Tackling cybersecurity. Together. | SITA

 
Like this post?
get more like it as soon as they are published
Back to blog

Tackling cybersecurity. Together.

Published on  10 January by Michael Schellenberg , Director of Integration and Services, SITA
0 comment(s)
 

The latest annual SITA Aviation Cybersecurity Symposium brought together security experts and other great minds in the cybersecurity sphere. All of them showed great willingness to share their knowledge and thoughts on how to improve cybersecurity in our industry. Taking place In November 2018, this is the third time the symposium has been run for the air transport community.

The topics discussed ranged from emerging technologies, collaboration between the public and private sectors, and ensuring the efficiency of the organization’s Cyber Security Operation Center (SOC). For the first time, we discussed the findings from the newly published SITA’s ‘Air Transport Cybersecurity Insights 2018’ report.

Over the course of the symposium, we heard many engaging and lively discussions. But, for me, out of all the presentations and discussions at the conference, what resonated most with the participants were the following:  

The importance of threat intelligence

Sharing threat intelligence is an essential ingredient in the fight against cybercrime. Speakers from ENISA, Melani and the World Economic Forum shared their vision, with examples of activities, addressing how to they plan to improve cooperation within and across many industries. The audience re-confirmed the importance of sharing threat intelligence, while acknowledging that more can be accomplished through collaboration.

A great example of how the sharing of threat intelligence can be managed within an industry is the SITA Community Cyber Threat Center (CCTC). Launched in 2017, it has a mix of airline and airport members and its role is to advise its members regularly and proactively about threats to the industry. 

Digital transformation will shift future security spending

Neil Thacker, Chief Information Security Officer (CISO) for EMEA & DPO at Netskope, spoke of the growing security dilemma with IT departments having to secure various interconnected environments: legacy (on-premises), legacy in the cloud, IoT & Mobile, Cloud apps and Application Programming Interfaces (APIs). As digital transformation progresses, data integrity will be a shared responsibility across all stakeholders and partners, and security can only be as safe as the weakest link in this chain of trust.

Neil also confirmed that the air transport industry is not dissimilar to other industries, pointing out that 97% of security spend today is on-premises. However, many of the security controls needed are now off-premises as organizations are shifting to a cloud-first strategy which will require controls to move with the organizations applications and data. This fact is very much aligned with the findings of our own research - SITA’s Air Transport Cybersecurity Insights report  - which reveals that today the protection of the core network takes center stage with securing the extend enterprise as the next step.

Cybersecurity must be aviation-centric

The implementation of a Security Operations Center (SOC) was clearly on the minds of many attending. Attendees reconfirmed the findings of our 2018 cybersecurity survey with almost half considering implementation in the next three years. But the discussion also showed that we are still in the early stages of adoption due its high investment and complexity.

Security Operations Centers (SOCs) in air transport

Security Operations Center graph

% who have a Security Operations Center (SOC) implemented or plan to implement

We heard from Airbus and SITA that the integrated nature of our industry requires an aviation-centric approach to cybersecurity. This means assessing and defining airport business processes and assets, to identify what’s truly critical. Sharing the results of an ongoing engagement at a major European airport, showed how this approach can ensure much higher accuracy, and therefore a drastically improved ROI.

The increasing risks remain a challenge. All discussions, formal and informal, reinforced the point that the industry is aware that greater steps need to be taken to implement proactive cybersecurity measures. Investments are being made to build a solid security foundation, but there are still obstacles to overcome to speed up progress.  

I certainly look forward to our next symposium in 2019. It will be an ideal opportunity to step back and see what progress we have made collaboratively as an industry.

For more

Stay up to date with the latest developments in cybersecurity trends and technology

Register now

Leave your Comment

You must be logged in to post comments

Comments

    There are currently no comments, be the first to post one!
Back to the top
failled to load social feeds
Connect with us