Poor Cyber Resilience In Aviation

Uploaded on 2020-02-13 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks. Furthemore, 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
 
Swiss web security company ImmuniWeb has published a detailed report on the cybersecurity posture of the world's biggest airports, finding that almost all of them had an alarming lack of systems in place to protect their websites, mobile applications and public clouds.
 
Background
Cyber resilience involves more than security. It requires focus on protecting critical functions, not only assets. Cybersecurity challenges, including privacy issues, remain largely underestimated. To ensure a secure and resilient ecosystem, it is essential that public and private-sector leaders embrace a collaborative and risk-informed approach globally, by sharing practices, insights and threat intelligence.
 
Technological advances are creating tremendous opportunities for improved fight efficiency, customer service, security, safety operations and passenger experience, both in the air and on the ground. Aviation is a vital industry that contributes substantially to economic development and improved living conditions. According to the ICAO, the 4.1 billion passengers transported in 2017 are expected to grow to around 10 billion by 2040.  According to IATA, 35% of world trade by value is transported by air cargo, equivalent to $6.4 trillion of goods. The role of the aviation industry in commerce, trade and transport infrastructure makes it indispensable to the global economy. 
 
Existing aviation safety and security cultures should be governed by a cyber strategy that is linked to evolving technology and a set of agreed principals. 
 
Cyberattacks are one of the top 10 global risks of highest concern for the next decade, according to the World Economic Forum Global Risks Report 2019, with data fraud and theft ranked fourth and cyberattacks fifth among these. Globally their potential cost could be up to $90 trillion in net economic impact by 2030 if cybersecurity efforts do not keep pace with growing interconnectedness, according to the Atlantic Council and the Zurich Insurance Group, among others. 
 
Whereas government and corporate leaders are deeply engaged in promoting effective cybersecurity strategies and global spending on security continues to accelerate, the annual number of cyberattacks globally hit an all-time high in 2018. 
 
Top 3 Most Secure Airports
The three international airports that successfully passed all the tests without a single major issue being detected:
  • Amsterdam Airport Schiphol (EU)
  • Helsinki-Vantaa Airport (EU)
  • Dublin Airport (EU)
They may serve a laudable example not just to the aviation industry but to all other industries as well. Airports should have cybersecurity teams that are running continuous discovery programs and constantly performing an inventory of all digital assets. 
 
If possible, programs should be deployed that can give security teams a visualisation of external attack surfaces as well as risk exposure with an attack surface management solution that can monitor the Dark Web and code repositories. 
 
WEF:             TechRepublic:             ImmuniWeb:           WEF
 
You Might Also Read:
 
New York’s Albany Airport Pays Ransom:
 
Warning For Pilots To Counter Airborne Hacking:
 
 
 
« Saudi Aramco Under Repeated Attack
New York Launches $100m Cyber Security Hub »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.