14 March 2019

How to develop and protect your brand in the digital world?

19th Airline Marketing Workshop

Pascal BuchnerDirector Information Technology Services & CIO, IATA

2

Agenda

Current business context

Problem statement

5 principles

4 recommendations

PHYSICAL

•Autonomous vehicles

•Additive manufacturing

•Advanced robotics

•New materials

DIGITAL

• IoT

•Blockchain

•Platforms

•Ai & Machine learning

BIOLOGICAL

•Genetic engineering

• Sequencing and genotyping

•Biosensors

The creation of new business designs reached by blurring the Physical, the Digital, and the Biological worlds.

2000 2005 2015 2020

BusinessPeoplePeople

BusinessPeople

BusinessPeople

ThingsBusinessPeople

Things, Biosensors and Smart Machines

Web E-business Digital Marketing Digital Business Autonomous Business

The area of autonomous business is for now

3

44

A lot of new technologies are available now

5

• Artificial intelligence

• IoT

• Blockchain

• Open APIs

• Chatbots

• Autonomous vehicles

• Augmented reality

• 5G

6

Our global aviation system seems to be spinning out of control

Bristol Airport CYBER ATTACK:

Flight information screens

go BLANK in shock hacking

Payment cards compromised

380,000

Passenger personal

information stolen

9m

7

Threats are across the entire supply chain

8

HangarMaintenance & Engineering Centre

Warehouse

Aircraft data & parts suppliers

Outstation

Gate

Operations & Dispatch centre

Air/Ground

Links

Satellite Communications

(SATCOM)

GateLink

(Wireless)

COTS, Plugs, Wifi

ACARSHF & VHF Satcom

Supply chain (Transit of Software from Supplier

to Manufacturers…)

Cabin links accessible to passengers (Cabin Wifi, plugs on

cabin seats, FAP, Bluetooth…)Aircraft - Ground links (ACARS, HF,

VHF, SATCOM ; GPS, ILS…) with in-flight access

Aircraft - Ground wireless links (Gatelink, GSM, Wifi, WiMax…)

Maintenance & Industrial systems(PMAT, Portable Data-Loader, troubleshooting

equipment, USB keys, ITcards…)

GPS

Jamming

FMC/

ACARS

ADS-B

Spoofing

Airline

Attacks

Factory

S/W Loads

Portable

EFBs

Airport

Attacks

Reservations (Travel systems, financial

transactions,…)

GDS,

Ground

Systems

Attacks

Manufacturers

Identity

theft

Maintenance

S/W Loads

Parts weake

ning

WEF Global Risks Report 2019

9

Huge level of concern about cyber-attacks

aggravating points of failure within

company operations,

infrastructure, supply chains and

customer interactions.

Problem statement

“how do we secure resilient customer trust in our organization?” which is more than just securing technology. It’s a multi-discipline effort including the entire aviation sector

it’s also about being able to demonstrate, communicate and reassure your customers that they are right to trust you.

10

5 principles to rebalance our aviation system

11

1. Our aviation system should be more human centric

12

Industry wellness

• Passenger well-being

• Digital operations

• Climate change and noise

• Ethical use of AI

Safety and security

• Critical systems availability

• Resilience by design

• Payment fraud protection

• Data privacy protection

2. We should leverage our safety and security DNA

13

Timely information sharing

PHYSICAL SECURITY

SAFETY

Safety culture “everyone's responsibility”

Accountability, governance,objectivity

‘One in a billion’ risk of catastrophic system failure

Risk – ‘ALARP’

Timely information sharing

Dedicated safety teams

Objective root cause analysis of incidents

Culture

Mature accountability and risk management

Robust internationalstandards

Pro-active to emerging risks

Dedicated security teams

Objective testing and exercising

Source: Pete Cooper – Nathalie Feyt / RSAConference 2019

3. The design of future

system should be

resilient

Aviation systems must be demonstrably resilient, so that in the event of an unforeseen attack, for example, compromising system segregation, it does not cause a critical failure or loss of consumer confidence.

14

4. Risks must be managed globally and continuously

15

Moving forwards, an integrated risk management approach to safety and security including cybersecurity, which incorporates a pro-active assessment of hazards, vulnerabilities and threats is required to ensure information security risks are managed within acceptable levels.

16

5. We should share quickly and efficiently security information

To best minimize systemic cyber risk quickly, responsible disclosure of vulnerabilities, cyber threats and risks and information sharing must be encouraged and supported internationally.

16

17

4 recommendations to protect the aviation brand

1. Develop a cyber security strategy recognizing that security measures to mitigate information security risks include physical and organizational perspectives

18

2. Promote the development of an Integrated Risk Management approach (SeMS and SMS) to manage cyber risks to passengers

19

3. Encourage Industry stakeholders to share threat information in a practical and timely manner

20

4. Encourage responsible disclosure and sharing of aviation cyber threats, vulnerabilities and risks.

21

We have the vision of a global framework covering the aviation system with an integrated risk management combined with threat intelligence and real time sharing.

22

Thank you

Pascal Buchner

Director Information Technology Services & CIO

Buchnerp@iata.org

www.iata.org