Home' Asian Aviation : AAV Dec17 Jan18 Contents 22 AsianAviation | Dec Jan
proposition of the A-ISAC. We are exploring relationships with other
industry associations to expand the reach of the A-ISAC " it says.
A-ISAC members are "continuously under attack" according to
A-ISAC. "Motivations range from financial and fraud to theft of intellec-
tual property and attempts to compromise operations " A-ISAC says. It
adds: "The cyber threat landscape is ever changing and aviation is no
di erent than any other industry --- we are seeing the same types of
threats that are common in the mainstream against other commercial
entities. The attacks have gotten more sophisticated and complex .
Innovations in malware are increasing with technology. More sophis-
ticated malware is available for sale to less sophisticated hackers."
As a result A-ISAC believes that aviation companies can no longer
operate as "isolated entities" as their networks are nodes on a glob-
al network. "Collaboration across the sector is imperative for any
company that wishes to take a holistic approach to securing their
infrastructure " says A-ISAC. Participation in threat sharing organisa-
tions such as A-ISAC is vital it believes. "A-ISAC members can tap
into an industry-wide knowledge base focused on the shared goal
of preventing intrusions that could lead to a
major disruption of business operations. One
company's detection of a potential attack
may mean another company's prevention of
a devastating security breach " says A-ISAC.
SITA agrees that only through collab-
oration can the threat be diminished and
properly addressed. " To give the topic the
appropriate attention we must work as a
community to fight this global threat. The air transport industry is
highly connected and reliant on partners " says Schellenberg. "SITA
being industry owned is driving greater collaboration by sharing
cyber threat intelligence with the air transport community but also
facilitating discussion between airlines airports and other key stake-
holders on how we can stay one step ahead " he says.
For example earlier this year SITA partnered with Airbus to create
the CyberSecurity Aviation Security Operations Centre (SOC which
"acts like a cyber control tower with an integrated combination of
processes people and technology to detect analyse respond to
and report on cybersecurity incidents" according to Schellenberg.
SOC is part of a broader portfolio of SITA products and services
designed to help airlines and airports identify threats and protect
against detect and respond to cyber attacks. SITA also runs the
Community Cyber Threat Centre which is a security information
sharing service for its 400-plus air transport industry members. It
enables actionable information on cyber threats to be shared in a
timely manner among participating SITA members.
Since its launch in February the centre has shared 24 threat
intelligence advisories with its 21 active member organisations
and 11 alerts providing actionable warnings to those a ected says
Schellenberg. " This will be taken a step further when a new service
o ered through the centre will provide automated threat intelligence
feeds which relate to malicious activity observed within the air
transport and other industries " he adds.
In May SITA held its second Aviation Cybersecurity Symposium
which took place in Dubai bringing together 30-plus IT and cyberse-
curity specialists across the industry to share experiences and "chart
the way forward for an industry which is facing an unprecedented
growth in the number of cyber threats"
. Schellenberg adds: "We will
continue to support open and frank discussion within the industry."
SITA's partnership with Airbus was the starting point and it now
plans to add further services over the next 18 months in order to
provide a complete cybersecurity solution. "And through the cy-
bersecurity community initiative we will keep the discussion open
with the industry ensuring that we are continuously improving our
defences " he adds.
A-ISAC is encouraged that collaboration within the industry is
increasing. "Collaboration and openness within the trusted environ-
ment continues to grow --- we see this in action every day with our
membership " it says. A-ISAC adds: "Building trust is critical to the
success of information sharing. As more companies see the results
from sharing among industry partners we
expect the A-ISAC membership to expand
even more and the resultant sharing to in-
The Atlantic Council says that "improving
aviation cybersecurity is a journey and not
an end-state" and as such early steps on
this journey are important. It highlights a
number of next steps that should be taken
by all aviation industry stakeholders. Firstly it says that leadership
and standardisation should be reinforced with the International Civil
Aviation Organisation (ICAO tasked with providing recommenda-
tions to address the challenge.
It also says that the aviation industry must define a common under-
standing of aviation cyber safety and security. It must also re-evaluate
develop and use robust threat models so that it can predict adversary
capability motivation and evolution throughout the entire lifecycle of a
product or system. The aviation industry must also have clear realistic
and coherent messaging about cybersecurity risks and the e orts to
mitigate them. "This will require bringing together stakeholders and
generating a shared responsibility for solving problems rather than
attempting to defend precarious positions " it adds.
All personnel must be trained with the skills to recognise adver-
sary activity and maintain safe operations allowing information to
be quickly fed back into the wider aviation ecosystem it says.
The industry must also develop and implement best practices for
greater agility in security updates for hardware and software and de-
sign systems and processes to capture cybersecurity-relevant data.
"As many connected industries have discovered prevention is ideal
but detection is a must " says the report. "Poor visibility of critical data
or little collaboration on findings will make it extremely di icult to
understand the scale of the cybersecurity challenge for the aviation
industry " it adds.
Im ro i i tio
c ber ec rit i jo r e
d ot e d- t te.
THE ATLANTIC COUNCIL
Links Archive AVV November 2017 AAV February 2018 Navigation Previous Page Next Page