Embed Size (px)
Citation preview
2016 Air Transport IT SummitCybersecurity - tackling the
threat – the Airport Approach
Dominic Nessi,
ACI World Cybersecurity Taskforce
Cyberspace 2025 Model
World Economic Forum has identified cybersecurity among its top global risks
for the last eight years
• As the world shrinks, governments are likely to continue with open trade policies, allow
foreign investments, promote multi-stakeholder collaboration, and develop and uphold
international standards increasing air traffic as a significant by-product
• Airports will implement transformative technologies to reduce costs, increase customer
(passenger) satisfaction, and increase productivity in airport operations
• Passengers (business and leisure) will be communicating around the clock, at all
locations and the overwhelming majority will have significant digital literacy and the
mobile devices available to stay communicated
Cyberspace 2025 Model
4.7 billion Internet Users – 75% from
emerging economies
• Cameroon 987%
• Pakistan 631%
• Guatemala 519%
• Algeria 385%
Emerging economies will produce 16 million
STEM graduates as compared to 3.3 million
in developed countries
• Morocco 248%
• Saudi Arabia 212%
• Kenya 192%
• Peru 170%
• Guatemala 166%
Between 2015 and 2025
the EU will add 105 million
broadband subscribers to
248 million
In the same period, India
will go from 20 million to
more than 700 million –
3000% increase
Impact on Airports
The explosion of the digital landscape will greatly impact airports
Today, the greatest effort in developing cybersecurity measures is in developed countries
Cybersecurity threats are growing faster than cybersecurity mitigation measures
How can we assist airports in emerging economies?
Recent Aviation Attacks Examples
Advanced Persistent Threat Campaign Targeting
Airports
Malicious traffic from two Nation States, result of a phishing
e-mail, public document used as an e-mail source – 75 airports impacted
International Airport Targeted by a Cyber Attack
Passport control system affected, potential result of malware, departures delayed
significantly
Islamic State message on hacked Airport website
Website defaced with statement supporting Islamic State; websites shut-down
Airport private network baggage system
An airport baggage system experienced an intrusion by a malware, zombie army
introduced by the contractor managing the system
Recent Aviation Attacks Examples
Attack on Airlines Grounds 10 Flights
Ground operation systems affected; related to flight planning,
suspected DDoS attack vector, 10 flights, ~ 1,500 passengers
impacted, five hour delays
Mass Hack Sees Airline Freeze Loyalty Accounts
Frequent flyer accounts targeted, result of bot using ‘third party information’ tens of
thousands of accounts impacted
Hackers Divert Corporation Exec’s Aircraft, Launch DDoS attack
Tweet of explosives aboard airplane of CEO as the DDOS was launched
Airport Cybersecurity Threat Vectors
Access Control
Perimeter Intrusion Systems
Credentialing Systems
Document Management (CAD,
Blueprints)
Radar Systems
Ground Radar
Airport business systems
FIDS
Network enabled Baggage Systems
Wired and wireless network systems
HVAC
Facility Management
Utilities
SCADA
eEnabled Aircraft systems supported
by airport network services
Airport Systems
Attack Vectors
Airport Cybersecurity Threat Vectors
Network
Wireless Access Ports
Smartphones
Social network sites
Targeted botnet attacks
Social engineering
Laptops
USB Drives
USB Devices (e.g. cameras)
Optical media
DDoS
Cloud Computing
Online Fraud
Airport Cybersecurity Threat Vectors
New attack vectors continually appearRansomware is a form of malware that targets both human and
technical weaknesses in organizations and individual networks in
an effort to deny the availability of critical data and systems.
Typically, the attacker encrypts an organization’s data and offers to
decrypt in exchange for a ransom.
Attack Vectors
Recent Aviation Attacks
Cost to Repair Damage? Incalculable
Lost Revenue? Not shared publicly
Number of attacks? Unknown
One of the critical issues in cybersecurity is the difficulty in sharing critical information. Numerous attacks are either unreported to the public or are not advertised as a cyber attack. Likewise, lost revenue is a closely guarded secret.
Yet, information sharing is critical – the focus must be on threats and mitigation techniques
Recent Aviation Attacks
The result of an attack on airport falls into one of four areas:• Disruption
• Theft
• Loss of data
• Embarrassment
Attacks are attempted by the following:• Hacktivists
• Criminals
• Anonymous
• Insider threats
• Nation-states
• Terrorists
13 | The Impact of Cyber Threats in the Airport Environment |
ACI World
Cybersecurity Taskforce
The ACI
Perspective
ACI World Cybersecurity Efforts
Initiated 2015
• Creation of the CS Taskforce
• Stressing the importance of CS as a topic at all levels of
airport management
• Working with other industry groups
• Development of the IT Assessment
ACI World Cybersecurity Efforts
Based on ISO 27002 - provides best practice
recommendations on information security management for
use by those responsible for initiating, implementing or
maintaining information security management systems
(ISMS). The ACI system provides a comparative
benchmark for airports to judge their cyber readiness.
Ready in June 2016.
16 | The Impact of Cyber Threats in the Airport Environment |
Ten Step Approach to
Cybersecurity
The Airport
Approach
The Airport Environment
Developing an airport industry
approach has not been easy.
Geography, varying
international laws, airport size,
community expertise make
airport cybersecurity initiatives
a challenge.
The Airport Environment
Funding availability for cybersecurity in airports is
impacted by:
• Management interest
• Competing demands on
available funds
• Airline interest
• Staff capacity of the airport
Airport Industry Approach
The airport community needs a common-sense and
attainable approach to cybersecurity which can be
implemented globally
A ten point program of common goals will aid in achieving
an increase in cybersecurity efforts
Airport Industry Approach
One – Understand the Reality
Many airports believe that a cyber attack cannot happen to
them. Cyber attacks come in many forms and no one is
completely safe. It can be an internal threat, random
attack, disgruntled passenger, etc. An extensive education
program for airport managers at all levels is essential.
Airport Industry Approach
Two - Don’t Underestimate the Problem
Cyber threats are a reality that are continually growing. From exposure of privacy information to malware to cyber extortion, cyber threats must not only be addressed today, but airports need to continually review their defenses to ensure they are adequate for new threats. Again, education at all levels is critical, particularly for airport financial officers.
Airport Industry Approach
Three - Work with Government
The Airport community needs to work with government to
ensure that there is adequate dialogue on airport cyber
security concerns. The US Government has determined
that the air transport industry is one of 18 critical national
infrastructures. Governments everywhere must work with
industry to meet the challenge.
Airport Industry Approach
Four – Cybersecurity is a Top Management Issue
Airports tend to bury technology issues with the CIO or IT
Director. This is an issue that needs top management
attention and is shared throughout the organization – Legal
Counsel, Risk Management, Facilities, Law Enforcement all
may play a role in cyber defense.
Airport Industry Approach
Five - Participate in Info Sharing and Sponsor R&D
The Airport community needs a greater presence in A-ISAC.
A-ISAC is largely led by aircraft manufacturers and airlines.
Cost prohibitive for even CAT X airports. Either amend A-ISAC
cost approach or find an airport alternative.
The Airport community needs to develop an airport framework
based on the framework developed by the US government under
EO 13636.
Airport Industry Approach
Six - Think Aviation Industry-Wide
The Airport community cannot assume that by protecting
their own airport that they are safe. All airports must work
together to ensure a comprehensive approach to
cybersecurity
Airlines cannot assume that the airports in which they
operate are safe
Airport Industry Approach
Seven – Identify The Risk
Risk assessment is essential and every airport is different.
Communications networks, Wi-Fi in terminals, POS for
concessions, SCADA, law enforcement systems, web sites,
parking systems, third party vendors, contractors and
consultants all pose a risk – what do you need to protect??
Airport Industry Approach
Eight – Don’t Defend the Entire Network
Based on the risk assessment, look for the most immediate
vulnerabilities and vigorously defend the most likely threat
vectors – while doing more is desirable, there is an
increasing reduction in cost effectiveness as you defend
less likely targets.
The Deming Cycle – Predict, Prevent, Detect, Respond
Airport Industry Approach
Nine – Look at Worse Case Scenarios
If you are cyber-attacked, what is your response? Airports
routinely practice emergency response on a variety of
issues, but rarely on a cyber attack. Immediate response
or wait until you can determine the full threat? Are media
relations, law enforcement, emergency response teams
ready to have the IT organization take front and center after
a cyber attack? What is the COOP and DR Plan?
Airport Industry Approach
Ten - Have an Industry Strategy
The African proverb “It takes a village” applies in
cybersecurity. Government (ICAO), NGOs (IATA, ACI),
industry leaders (SITA), contractors and, especially, airports
must develop an industry wide strategy –the leading
airports assist trailing airports and where organizations
such as SITA play a prominent role.
Conclusion
• Airports still have a long way to go to understand and
mitigate the cyber threat
• Airports have fewer resources than other players in the ATI
• A common approach is critical
• Start with education and information-sharing’
• Proceed to mitigation and defense techniques
• Airports need to work as a community, led by ACI and
supported by major industry players such as SITA
Questions and Comments
DISCLAIMER
Any use, republication or redistribution of this content is
expressly prohibited without the prior written consent of the
Author. Permission to copy and reproduce content may be
granted by the author, at their discretion, and by request
only.
Source: presentation of Dominic Nessi,
ACI World Cybersecurity Taskforce
at the 2016 SITA Air Transport IT Summit, Barcelona.
2016 Air Transport IT Summit. Confidential. © SITA 2016
