Poor Cyber Resilience In Aviation

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks. Furthemore, 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
 
Swiss web security company ImmuniWeb has published a detailed report on the cybersecurity posture of the world's biggest airports, finding that almost all of them had an alarming lack of systems in place to protect their websites, mobile applications and public clouds.
 
Background
Cyber resilience involves more than security. It requires focus on protecting critical functions, not only assets. Cybersecurity challenges, including privacy issues, remain largely underestimated. To ensure a secure and resilient ecosystem, it is essential that public and private-sector leaders embrace a collaborative and risk-informed approach globally, by sharing practices, insights and threat intelligence.
 
Technological advances are creating tremendous opportunities for improved fight efficiency, customer service, security, safety operations and passenger experience, both in the air and on the ground. Aviation is a vital industry that contributes substantially to economic development and improved living conditions. According to the ICAO, the 4.1 billion passengers transported in 2017 are expected to grow to around 10 billion by 2040.  According to IATA, 35% of world trade by value is transported by air cargo, equivalent to $6.4 trillion of goods. The role of the aviation industry in commerce, trade and transport infrastructure makes it indispensable to the global economy. 
 
Existing aviation safety and security cultures should be governed by a cyber strategy that is linked to evolving technology and a set of agreed principals. 
 
Cyberattacks are one of the top 10 global risks of highest concern for the next decade, according to the World Economic Forum Global Risks Report 2019, with data fraud and theft ranked fourth and cyberattacks fifth among these. Globally their potential cost could be up to $90 trillion in net economic impact by 2030 if cybersecurity efforts do not keep pace with growing interconnectedness, according to the Atlantic Council and the Zurich Insurance Group, among others. 
 
Whereas government and corporate leaders are deeply engaged in promoting effective cybersecurity strategies and global spending on security continues to accelerate, the annual number of cyberattacks globally hit an all-time high in 2018. 
 
Top 3 Most Secure Airports
The three international airports that successfully passed all the tests without a single major issue being detected:
  • Amsterdam Airport Schiphol (EU)
  • Helsinki-Vantaa Airport (EU)
  • Dublin Airport (EU)
They may serve a laudable example not just to the aviation industry but to all other industries as well. Airports should have cybersecurity teams that are running continuous discovery programs and constantly performing an inventory of all digital assets. 
 
If possible, programs should be deployed that can give security teams a visualisation of external attack surfaces as well as risk exposure with an attack surface management solution that can monitor the Dark Web and code repositories. 
 
WEF:             TechRepublic:             ImmuniWeb:           WEF
 
You Might Also Read:
 
New York’s Albany Airport Pays Ransom:
 
Warning For Pilots To Counter Airborne Hacking:
 
 
 
« Saudi Aramco Under Repeated Attack
New York Launches $100m Cyber Security Hub »

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

e-Share

e-Share

e-Share is the leader in solutions designed to secure information shared during the dynamic collaboration processes that occur beyond an organization’s own IT borders.

CENTRI Technology

CENTRI Technology

CENTRI provide a standards-based security platform for the Internet of Things.

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

SAI Global

SAI Global

SAI Global provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Kleiner Perkins

Kleiner Perkins

For five decades, Kleiner Perkins has made history by partnering with some of the most ingenious and forward-thinking founders in technology and life sciences.