Cybersecurity in Aviation

Uploaded on 2016-09-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

It’s no secret that the rise of the Internet of Things (IoT) introduces a host of new cybersecurity challenges and vulnerabilities. A recent report from AT&T surveyed the data risks, and the physical threats, that compromised IoT systems could pose. Few of those risk scenarios are more frightening than that of a hacker taking over the controls of an in-flight plane.

That scenario seemed to be playing out just over a year ago, in April 2015, when a passenger onboard a flight tweeted that he had tapped into the plane’s operational systems by hacking the in-flight entertainment system. A subsequent FBI investigation found that the hacker claimed to have made a plane climb and move sideways on an earlier flight. Many experts soon disputed these claims, but these claims were enough to shine a spotlight on the growing dependency of modern aircraft on digital controls and multiple networks.

Today, there are a number of industry and government efforts underway to bolster the security of aviation systems. In some instances, the efforts are rearguard actions necessary to correct vulnerabilities that would never have existed if security had been a top priority built in “from the ground up.” Other initiatives are more forward-looking, and seek to ensure that the diverse collection of players that make up the aviation industry are communicating and coordinated in their efforts to secure both in-flight and ground-based digital systems.

Among the most notable of these cybersecurity programs:

1.    Aviation Information Sharing and Analysis Center (A-ISAC) – Established in 2012 with backing from aircraft manufacturer Boeing, the A-ISAC aims to serve as a focal point for security information sharing among its growing community of members – airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers and/or general aviation entities.

2.    Cyber Information Sharing and Collaboration Program (CISCP) – A cross-industry program established by the U.S. Department of Homeland Security, CISCP has moved from pilot stage to full implementation, and includes government intelligence analysts, airline representatives and airport officials working to share avionics-related security information.

3.    Air Domain Intelligence Integration and Analysis Center (ADIAC) – Hosted by the Transportation Security Administration and sponsored by the Office of the Director of National Intelligence, the ADIAC reportedly seeks to serve the same purpose as the broad-based CISCP, but with a laser-focus on cybersecurity information sharing in the aviation sector.

Even with these and other industry and government initiatives, ensuring the security of airborne and ground-based aviation systems presents daunting challenges. Much as in the broader business environment, the aviation sector, including passenger aircraft, are increasingly dependent upon software-driven systems, Internet connectivity and trustworthy digital data. With IoT systems bridging the digital and physical worlds, the dangers of security breaches don’t stop at data loss or exposure. Those dangers extend into the realm of equipment manipulation and, potentially, loss of life.

It’s encouraging that both industry players and government agencies are taking the cybersecurity threat to aviation seriously. Work still remains, however. The efforts in the US to counter this threat must be coordinated with similar initiatives around the world. There are many moving pieces, literally as well as figuratively, in the aviation sector, and they cross every international boundary. It’s important that aviation cybersecurity efforts, now that they’ve taken flight, continue to be attract the global attention, funding and coordination they deserve.

CSO

 

« Facebook, Twitter and Google Are A 'recruiting platform for terrorism''
WiFi Can Spy On You »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

SensCy

SensCy

SensCy is a Trusted Guide for Sensible Cybersecurity for small and medium-sized organizations.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

aiComply

aiComply

aiComply's AI-driven platform offers automated intelligence for an efficient cybersecurity compliance workflow, eliminating onerous manual and time-consuming paperwork.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.