines are to technology failures.
Mr Tyler said the cost of successful cyber attack in any major industry could run into the "hundreds of millions of dollars" and leave a company's reputation in tatters. But in aviation, an attack could also paralyse operations or result in thousands of stranded passengers.

Airlines have increasingly turned to computers and outside contractors for tasks like payload calculations, which used to be done by pilots in the cockpit. Mr Tyler said the outsourcing of the task freed the pilots to focus on other pre-flight activities, and there was little double a computer could do the job faster and with at least as much accuracy. But he warned every automation brought a new challenge of securing the information it relied upon. 
"The number of entry points into systems is increasing steadily," he said. "The more systems we automate, the more vendors we have and the more interfaces we have that can be targeted for attack."
Mr Tyler said it was important that governments, which have resources and access to intelligence that could never be replicated in the private sector, helped support the airline industry's efforts to protect against cyber threats.
"Today, constraints of national classification systems and ambiguities around the legal rights and mechanisms for sharing information across borders are particularly challenging," he said. "However, the significant risks of not sharing information demand more progress in this area. It is not acceptable that one airline may have access to information and best practices regarding appropriate cyber measures and potential vulnerabilities while another carrier does not, simply because it is based in a different country."

Ein News

« The Focus on Terror has Distorted the Debate on Encryption
The Most Damaging Ramifications of DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.