Poor Cyber Resilience In Aviation

Uploaded on 2020-02-13 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks. Furthemore, 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
 
Swiss web security company ImmuniWeb has published a detailed report on the cybersecurity posture of the world's biggest airports, finding that almost all of them had an alarming lack of systems in place to protect their websites, mobile applications and public clouds.
 
Background
Cyber resilience involves more than security. It requires focus on protecting critical functions, not only assets. Cybersecurity challenges, including privacy issues, remain largely underestimated. To ensure a secure and resilient ecosystem, it is essential that public and private-sector leaders embrace a collaborative and risk-informed approach globally, by sharing practices, insights and threat intelligence.
 
Technological advances are creating tremendous opportunities for improved fight efficiency, customer service, security, safety operations and passenger experience, both in the air and on the ground. Aviation is a vital industry that contributes substantially to economic development and improved living conditions. According to the ICAO, the 4.1 billion passengers transported in 2017 are expected to grow to around 10 billion by 2040.  According to IATA, 35% of world trade by value is transported by air cargo, equivalent to $6.4 trillion of goods. The role of the aviation industry in commerce, trade and transport infrastructure makes it indispensable to the global economy. 
 
Existing aviation safety and security cultures should be governed by a cyber strategy that is linked to evolving technology and a set of agreed principals. 
 
Cyberattacks are one of the top 10 global risks of highest concern for the next decade, according to the World Economic Forum Global Risks Report 2019, with data fraud and theft ranked fourth and cyberattacks fifth among these. Globally their potential cost could be up to $90 trillion in net economic impact by 2030 if cybersecurity efforts do not keep pace with growing interconnectedness, according to the Atlantic Council and the Zurich Insurance Group, among others. 
 
Whereas government and corporate leaders are deeply engaged in promoting effective cybersecurity strategies and global spending on security continues to accelerate, the annual number of cyberattacks globally hit an all-time high in 2018. 
 
Top 3 Most Secure Airports
The three international airports that successfully passed all the tests without a single major issue being detected:
  • Amsterdam Airport Schiphol (EU)
  • Helsinki-Vantaa Airport (EU)
  • Dublin Airport (EU)
They may serve a laudable example not just to the aviation industry but to all other industries as well. Airports should have cybersecurity teams that are running continuous discovery programs and constantly performing an inventory of all digital assets. 
 
If possible, programs should be deployed that can give security teams a visualisation of external attack surfaces as well as risk exposure with an attack surface management solution that can monitor the Dark Web and code repositories. 
 
WEF:             TechRepublic:             ImmuniWeb:           WEF
 
You Might Also Read:
 
New York’s Albany Airport Pays Ransom:
 
Warning For Pilots To Counter Airborne Hacking:
 
 
 
« Saudi Aramco Under Repeated Attack
New York Launches $100m Cyber Security Hub »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.