Subscribe Free
in Events

Aviation Africa 2018: Cyber security: Not if, but when

Posted 18 April 2018 · Add Comment

An airline’s greatest cyber-security threat may also be its most precious asset – its staff – according to panellists speaking at Aviation Africa in Cairo. Victoria Moores reports.

 

Hacking in to a company is no mean feat. The path of least resistance is often unsuspecting staff, who get caught out by cyber-security basics, such as password privacy or falling for phishing emails. This can lead to data theft, extortion, or worse, as national governments and criminals seek to exploit our 21st Century dependency on technology.

PGI managing director Brian Lord said employees are the easiest way into an organisation and the starting point for the most sophisticated attacks. “It is still the case that 80% of all global cyber attacks would have been stopped if human beings had been trained to operate properly,” he said.

Lord urged companies to improve basic training, run cyber-security incident exercises and carefully manage media fallout. “The damage of ineffective reporting carries just as much risk as the technical issues underpinning it,” he said.

Attackers use public fear and uncertainty stirred up by the media as a weapon in its own right, disabling and damaging the target company and tying up resources long after the technical problem is solved.

“The reaction to a disabling technical attack on an organisation is normally quite good. Where it falls down is their ability to manage that with the public, customers, shareholders and media. This is commercial damage; the technical damage is normally quite minimal.”

Aside from criminal attacks, countries are also developing their own cyber-attack capabilities and testing them. “This practice is happening all over the world,” Lord said. Unfortunately, airlines and airport are natural targets for both types of attack, because they form part of a country’s critical national infrastructure.

Simon Knechtli, who is executive director aerospace at insurance firm Willis Towers Watson, said the insurance industry is changing its approach to cyber threats and extending cover to include a network interruption option.

“There are only two types company: those that can be hacked and those that will be,” Knechtli said. “Don’t just refer us to the IT department. This is a business risk.”

He estimated the average cost of a data breach at $3.6 million. This is only likely to increase with the introduction of new European rules that carry a 4% of global revenue penalty for data leaks. “That is really focusing the mind of aviation companies,” he said.

Knechtli agreed that the main vulnerability to cyber attacks is employee negligence. “90% is human error. The major risk to be dealt with first are your own employees.”

Like Lord, he said companies should have a strategic plan when it comes to cyber security, including staff training.

Industry IT specialist SITA has collected 10 years of aviation cyber-attack data, profiling the attackers and their intentions. Hackers make up 40% of the total, with 32% being motivated by financial gain, said SITA global lead of business management Ahmed Fawzi. “A very important part of protecting the business is to get users aware, so they don’t get exploited,” he said.

Airlines need an action strategy, said Fawzi, but that plan will need constant revision. “This is not a one-time process. It is a repeat process that has to be ongoing, making sure you are constantly in the game and not falling behind at any time.” Fawzi announced that SITA is about to start a cyber-security benchmarking study and invited conference delegates to join the project.

One area of the business that is particularly sensitive to breaches is business aviation, said Africa Satcom Direct (SD) business development director Brian Roos. With this in mind, SD is able to provide passengers with end-to-end encryption via a private network and detect in-flight cyber attacks in real-time. The company is so confident in its security levels that it guarantees against cyber-attack losses.

Cyber attacks could come at any point in the supply chain, for example using hub airport vulnerability to disrupt airline operations. This need for cooperation among aviation stakeholders triggered the creation of non-profit members organisation ISAC, which exchanges threat information among its airline, airframer and supplier members.

“There is a shared risk here,” ISAC executive director Aviation Jeffrey Troy said. “The whole supply chain needs to talk to each other.” The top concern that ISAC members voice during their regular calls and four annual meetings is regulatory compliance.

Osprey Flight Solutions CEO Andrew Nicholson agreed that there is a benefit to sharing information. “Without proper information, you can’t do proper risk management because you can’t understand the risks,” he said. “It’s down to us, as an industry, to improve ways of sharing information and helping each other – that comes down to trust.” 

This is where big data can be turned into a benefit. Pooled risk data can give a clearer picture of the threat, improving the efficiency of the response. 

“If every operator shared a tiny bit of data, the overall improvement to risk management would be immense. It’s about crowdsourcing information to create a bigger picture of what is going on. Scaling information in that way can be hugely powerful,” Nicholson said.

While people were a common cause for cyber-risk concern, Nicholson said they are also part of the solution. “Human analysts play an extremely important part, because they can make links that computers can’t. It is about integration of humans and computers.”

PGI managing director Brian Lord

* required field

Post a comment

Other Stories
Advertisement
Latest News

Kuwait probes Airbus Helicopters deal

Kuwait Prime Minister, Sheikh Jaber Al-Mubarak Al-Hamad Al-Sabah, has ordered an investigation into the €1 billion ($1.19 billion) order signed by the air force for 30 H225M Caracal multirole military utility helicopters, 24 of them

FIA2018: Rockwell Collins recognised by Airbus as a top performer for avionics support

Rockwell Collins has been honoured with a Customer Services Award for its avionics service by Airbus and its customer airlines at a special ceremony at the Farnborough Air Show held yesterday.

FIA:2018 Boeing and Novus announce commitment for up to four 777-300ERs

FIA2018: Boeing and Dubai-based aircraft lessor, Novus Aviation Capital, announced its first direct agreement with Boeing for up to four 777-300ERs at the 2018 Farnborough International Airshow.

FIA2018: Wataniya Airways signs a contract for the E195-E2

In a deal that will see the Middle East’s first E2 operator, Embraer announced at the Farnborough Airshow 2018, that it has signed a firm order for 10 E195-E2 aircraft with Kuwaiti airline, Wataniya Airways.

SaudiGulf Airlines launches new mobile app powered by CellPoint Mobile

CellPoint Mobile has partnered with SaudiGulf Airlines to develop and launch the airline’s first mobile app to support booking. As part of the launch, CellPoint Mobile enables payments through SADAD, the national electronic payment

Emirates celebrates five million passengers in Beirut

Emirates celebrated its five million passenger mark at Beirut Rafic Al Hariri International Airport. The airline has been operating in Lebanon for more than 27 years and in celebration of this milestone, a handful of passengers were

TAA SK0902311218
See us at
AIME19BTA3005120219GATM BT1004061118Cargo BT1004091018ASDubai BT1004091018MEBAA BT1004121218Aviation Africa BT0607280219Istanbul Airshow BT22018MAPS18_BT1207131118BIAS BT271017161118