Ciberataques: ¿Un problema técnico o comercial?

Ciberataques: ¿Un problema técnico o comercial?

Q4 2018
Ciberataques: ¿Un problema técnico o comercial?

Las líneas aéreas y los aeropuertos sienten la presión. No solo deben ejecutar las operaciones de forma eficiente, rentable y segura. They must also ensure the utmost resilience to the ever-present threat of cyber-attacks.

Las líneas aéreas y los aeropuertos sienten la presión. No solo deben ejecutar las operaciones de forma eficiente, rentable y segura. They must also ensure the utmost resilience to the ever-present threat of cyber-attacks.

If ever there was any doubt about cybersecurity being a business issue, just think of the havoc it can wreak on aviation businesses. Cyber-attacks target IT infrastructure, so it’s passengers, airlines, airports and business operations that feel the pain. A 2018 cyber-attack on Atlanta Airport caused cancellation of flights, passenger delays, and overall airport disruption, costing the city millions of dollars.  

“That’s a real business issue,” says SITA’s Director Integration & Services, Michael Schellenberg. Atlanta is not an isolated case: similar attacks have targeted other airports. Another example is the unavailability of critical systems such as the FIDS (which is a common attack target because of its ability to break public trust, create the risk of panic and heavily impacting passenger boarding): this can cause flight delays costing up to US$ 1.000 every minute for every flight affected.

Cybersecurity topics should not be considered only at a technical layer: even if these attacks are mainly performed on the IT infrastructure, in reality their impacts are very operational. And it is dangerous to not consider them on the same level – underestimating the potential misalignment between business and IT processes can potentially lead to disruptions and incur significant costs in operations. Furthermore, not taking into account the operational point of view will lead to an ineffective cybersecurity strategy,

Consistent with other industries, ransomware (58%), phishing (52%) and advanced persistent threats (47%) are regular and frequent risks that are seen in the air transport industry.

SITA, Air Transport Cybersecurity Insights 2018


Cybersecurity Insights research

Research in SITA’s ‘Air Transport Cybersecurity Insights 2018’ leaves little doubt that the industry regards cybersecurity as a top priority of the business, with business continuity uppermost in the minds of industry leaders and cybersecurity teams.

Security Operations Centers (SOC) planned or implemented

For airports, preventing disruption of operations is one of their top three concerns (97%). Airlines still rank disruption highly (71%) but airline executives also give the protection of their passengers’ data (78%) and financial loss a similar priority level.

“Ensuring business continuity by protecting airport and airline operational processes takes priority in the air transport industry,” confirms Schellenberg. “And our cybersecurity Insights research shows that there’s a broad range of cyber-threats to these operational processes.”

Los hallazgos apuntan al consenso respecto de que todas las amenazas informáticas tienen el mismo grado de relevancia para la industria del transporte aéreo. Consistent with other industries, ransomware (58%), phishing (52%) and advanced persistent threats (47%) are regular and frequent risks that are seen in the air transport industry.

IT security technologies implemented or planned

It’s about more than compliance

Due to the essence of the air transport industry, business resilience has always been taken into account: aircraft systems are redundant (even more), airport operations have back-up procedures everywhere in case of a system failure (check-in, gate, etc.), and so on.

However, until recently, the need of a link between business resilience and cybersecurity was not considered. The issue of resilience and the integration of operations in cybersecurity was emphasized at the 2018 IATA AGM by Commander David McLean, Manager of Cybercrime Operations within the Australian Federal Police Crime Operations portfolio:

“I’d encourage people to think about what more they can do to build resilience – through the formulation of policies and systems and procedures that have a holistic view of security as it relates to their business.

“In order to become a truly resilient entity, we must also avoid having a compliance attitude towards cybersecurity where we tick the boxes…

“To do that effectively, we need to build communities within government, break down barriers between agencies – so that we leverage capability, share information, reduce the time to insight between threats and the manifestations of those threats.”

That point about a ‘compliance attitude’ is highlighted in SITA’s Air Transport Cybersecurity Insights. It cites a shift from compliance being a leading cybersecurity driver, towards proactive protection – with focus on detection of external threats and prevention of disruption.

Align business and IT processes

So it’s clear that while cyber-attacks may often look like an IT issue, in reality, they’re operational and they impact the business, often severely. It’s easy to underestimate the potential for misalignment between business and IT processes, which can potentially lead to disruptions and significant costs, not to mention reputational issues.

“The misalignment between IT and operations is likely to result in an inability to effectively detect and protect against this and other kinds of attacks, targeting areas such as power, baggage systems, radar systems, and more. It’s vital to align cybersecurity to operational processes, starting with a "Cybersecurity Maturity Level Assessment,” says SITA’s Schellenberg.

‘Know where you are’

“The message is that most airlines and airports have put into place core safeguards and are ready to advance to the next level,” he adds.

“But undertaking a Cyber Security Maturity Assessment gives you your baseline, as a key prerequisite for advancing cybersecurity maturity. It tells you where you are, providing a clear understanding of the most business critical areas and their associated threat levels. This is a basis for a long-term cybersecurity strategy, which is critical.”

Today, 44% of airlines and airports have a formal Information Security Strategy in place, according to SITA’s Air Transport CyberSecurity Insights. By 2021, almost all of the surveyed organizations will have a formal cyber strategy.

Getting started

In starting out, Schellenberg’s advice is: “Don't buy technologies blindly. Begin by identifying the threat and business risks: create your threat profiling and build your program strategy taking into account reputation, financial, legal, operational Impact. It will help you to understand where to start, and ensure first alignment between the business and the IT point of view.

“Map these business processes with the associated IT and technology assets. Run a maturity assessment and security control reviews. The output of this exercise gives you a map where you understand your level of maturity and the potential risks your organization may face.

“With this in hand, your board members will be able to understand their risk exposure and determine their risk appetite regarding the investment needed to reduce the potential exposure of the organization to these risks.”

An aviation-specific cybersecurity toolkit and database

Using this mapping approach, SITA has created an aviation-specific Cybersecurity Toolkit and Database to help airports and airlines establish a cybersecurity practice.

The Database captures all business processes of an airport or airline. It links every step of a passenger journey from ticket purchase to arrival at destination. Mapping can be undertaken against these business processes, capturing every major IT assets that enables or supports that process.

The Toolkit makes it possible to provide cybersecurity services suited to the needs of the air transport industry. Crucial, of course, is the fact that it all starts with the business risk assessment. Everything else falls out of that assessment and is determined by that assessment.

Building on these capabilities SITA also provides SITA Cybersecurity Consulting to offer greater in-depth assessment and advisory services specific to the business and operational needs of air transport. The services draw on SITA’s knowledge of industry processes globally.

“No one can deny the reality of the threat behind cybercrime, and the fact that it’s a top issue for airlines and airports,” concludes Schellenberg. “Cybersecurity experience and aviation know-how are vital in introducing best practice and aligning business operational and IT priorities in the long-term battle for resilience and security.”

SITA's Cybersecurity Consulting in aviation

Building on SITA’s Cybersecurity Toolkit and Database, SITA Cybersecurity Consulting provides in-depth assessment and advisory services that are specific and tailored to the business and operational needs of the aviation industry.

Consulting teams are able to call on SITA’s role at the heart of the air transport industry’s IT environment for nearly 70 years. They can draw on SITA’s knowledge and experience of delivering and managing services for airlines, airports, air cargo, governments and ground handlers.

How consulting helps

  • 360° cybersecurity assessment – an all-in-one review of critical IT and operational technology assets, including risk assessment (threat profiling and critical scope to cover), controls maturity review and vulnerability assessment
  • Aviation vulnerability assessment – a technical assessment of external and internal vulnerabilities, including root-cause analysis and aviation business impact assessment
  • Aviation cybersecurity awareness and training – a project to raise awareness within air transport organizations, including use-cases from the industry
  • Pentests and vulnerability assessment? technical assessment of the security level of an asset, and enrichment of the report to include the business processes impacted by vulnerabilities discovered
Más información

Tackling aviation's exceptional threat profile

Within the vast global ecosystem of today’s aviation industry there’s a multitude of disparate stakeholders that each owns a piece of the jigsaw.

Just think how many organizations are needed for each passenger to travel? Or how many destinations one airline might cover? And how many airlines one airport might serve? 

If we estimate that it’s over 20 entities necessary for each passenger, and say that the largest airlines can serve hundreds of destinations, while big airport hubs serve dozens of airlines, it’s easy to appreciate the true scale of aviation’s cybersecurity challenge.

The system works because the industry relies on data sharing – and while the dynamic for improved passenger service and operational effectiveness is to increase the scope and extent of data sharing, that inevitably brings with it increased risk across the collaborative network. With such high levels of complexity and interaction, cross-stakeholder collaboration is pivotal to sharing threat intelligence and effectively managing cyber-risks.

The effective response

That’s why there’s a need for ‘verticalized’ solutions, with approaches tailored to the specific high-value assets, vulnerabilities and risk appetites of the air transport community.

One response, and a case in point, is SITA’s Cybersecurity Aviation Security Operations Center (SOC), to detect, respond and report on aviation cybersecurity incidents. The center is key to an efficient cybersecurity solution, acting like a cyber control tower with an integrated combination of processes, people and technology to detect, analyze, respond to, and report on cybersecurity incidents.

Setting up a SOC is the air transport industry's immediate objective.

Más información
Suscríbase para recibir nuestra publicación Air Transport IT Review