We must work as a community to fight the global threat to cybersecurity.
The air transport industry's combination of interconnectivity and complexity, and its weight in the economy as critical national infrastructure, make the industry an attractive target for cyber attacks.
As aviation undergoes wholesale digital transformation, there's a growing risk of calculated and premeditated cyber attacks by a widening cast of would-be threat actors, driven by ideology, criminality or attempts at state destabilization.
"A cyber attack has the potential to wreak large-scale havoc on major transport hubs worldwide and lead to huge numbers of delays, flight cancellations and heightened security alerts," says Michael Schellenberg, Director of Integration and Services at SITA.
"Disruption to the global transportation network can cause ripples of economic and social turmoil," he continues. "Aviation incidents have a disproportionate impact on the public consciousness, making loss of passenger trust and business reputation a preoccupation for airlines and airports alike. It's little wonder that cyber security is ranked the number one challenge in the air transport industry by the European Commission."
For these reasons, it's encouraging to see the industry taking steps to improve its defensive posture. SITA's 2017 Air Transport IT Trends Insights report reveals that airlines' and airports' number one IT investment priority is cyber security, with 95% of airlines and 96% of airports planning to invest in major cyber security programs or pilot studies over the next three years. Yet only 35% of airlines and 30% of airports believe they are already prepared to deal with any cyber threats today.
The air transport industry is facing a perfect storm of rising traveler numbers (with ever more interactions between people, devices and services), the creation of smart airports, the introduction of more complex aircraft, and a growing reliance on increasingly interconnected IT.
Two major dichotomies make air transport particularly susceptible to cyber threats. As Schellenberg observes: "Firstly, the convergence of information technology and operational technology has created new venues for premeditated cyber attacks, with attackers able to exploit security gaps in IT networks, then move laterally into OT systems.
"The problem is that in the past the operational technology environment was designed to be closed and protected, and this is now unable to handle the industry's digital transformation, such as the internet and Internet of Things (IoT).
"Secondly, the industry is facing conflicting priorities: on one hand, there's an imperative to protect systems with robust, multi-layered security; on the other, there's pressure to open up platforms to enable collaboration and deliver a seamless passenger experience," says Schellenberg.
The industry is also characterized by a multitude of disparate stakeholders, each of whom owns a piece of connectivity across the global environment. The interdependencies built into air transport systems mean the exposure to cyber attacks is increasing. Cyber threats cannot be efficiently combated by acting unilaterally. Instead, the air transport industry must combine forces and find mutually supportive ways of dealing with this reality, sharing actionable community threat intelligence on an industry-wide basis.
"Recent global cyber attacks demonstrate the risks and the need for a proactive approach," said SITA CEO, Barbara Dalibard, speaking at the 2017 Euro Air Transport IT Summit earlier this year. "The air transport industry is highly connected and reliant on partners. We must work as a community to fight the global threat to cybersecurity.
"While we are pleased to see a 46% increase in the number of airlines prepared to deal with major cyber threats over the past year, there is still more to be done. The industry should move from protecting against common cyber threats to being prepared to handle major ones. As the technology provider owned by industry members, SITA is committed to investing in, and leading, the community effort to maximize cybersecurity. Together we can ramp up the industry's defenses and ensure we remain one step ahead of any threat."
Responding to the threat, SITA has develop a unique solution tailored specifically to air transport needs, supporting airlines' and airports' business continuity and data privacy. The approach embraces cyber threats identification, company assets protection, cyber attack detection and incident response.
As Schellenberg observes: "Early, intelligence-led intervention is key to bolstering cyber defenses." To help air transport in the collective fight back, this year saw the launch of the SITA Community Cyber Threat Center, which capitalizes on SITA's neutrality and independence as a community provider. The facility supports a community-wide response by promoting the proactive exchange of contextualized, actionable cyber threat information among SITA's 400-plus members. A customized alert system provides rapid notification of sensitive information (such as stolen credentials) exposed on the open, deep and dark web, as well as detected threat feeds.
There are regular meetings to share insights and mitigation strategies, a weekly digest of cyber security news and threat indicators affecting the air transport industry, and an annual Aviation Cyber Security Symposium at which experiences and best practices can be shared.
In addition, SITA and Airbus joined forces to launch a new Cyber Security Aviation Security Operations Center (SOC). This industry-wide initiative is designed to democratize access to high-caliber, air transport-specific cyber security resources that would be beyond the practical and financial reach of all but the largest air transport players. The aim is to ensure that individual air transport businesses are not diverting disproportionate resources into their internal defensive cyber security posture at the expense of growth and innovation.
"By joining forces," says Schellenberg, "SITA and Airbus are in a position to provide the first business-driven cybersecurity solution for the air transport industry. Almost every airline and airport in the world is a customer of SITA, and we deliver solutions for the world's most extensive communications network. Airbus works with companies, critical national infrastructures, governments and defense organizations to detect, analyze and counter increasingly sophisticated cyber attacks."
The SOC is a 'virtual control tower' that combines people, processes and technology to provide incident detection services for air transport stakeholders, and gather information about abnormal cyber activity that could impact their operations. If required, the SOC can also provide appropriate containment and remediation to ensure that a company's digital assets are safe from the detected attack.
"Being able to correlate security events from different sources in real-time is key for air transport players that are highly sensitive to service disruption and data leakage," comments Schellenberg. "By proactively looking for attack patterns in internal, external, contextual and community threat intelligence, we can narrow the window between compromise and detection. This amplifies our ability to combat advanced threats, minimize cyber dwell time – the period an attacker is at large within the network – and prevent lateral movement from IT to OT systems."
SITA's CEO Barbara Dalibard again: "As an industry we need to move faster in developing new cyber security solutions that mitigate the risk of ever-changing threats. This requires constant collaboration and innovation. With SITA and Airbus CyberSecurity uniquely placed at the heart of the air transport industry, we can facilitate innovation and information-sharing through services such as the Security Operations Center Service, providing solutions our customers demand and need."
Digital transformation is enabling the air transport industry to deliver better services to its customers, yet simultaneously raising its threat exposure. It's imperative that stakeholders come together to prevent malicious events for the good of the industry, the economy and the traveling population. But the implementation of cyber security measures should not simply become a matter of engaging in a costly arms race against threat actors, rather a proactive means of covering business risks for air transport industry players.
Air transport players stand to improve overall business continuity with a disaster recovery plan that promotes resilience to cyber attacks. Businesses that are already prioritizing cyber security will be on the front foot in terms of data protection, which will be crucial to compliance with forthcoming legislation such as the General Data Protection Regulation (GDPR), due to come into force in May 2018.
When implementing changes to comply with new security standards, businesses can take the opportunity to reduce the complexity of the IT landscape that supports their delivery of activities worldwide, with a more modern and open approach. And of course, information-sharing can actively drive opportunities for innovation, as well as helping organizations to protect operations, reputations and customer relations.
Read our latest SITA / AIRBUS cybersecurity newsletter, featuring Gartner research, to learn more about why cybersecurity is essential for the air transport industry and how to improve resilience to cyber risk.
We’re entering an era where global, worm-enabled ransomware outbreaks are becoming increasingly prevalent and aggressive. For SITA customers, it’s a daily issue.
These infections typically work by targeting the victim’s data and encrypting it. The ransomware will then threaten to delete the data unless payment is made, usually in a crypto currency such as Bitcoin. The effects of an attack are almost instant, with data systems going from fully functional to essentially useless within minutes or less. We only need to look to other industries to see the devastating impact of Ransomware, such as €250m in financial losses for the French construction materials company Saint-Gobain.
WannaCry, Petya, BadRabbit …
Hot on the heels of the WannaCry attack in May 2017, another large-scale ransomware attack, Petya, broke out in June, this time largely affecting critical infrastructure providers including oil and gas, energy and nuclear plants, as well as disrupting global shipping operations.
In October, a third, smaller extortion attack dubbed BadRabbit hit Russia and the Ukraine, posing as an Adobe Flash update. It compromised systems at Odessa International Airport, among other high-profile targets, causing flight delays.
From ‘scattergun’ to more targeted approaches
Historically, attackers have tended to take a scattergun approach, infecting a large number of individuals and demanding a relatively small ransom to restore access to affected files. But lately, attackers are taking a more direct approach involving higher value targets likely to result in bigger paydays. And we’re now seeing attackers creating tool kits for ransomware creation
As the growing threat and maturity of ransomware techniques creates a ‘goldrush’ mentality among the cyber criminal community, we can expect to see ransomware samples evolving into malware that can disable entire infrastructures until the ransom is paid.
SITA has developed a unique portfolio of solutions tailored to air transport industry needs – to support airlines’ and airports’ business continuity and data privacy. Called SITA CyberSecurity, the approach to addressing the emergence and escalation of cybersecurity threats is organized around the National Institute of Standards and Technology framework, and is built on four key pillars:
The portfolio, comprised of nine air transport-specific products, harnesses SITA’s knowledge of airlines’ and airports’ critical business processes as well as IT assets to provide business-driven cybersecurity answers to cyber threats.