Detect, respond, report - Airbus CyberSecurity · looking at the big picture around system protection and operational risk. Here, the SOC’s know-how of aviation business applications

Product Briefing

Detect, respond, report

2 | www.sita.aero/cybersecurity

Ever-evolving threats

CyberSecurity Aviation SOC

www.sita.aero/cybersecurity | 3

Barely a day goes by without a cyberattack in the headlines. Today, the threats are real, constantly evolving and increasingly focused on specific industries.

The aviation industry has a lot at stake in the fight against cybercrime – and many challenges to address. In fact, the European Commission in 2016 ranked cybersecurity its number one challenge. And SITA’s 2016 Airline IT Trends survey highlighted that 72% of CIOs are investing in major cybersecurity projects.

Across the air transport industry (ATI), systems are subject to an average of 1,000 attacks every month*. In 2016, every 4.6 seconds a new malware specimen emerged. In the first quarter of 2017, this reduced to 4.2 seconds (G DATA, 2017) – a trend that looks set to continue.

That’s why SITA and Airbus have developed a tailored, industry-wide response to cybersecurity – our Security Operations Center (SOC). By combining Airbus’s expertise in protecting organizations against cyberthreats and SITA’s deep knowledge of operations within the air

transport industry, Airbus and SITA are working together as pioneers in ‘verticalized’ cybersecurity.

The SOC is the first of its kind, minimizing the impact of cyberattacks on operations, reputations and customer relations by responding to and reporting on the latest cyberthreats.

Air transport is part of the Airbus DNA, so it was only natural that we joined forces with SITA to adapt our innovative cybersecurity solutions.François Lavaste, Head of Airbus CyberSecurity

* European Aviation Safety Agency, 2016



How can I identify aviation cybersecurity risks?

As cybersecurity becomes more complex, sophisticated and co-ordinated, no one is immune. For any organization in any industry, the ability to respond to a cyberthreat quickly and effectively is paramount.

For airlines and airports that are increasingly being targeted, knowledge is power. And not fully understanding the nature of risks has made it more costly and time-consuming to address them. Prevention for some organizations has also been hampered by a lack of available resources.

In the cat-and-mouse game between organizations and cybercriminals, it’s essential that the industry has a shared approach to managing risk. It’s also vital that the intelligence that feeds this approach is sourced from across the industry and is always up to date.

That’s why a SOC is needed to plug the gaps in a single institution’s understanding of risks and therefore its ability to identify threats early. This can improve the management of cybersecurity risks and mitigate the impact on systems, assets and data.

Challenges:

Challenges


While you’re reading this, a cybercriminal network is targeting your organization. Their methods are increasingly sophisticated, but the approach is simple: attack the most vulnerable or weakest link in the chain.Today’s world is increasingly networked, linked by wires and connected Wi-Fi. That adds up to billions of connected devices. And every single one of these online ‘endpoints’ – from tablets to self-service kiosks – is a possible point of entry for a determined hacker.

The assets (systems, devices and resources) in the ATI are numerous and critical. If any of these were to be breached, the consequences could be dire.

The list of critical systems not only manage check-in and boarding kiosks, baggage handling, and access controls, but also a raft of airport operations, resource and infrastructure management applications.

For individual organizations, it’s becoming a battle to safeguard every system, but they often lack the knowledge, skills and resources to know where to begin. Prioritization is key and organizations need to understand what assets to protect fi rst and allocate security budgets accordingly. That’s where a SOC can help. By assessing the potential risks to the business and understanding the effect these have on IT, a SOC creates risk mitigation controls and provides a ‘control tower’ for attack detection. All backed by a 24/7 team of cybersecurity experts.

How can I prioritize and protect my critical assets?

Challenges


Cyberattacks have become more targeted at specifi c points of vulnerability. At the same time, there’s been an explosion in connectivity and digitalization which has multiplied risks many times over. For the ATI, this creates competing priorities. On one hand, systems require stronger, multiple levels of security. On the other, there’s pressure to open up platforms to improve collaboration, deliver operational excellence and enhance customer experience.

There are many systems, devices, resources, assets and processes that require unique, industry-specifi c cybersecurity controls – from baggage handling to common-use platforms. And then there are insider-threat risks.

Once an organization has identifi ed its most critical assets and implemented protection measures, it needs to continuously monitor them to support business continuity and operational effi ciency.

The SOC from Airbus and SITA is built on an unparalleled understanding of how to maintain the ongoing security of ATI assets, systems and procedures. From detection to event and incident management, SOC intelligence helps to prioritize alerts to protect airlines and airports as cost-effectively as possible. And it informs how they respond in ways that mitigate and minimize the impact of unusual cybersecurity activity and attacks.

How can I maintain protection of identified critical assets?

Challenges


How fast is your organization’s reaction time? Would you even know if you were being hacked or attacked? Today’s cybercriminals employ clever ways to disguise and distract organizations so they can remain undetected.Shockingly, 11 percent of organizations say it may take up to four months to detect a cyberattack*.Early, intelligence-led intervention is vital for you to mitigate business impacts. Speed is key to stopping an event becoming an incident, and eventually a crisis. And a quick reaction is an essential component of business resilience and continuity when it comes to managing operations. Effective, responsive safeguards require industry-specifi c knowledge and intelligence.

The SOC reduces cybersecurity-related business impacts by speeding up incident detection time, thus reducing attackers’ ‘free time’. And a combination of people, process and technology deliver cybersecurity protection in three layers:

1. The fi rst defense is human – highly skilled professionals with deep industry and cybersecurity knowledge.

2. Continuous monitoring and detection processes are providing round-the-clock security for the entire industry.

3. The latest technologies and tools are used (such as analytics, big data and machine learning) to match the sophistication and tactics of cybercriminals.

* SANS Institute, 2016

How can I react to safeguard my organization?

Challenges


Tools forthe job

How our Aviation SOC works


The time is now

According to international cybersecurity specialists, DarkMatter, in 2016, the total cost of cybercrime to the global economy was over US$450 billion*. For airlines, airports and other ATI stakeholders, this ever-evolving challenge (and its associated costs) should be an urgent call to action to co-ordinate effort.

The SOC acts like a cybersecurity ‘control tower’.With a powerful combination of processes, people and technology, key SOC features help organizations detect, analyze, quickly respond to, and report on cybersecurity events, minimizing their business impact.

Cybersecurity technology

Research highlights the increasing use of technologies in cybersecurity – by 2018, it predicted:

• 38% increase in the use of big data analytics and behavioral profi ling

• 21% increase in the use of automated forensics tools.

(Ponemon Institute, 2015).

* Announced the Interpol World 2017 congress in June



Features

Event management

Explore who accesses your systems by collecting and analyzing selected and prioritized security event logs from:

• critical applications and systems

• servers and workstations

• switches and other network appliances

• ATI specifi c assets.

Security incident management

Stay on top of incidents using an event management tool – SIEM (Security Incident and Event Management), that:

• correlates events and matches them with generic and ATI specifi c predefi ned rules

• qualifi es any matches (managed by analysts) taking into account the ATI business context.

• identifi es security incidents and creates alerts.

Reporting management

Keeping organizations informed with:

• pre-defi ned sets of reporting processes

• comprehensive alert reports

• reports fi tting the ATI context.



Understanding the aviation business context

Strengthening aviation cybersecurity begins with looking at the big picture around system protection and operational risk. Here, the SOC’s know-how of aviation business applications and IT applications is essential. It can also save time.

The next step is a Risk Assessment taking into account the business impact of identifi ed risks. This establishes the critical business processes and IT assets that support them.

The last step helps make the detection of threats as accurate as possible. Here, it’s crucial to identify the key industry monitoring goals and how they correlate with the rules and regulations. In other words, defi ning what is a regulatory obligation versus best practice, and meeting the highest industry standards.

Why choose our Aviation SOC


At the center of the cybersecurity aviation landscape

Every organization is under pressure to manage costs, including the investments they make in cybersecurity. These need to be identifi ed, prioritized and aligned with industry best practices, known cybersecurity risks and business constraints, along with current and upcoming regulations.

While the Cybersecurity Aviation SOC is at the frontline, it’s a part of a wider portfolio of SITA products and services that help customers meet the cybersecurity challenge.

The portfolio is based on four key pillars: audit, protect, detect and respond. As a whole, it provides organizations with effective ways to protect their assets, detect potential cyberthreats, and respond to them quickly and comprehensively.

2016 Airline IT Trends survey

91% plan to invest in cybersecurity programs over the next three years

63% of airlines say cybersecurity is a board-level responsibility

94% of airports are investing in cybersecurity incident response management



A perfect combination

Cybersecurity is a global business challenge. Its urgency and ubiquitous nature make it a top priority for every organization across every industry. However, the ATI faces specifi c challenges and has requirements that demand expert insight, experience and industry knowledge.

With the threat growing year on year, Airbus and SITA have joined forces to bring together their in-depth, collective expertise in aviation and cybersecurity.

The nature of ever-changing threats requires constant collaboration and innovation. SITA and Airbus are uniquely placed at the heart of the ATI, and this perfect combination of intelligence underpins effective cybersecurity programs.


14 | www.sita.aero/14 | www.sita.aero/cybersecurity

Globally, organizations in the ATI face growing risks and relentless threats to their cybersecurity.

To cut the impact of cyberattacks, SITA and Airbus have created a Security Operations Center. Combining local presence with global resources, the SOC offers a deep understanding of cybersecurity in aviation that’s second to none.

In a nutshell




© SITA 2017 - 17-BRO-050-1All trademarks acknowledged. Specifi cations subject to change without prior notice. This literature provides outline information only and (unless specifi cally agreed to the contrary by SITA in writing) is not part of any order or contract.

Follow us on www.sita.aero/socialhub

SITA AT A GLANCESITA is the communications and IT solution provider that transforms air travel through technology for airlines, at airports, on aircraft and at borders.

The company’s portfolio covers everything from managed global communications and infrastructure services, to eAircraft, passenger management, baggage, self-service, airport and border management solutions. Owned 100% by more than 400 air transport industry members, SITA has a unique understanding of its needs and places a strong emphasis on technology innovation.

For further information go to www.sita.aero.

AIRBUS AT A GLANCEAirbus CyberSecurity is a trusted partner of Governments, Military, Enterprise Organisations and Critical National Infrastructure across Europe. With sites in Newport, Paris and Munich; Airbus CyberSecurity has highly skilled and experienced experts developing market-leading solutions in: Encryption, Key Management, Security Operating Centres, Threat Intelligence, Industrial Control Systems and CyberSecurity Consultancy.

Through CyberDefense Centers in the UK, France and Germany, Airbus CyberSecurity offers a wide range of services and solutions to ensure the protection of the customer’s networks, data and endpoints. By dynamically combining monitoring, early detection and investigations, Airbus CyberSecurity drastically reduces the incident response time for attacks. A 24/7 service also ensures that the customer’s security is always at the forefront or our operation.

For further information, please contact SITA by telephone or e-mail:

Americas+1 770 850 [email protected]

Asia Pacific+65 6545 [email protected]

Europe+41 22 747 [email protected]

Middle East, India & Africa+961 1 [email protected]

Documents

Detect, respond, report - Airbus CyberSecurity · looking at the big picture around system protection and operational risk. Here, the SOC’s know-how of aviation business applications