Cyber Cooperation at the Highest Level
While the awareness level of the gravity of aviation cyber threats is steadily increasing, many are not necessarily ready to deal with them. Therefore, it is crucial that governments and all civil aviation stakeholders work together in order to tackle the soaring threat to airlines and airports worldwide
Roee Laufer
| 08/02/2019
Photo: Bigstock
The number of people flying each year never ceases to increase. According to a recent forecast published by ACI (Airports Council International), global traffic surpassed the 8.2 billion passenger mark in 2017. Over the long term, it is projected to reach 20.9 billion by 2040.
In order for global civil aviation operations to keep up with such tremendous growth in passenger numbers and the economic changes, the use of more computer-based and information technology (IT) systems is a key driver of innovation and efficiency, including systems that enhance safety and security.
At the same time, passengers’ demand for new services is being met by means of broader connectivity – delivered through greater digitalization in the aviation world.
As a result, travel experience is becoming increasingly seamless, with airports and airlines providing fully automated passenger journey – from using mobile devices for electronic ticketing, check-in and immigration clearance.
This puts IT at the core of the airport’s business. Today, the reliance on computer-based and IT systems for daily frontline and backroom operations is ever greater. This reliance will continue to grow as new and modern airports are developed and new e-enabled aircraft are introduced into service.
With the risk of cyberattacks growing considerably in recent years, the increased connectivity widens the cyberattack surfaces. In recent years, the aviation community has mobilized to deal with the threat of global attacks that are becoming increasingly sophisticated – whether motivated by terrorism, money or “hacktivism.”
The growing number of direct and indirect cyberattacks on airports and airlines across the globe indicates that the aviation sector is becoming a strategic target for threat actors (side by side with “orthodox” physical terror threats). We can assume that the number of these attacks will increase in the near future.
Sectorial Cybersecurity Efforts
In a situation where many stakeholders are dependent on each other in their information management, it is necessary to coordinate measures to reduce risks and maintain the level of security and safety.
This is of significance for a digitally collaborative sector.
At present, the different aviation stakeholders conduct their cybersecurity efforts in different ways, according to different conditions and needs, based on several different regulatory frameworks and different perceptions of threats and risks. Many stakeholders have insufficient knowledge of which type of protection is appropriate and available for a certain need.
The main purpose of a national coordinated model for systematic cybersecurity efforts is to raise the sector’s level of cybersecurity. The first stage is to ensure, at a minimum, that each organization has a cybersecurity program in place. One should consider major airports and airlines (if not all) as critical infrastructure. The model should focus on central government authorities and be designed with the goal of benefiting the entire aviation sector.
This will make it easier for aviation stakeholders to address relevant requirements and control their cybersecurity efforts, while making more effective use of the competence of the expert and supervisory authorities.
Essentially, uniformed assessments of security measures will bring positive effects, both for those procuring security solutions and those supplying them.
Centralized Cybersecurity Monitoring
Despite reasonable investment in security tools and technologies, several successful attacks have proved that something more needs to be done to effectively detect and manage the growing numbers of threats.
One of the major causes is the lack of synergy between various functions and tools within the security domain itself and across several layers, including physical, network, user, data and application security. Hence, in order to evolve a successful response strategy for cybersecurity, it is important to look at all these layers holistically and leverage the information available at every layer to develop an overall threat and response model.
Most of the current efforts in cybersecurity monitoring and management focus more on the infrastructure, host layers and security products. While these are critical elements, they exist solely to support the business. It is important for the security team to understand the business context and build capabilities to detect and respond to any threats that can impact the operational continuity of the business.
Cyber Defense Center (CDC)
Today, there is an understanding that detection and/or prevention sensors are not enough to develop a resilient defense strategy. There is a growing need to extend the threat visibility by employing central and proactive cyber defense methodologies.
Many airports are opting to outsource their security operations rather than deploying them themselves. The major downside to that, and the most critical, is the lack of business context. The interconnected nature of systems within airports makes understanding the business operational aspect ever more crucial, both to identifying abnormal behavior and to being able to respond in an effective manner.
Ben-Gurion International Airport (TLV) is one of the few international airports to activate an operational cyber defense center (CDC) on premise. This state-of-the-art facility enables to maintain a unified and coordinated defense against the evolving threat landscape. Security response experts help to protect, detect and respond 24/7 to security threats against the airport’s infrastructure and services in real time. Israel Airports Authority (IAA) utilizes the CDC’s service over all systems, networks and facilities (several airports across Israel, border crossing terminals, and more).
Operational for over two years, the IAA/CDC has established practices and procedures that accelerate the identification and resolution of security threats. The Authority also utilizes Big Data platforms and tools to generate trends and carry out pattern analysis, which helps identify slow-moving attacks and building statistical machine-learning models for predictive behavior analysis.
The CDC was designed with genuinely in-house knowledge, involving IAA end-users’ expert operators in the process of developing protocols and workflows.
Conclusion
The civil aviation landscape is ever active and complex, with many stakeholders involved.
The aviation security landscape is fast changing and becoming more challenging in coping with cyber threats. The use of more advanced and sophisticated IT and computer-based systems in civil aviation operations will continue to expand even more in the future.
While many stakeholders are becoming increasingly aware of the gravity of cyber threats, many are not necessarily ready to deal with such threats. Therefore, it is crucial that governments and all civil aviation stakeholders work together to raise the level of awareness and undertake actions.
Israel Airports Authority has been working to leverage its accumulated knowledge and help raise the level of readiness and ability.
***
Roee Laufer is Head of Cyber Division, Israel Airports Authority
While the awareness level of the gravity of aviation cyber threats is steadily increasing, many are not necessarily ready to deal with them. Therefore, it is crucial that governments and all civil aviation stakeholders work together in order to tackle the soaring threat to airlines and airports worldwide
Photo: Bigstock
The number of people flying each year never ceases to increase. According to a recent forecast published by ACI (Airports Council International), global traffic surpassed the 8.2 billion passenger mark in 2017. Over the long term, it is projected to reach 20.9 billion by 2040.
In order for global civil aviation operations to keep up with such tremendous growth in passenger numbers and the economic changes, the use of more computer-based and information technology (IT) systems is a key driver of innovation and efficiency, including systems that enhance safety and security.
At the same time, passengers’ demand for new services is being met by means of broader connectivity – delivered through greater digitalization in the aviation world.
As a result, travel experience is becoming increasingly seamless, with airports and airlines providing fully automated passenger journey – from using mobile devices for electronic ticketing, check-in and immigration clearance.
This puts IT at the core of the airport’s business. Today, the reliance on computer-based and IT systems for daily frontline and backroom operations is ever greater. This reliance will continue to grow as new and modern airports are developed and new e-enabled aircraft are introduced into service.
With the risk of cyberattacks growing considerably in recent years, the increased connectivity widens the cyberattack surfaces. In recent years, the aviation community has mobilized to deal with the threat of global attacks that are becoming increasingly sophisticated – whether motivated by terrorism, money or “hacktivism.”
The growing number of direct and indirect cyberattacks on airports and airlines across the globe indicates that the aviation sector is becoming a strategic target for threat actors (side by side with “orthodox” physical terror threats). We can assume that the number of these attacks will increase in the near future.
Sectorial Cybersecurity Efforts
In a situation where many stakeholders are dependent on each other in their information management, it is necessary to coordinate measures to reduce risks and maintain the level of security and safety.
This is of significance for a digitally collaborative sector.
At present, the different aviation stakeholders conduct their cybersecurity efforts in different ways, according to different conditions and needs, based on several different regulatory frameworks and different perceptions of threats and risks. Many stakeholders have insufficient knowledge of which type of protection is appropriate and available for a certain need.
The main purpose of a national coordinated model for systematic cybersecurity efforts is to raise the sector’s level of cybersecurity. The first stage is to ensure, at a minimum, that each organization has a cybersecurity program in place. One should consider major airports and airlines (if not all) as critical infrastructure. The model should focus on central government authorities and be designed with the goal of benefiting the entire aviation sector.
This will make it easier for aviation stakeholders to address relevant requirements and control their cybersecurity efforts, while making more effective use of the competence of the expert and supervisory authorities.
Essentially, uniformed assessments of security measures will bring positive effects, both for those procuring security solutions and those supplying them.
Centralized Cybersecurity Monitoring
Despite reasonable investment in security tools and technologies, several successful attacks have proved that something more needs to be done to effectively detect and manage the growing numbers of threats.
One of the major causes is the lack of synergy between various functions and tools within the security domain itself and across several layers, including physical, network, user, data and application security. Hence, in order to evolve a successful response strategy for cybersecurity, it is important to look at all these layers holistically and leverage the information available at every layer to develop an overall threat and response model.
Most of the current efforts in cybersecurity monitoring and management focus more on the infrastructure, host layers and security products. While these are critical elements, they exist solely to support the business. It is important for the security team to understand the business context and build capabilities to detect and respond to any threats that can impact the operational continuity of the business.
Cyber Defense Center (CDC)
Today, there is an understanding that detection and/or prevention sensors are not enough to develop a resilient defense strategy. There is a growing need to extend the threat visibility by employing central and proactive cyber defense methodologies.
Many airports are opting to outsource their security operations rather than deploying them themselves. The major downside to that, and the most critical, is the lack of business context. The interconnected nature of systems within airports makes understanding the business operational aspect ever more crucial, both to identifying abnormal behavior and to being able to respond in an effective manner.
Ben-Gurion International Airport (TLV) is one of the few international airports to activate an operational cyber defense center (CDC) on premise. This state-of-the-art facility enables to maintain a unified and coordinated defense against the evolving threat landscape. Security response experts help to protect, detect and respond 24/7 to security threats against the airport’s infrastructure and services in real time. Israel Airports Authority (IAA) utilizes the CDC’s service over all systems, networks and facilities (several airports across Israel, border crossing terminals, and more).
Operational for over two years, the IAA/CDC has established practices and procedures that accelerate the identification and resolution of security threats. The Authority also utilizes Big Data platforms and tools to generate trends and carry out pattern analysis, which helps identify slow-moving attacks and building statistical machine-learning models for predictive behavior analysis.
The CDC was designed with genuinely in-house knowledge, involving IAA end-users’ expert operators in the process of developing protocols and workflows.
Conclusion
The civil aviation landscape is ever active and complex, with many stakeholders involved.
The aviation security landscape is fast changing and becoming more challenging in coping with cyber threats. The use of more advanced and sophisticated IT and computer-based systems in civil aviation operations will continue to expand even more in the future.
While many stakeholders are becoming increasingly aware of the gravity of cyber threats, many are not necessarily ready to deal with such threats. Therefore, it is crucial that governments and all civil aviation stakeholders work together to raise the level of awareness and undertake actions.
Israel Airports Authority has been working to leverage its accumulated knowledge and help raise the level of readiness and ability.
***
Roee Laufer is Head of Cyber Division, Israel Airports Authority
