Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
14 March 2019
How to develop and protect your brand in the digital world?
19th Airline Marketing Workshop
Pascal BuchnerDirector Information Technology Services & CIO, IATA
2
Agenda
Current business context
Problem statement
5 principles
4 recommendations
PHYSICAL
•Autonomous vehicles
•Additive manufacturing
•Advanced robotics
•New materials
DIGITAL
• IoT
•Blockchain
•Platforms
•Ai & Machine learning
BIOLOGICAL
•Genetic engineering
• Sequencing and genotyping
•Biosensors
The creation of new business designs reached by blurring the Physical, the Digital, and the Biological worlds.
2000 2005 2015 2020
BusinessPeoplePeople
BusinessPeople
BusinessPeople
ThingsBusinessPeople
Things, Biosensors and Smart Machines
Web E-business Digital Marketing Digital Business Autonomous Business
The area of autonomous business is for now
3
44
A lot of new technologies are available now
5
• Artificial intelligence
• IoT
• Blockchain
• Open APIs
• Chatbots
• Autonomous vehicles
• Augmented reality
• 5G
6
Our global aviation system seems to be spinning out of control
Bristol Airport CYBER ATTACK:
Flight information screens
go BLANK in shock hacking
Payment cards compromised
380,000
Passenger personal
information stolen
9m
7
Threats are across the entire supply chain
8
HangarMaintenance & Engineering Centre
Warehouse
Aircraft data & parts suppliers
Outstation
Gate
Operations & Dispatch centre
Air/Ground
Links
Satellite Communications
(SATCOM)
GateLink
(Wireless)
COTS, Plugs, Wifi
ACARSHF & VHF Satcom
Supply chain (Transit of Software from Supplier
to Manufacturers…)
Cabin links accessible to passengers (Cabin Wifi, plugs on
cabin seats, FAP, Bluetooth…)Aircraft - Ground links (ACARS, HF,
VHF, SATCOM ; GPS, ILS…) with in-flight access
Aircraft - Ground wireless links (Gatelink, GSM, Wifi, WiMax…)
Maintenance & Industrial systems(PMAT, Portable Data-Loader, troubleshooting
equipment, USB keys, ITcards…)
GPS
Jamming
FMC/
ACARS
ADS-B
Spoofing
Airline
Attacks
Factory
S/W Loads
Portable
EFBs
Airport
Attacks
Reservations (Travel systems, financial
transactions,…)
GDS,
Ground
Systems
Attacks
Manufacturers
Identity
theft
Maintenance
S/W Loads
Parts weake
ning
WEF Global Risks Report 2019
9
Huge level of concern about cyber-attacks
aggravating points of failure within
company operations,
infrastructure, supply chains and
customer interactions.
Problem statement
“how do we secure resilient customer trust in our organization?” which is more than just securing technology. It’s a multi-discipline effort including the entire aviation sector
it’s also about being able to demonstrate, communicate and reassure your customers that they are right to trust you.
10
5 principles to rebalance our aviation system
11
1. Our aviation system should be more human centric
12
Industry wellness
• Passenger well-being
• Digital operations
• Climate change and noise
• Ethical use of AI
Safety and security
• Critical systems availability
• Resilience by design
• Payment fraud protection
• Data privacy protection
2. We should leverage our safety and security DNA
13
Timely information sharing
PHYSICAL SECURITY
SAFETY
Safety culture “everyone's responsibility”
Accountability, governance,objectivity
‘One in a billion’ risk of catastrophic system failure
Risk – ‘ALARP’
Timely information sharing
Dedicated safety teams
Objective root cause analysis of incidents
Culture
Mature accountability and risk management
Robust internationalstandards
Pro-active to emerging risks
Dedicated security teams
Objective testing and exercising
Source: Pete Cooper – Nathalie Feyt / RSAConference 2019
3. The design of future
system should be
resilient
Aviation systems must be demonstrably resilient, so that in the event of an unforeseen attack, for example, compromising system segregation, it does not cause a critical failure or loss of consumer confidence.
14
4. Risks must be managed globally and continuously
15
Moving forwards, an integrated risk management approach to safety and security including cybersecurity, which incorporates a pro-active assessment of hazards, vulnerabilities and threats is required to ensure information security risks are managed within acceptable levels.
16
5. We should share quickly and efficiently security information
To best minimize systemic cyber risk quickly, responsible disclosure of vulnerabilities, cyber threats and risks and information sharing must be encouraged and supported internationally.
16
17
4 recommendations to protect the aviation brand
1. Develop a cyber security strategy recognizing that security measures to mitigate information security risks include physical and organizational perspectives
18
2. Promote the development of an Integrated Risk Management approach (SeMS and SMS) to manage cyber risks to passengers
19
3. Encourage Industry stakeholders to share threat information in a practical and timely manner
20
4. Encourage responsible disclosure and sharing of aviation cyber threats, vulnerabilities and risks.
21
We have the vision of a global framework covering the aviation system with an integrated risk management combined with threat intelligence and real time sharing.
22
Thank you
Pascal Buchner
Director Information Technology Services & CIO
www.iata.org