Cybersecurity in Aviation

Uploaded on 2016-09-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-News Analysis

It’s no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks, and the physical threats, that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.

That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane’s operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but these claims were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.

Today, there are a number of industry and government efforts underway to bolster the security of aviation systems. In some instances, the efforts are rearguard actions necessary to correct vulnerabilities that would never have existed if security had been a top priority built in “from the ground up.” Other initiatives are more forward-looking, and seek to ensure that the diverse collection of players that make up the aviation industry are communicating and coordinated in their efforts to secure both in-flight and ground-based digital systems.

Among the most notable of these cybersecurity programs:

1.    Aviation Information Sharing and Analysis Center (A-ISAC) – Established in 2012 with backing from aircraft manufacturer Boeing, the A-ISAC aims to serve as a focal point for security information sharing among its growing community of members – airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers and/or general aviation entities.

2.    Cyber Information Sharing and Collaboration Program (CISCP) – A cross-industry program established by the U.S. Department of Homeland Security, CISCP has moved from pilot stage to full implementation, and includes government intelligence analysts, airline representatives and airport officials working to share avionics-related security information.

3.    Air Domain Intelligence Integration and Analysis Center (ADIAC) – Hosted by the Transportation Security Administration and sponsored by the Office of the Director of National Intelligence, the ADIAC reportedly seeks to serve the same purpose as the broad-based CISCP, but with a laser-focus on cybersecurity information sharing in the aviation sector.

Even with these and other industry and government initiatives, ensuring the security of airborne and ground-based aviation systems presents daunting challenges. Much as in the broader business environment, the aviation sector, including passenger aircraft, are increasingly dependent upon software-driven systems, Internet connectivity and trustworthy digital data. With IoT systems bridging the digital and physical worlds, the dangers of security breaches don’t stop at data loss or exposure. Those dangers extend into the realm of equipment manipulation and, potentially, loss of life.

It’s encouraging that both industry players and government agencies are taking the cybersecurity threat to aviation seriously. Work still remains, however. The efforts in the US to counter this threat must be coordinated with similar initiatives around the world. There are many moving pieces, literally as well as figuratively, in the aviation sector, and they cross every international boundary. It’s important that aviation cybersecurity efforts, now that they’ve taken flight, continue to be attract the global attention, funding and coordination they deserve.

CSO

 

« Facebook, Twitter and Google Are A 'recruiting platform for terrorism''
WiFi Can Spy On You »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

CyberloQ Technologies

CyberloQ Technologies

CyberloQ Secure is a cybersecurity solution that enables clients to implement highly robust Multi-Factor Authentication (MFA) that includes client-defined location-based geofencing constraints.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.