Airlines on Defence Amid Cyber Warfare: IATA

Uploaded on 2015-07-20 in NEWS-News Analysis, FREE TO VIEW

Tony-Tyler-Cyber-Security-Conference-Singapore.jpg

Greater levels of automation mean the aviation industry is more vulnerable to cyber threats.

Airlines are facing "close to an asymmetric warfare" from cyber attackers given the difficulty of defending systems when the threat continually evolves, says International Air Transport Association chief executive Tony Tyler (pictured).

"No business is immune, but aviation is a specific target for those intent on doing cyber mischief and theft - or worse," he said in a speech at the Civil Aviation Cyber Security Conference in Singapore. "Airlines are the highest value target for fraudsters and close to 50 per cent of all phishing attempts are made against airlines and airline passengers, according to one security firm we work with."

IATA's membership includes most of the world's biggest airlines, including Qantas Airways and Virgin Australia Holdings, and the group operates financial systems through which flow $US388 billion of annual air travel related revenues.
.
The potential loss of passenger data including passport numbers and credit card information would be damaging for an airline, but hacking also could compromise the physical security of passengers or force airlines to ground planes.
"What we are facing is close to an asymmetric warfare in which it is easier to attack than defend," he said.
There has been increased scrutiny on the security of airline systems following an apparent cyber-attack on LOT Polish Airlines computers issuing flight plans in Warsaw last month. And this week, United Airlines grounded its US fleet, reportedly after a faulty computer network router disrupted its reservation systems. There was no indication it was a cyber attack, but it showed how vulnerable airlines are to technology failures.
Mr Tyler said the cost of successful cyber attack in any major industry could run into the "hundreds of millions of dollars" and leave a company's reputation in tatters. But in aviation, an attack could also paralyse operations or result in thousands of stranded passengers.

Airlines have increasingly turned to computers and outside contractors for tasks like payload calculations, which used to be done by pilots in the cockpit. Mr Tyler said the outsourcing of the task freed the pilots to focus on other pre-flight activities, and there was little double a computer could do the job faster and with at least as much accuracy. But he warned every automation brought a new challenge of securing the information it relied upon. 
"The number of entry points into systems is increasing steadily," he said. "The more systems we automate, the more vendors we have and the more interfaces we have that can be targeted for attack."
Mr Tyler said it was important that governments, which have resources and access to intelligence that could never be replicated in the private sector, helped support the airline industry's efforts to protect against cyber threats.
"Today, constraints of national classification systems and ambiguities around the legal rights and mechanisms for sharing information across borders are particularly challenging," he said. "However, the significant risks of not sharing information demand more progress in this area. It is not acceptable that one airline may have access to information and best practices regarding appropriate cyber measures and potential vulnerabilities while another carrier does not, simply because it is based in a different country."

Ein News

« The Focus on Terror has Distorted the Debate on Encryption
The Most Damaging Ramifications of DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.