2016 Air Transport IT Summit Cybersecurity - tackling the threat the Airport Approach

Transcription

1 2016 Air Transport IT Summit Cybersecurity - tackling the threat the Airport Approach Dominic Nessi, ACI World Cybersecurity Taskforce

2 Cyberspace 2025 Model World Economic Forum has identified cybersecurity among its top global risks for the last eight years As the world shrinks, governments are likely to continue with open trade policies, allow foreign investments, promote multi-stakeholder collaboration, and develop and uphold international standards increasing air traffic as a significant by-product Airports will implement transformative technologies to reduce costs, increase customer (passenger) satisfaction, and increase productivity in airport operations Passengers (business and leisure) will be communicating around the clock, at all locations and the overwhelming majority will have significant digital literacy and the mobile devices available to stay communicated

3 Cyberspace 2025 Model 4.7 billion Internet Users 75% from emerging economies Cameroon 987% Pakistan 631% Guatemala 519% Algeria 385% Emerging economies will produce 16 million STEM graduates as compared to 3.3 million in developed countries Morocco 248% Saudi Arabia 212% Kenya 192% Peru 170% Guatemala 166%

4 Between 2015 and 2025 the EU will add 105 million broadband subscribers to 248 million In the same period, India will go from 20 million to more than 700 million 3000% increase

5 Impact on Airports The explosion of the digital landscape will greatly impact airports Today, the greatest effort in developing cybersecurity measures is in developed countries Cybersecurity threats are growing faster than cybersecurity mitigation measures How can we assist airports in emerging economies?

6 Recent Aviation Attacks Examples Advanced Persistent Threat Campaign Targeting Airports Malicious traffic from two Nation States, result of a phishing , public document used as an source 75 airports impacted International Airport Targeted by a Cyber Attack Passport control system affected, potential result of malware, departures delayed significantly Islamic State message on hacked Airport website Website defaced with statement supporting Islamic State; websites shut-down Airport private network baggage system An airport baggage system experienced an intrusion by a malware, zombie army introduced by the contractor managing the system

7 Recent Aviation Attacks Examples Attack on Airlines Grounds 10 Flights Ground operation systems affected; related to flight planning, suspected DDoS attack vector, 10 flights, ~ 1,500 passengers impacted, five hour delays Mass Hack Sees Airline Freeze Loyalty Accounts Frequent flyer accounts targeted, result of bot using third party information tens of thousands of accounts impacted Hackers Divert Corporation Exec s Aircraft, Launch DDoS attack Tweet of explosives aboard airplane of CEO as the DDOS was launched

8 Airport Cybersecurity Threat Vectors Airport Systems Access Control Perimeter Intrusion Systems Credentialing Systems Document Management (CAD, Blueprints) Radar Systems Ground Radar Airport business systems FIDS Network enabled Baggage Systems Wired and wireless network systems HVAC Facility Management Utilities SCADA eenabled Aircraft systems supported by airport network services

9 Airport Cybersecurity Threat Vectors Attack Vectors Network Wireless Access Ports Smartphones Social network sites Targeted botnet attacks Social engineering Laptops USB Drives USB Devices (e.g. cameras) Optical media DDoS Cloud Computing Online Fraud

10 Airport Cybersecurity Threat Vectors Attack Vectors New attack vectors continually appear Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and systems. Typically, the attacker encrypts an organization s data and offers to decrypt in exchange for a ransom.

11 Recent Aviation Attacks Cost to Repair Damage? Incalculable Lost Revenue? Not shared publicly Number of attacks? Unknown One of the critical issues in cybersecurity is the difficulty in sharing critical information. Numerous attacks are either unreported to the public or are not advertised as a cyber attack. Likewise, lost revenue is a closely guarded secret. Yet, information sharing is critical the focus must be on threats and mitigation techniques

12 Recent Aviation Attacks The result of an attack on airport falls into one of four areas: Disruption Theft Loss of data Embarrassment Attacks are attempted by the following: Hacktivists Criminals Anonymous Insider threats Nation-states Terrorists

13 The ACI Perspective ACI World Cybersecurity Taskforce 13 The Impact of Cyber Threats in the Airport Environment

14 ACI World Cybersecurity Efforts Initiated 2015 Creation of the CS Taskforce Stressing the importance of CS as a topic at all levels of airport management Working with other industry groups Development of the IT Assessment

15 ACI World Cybersecurity Efforts Based on ISO provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). The ACI system provides a comparative benchmark for airports to judge their cyber readiness. Ready in June 2016.

16 The Airport Approach Ten Step Approach to Cybersecurity 16 The Impact of Cyber Threats in the Airport Environment

17 The Airport Environment Developing an airport industry approach has not been easy. Geography, varying international laws, airport size, community expertise make airport cybersecurity initiatives a challenge.

18 The Airport Environment Funding availability for cybersecurity in airports is impacted by: Management interest Competing demands on available funds Airline interest Staff capacity of the airport

19 Airport Industry Approach The airport community needs a common-sense and attainable approach to cybersecurity which can be implemented globally A ten point program of common goals will aid in achieving an increase in cybersecurity efforts

20 Airport Industry Approach One Understand the Reality Many airports believe that a cyber attack cannot happen to them. Cyber attacks come in many forms and no one is completely safe. It can be an internal threat, random attack, disgruntled passenger, etc. An extensive education program for airport managers at all levels is essential.

21 Airport Industry Approach Two - Don t Underestimate the Problem Cyber threats are a reality that are continually growing. From exposure of privacy information to malware to cyber extortion, cyber threats must not only be addressed today, but airports need to continually review their defenses to ensure they are adequate for new threats. Again, education at all levels is critical, particularly for airport financial officers.

22 Airport Industry Approach Three - Work with Government The Airport community needs to work with government to ensure that there is adequate dialogue on airport cyber security concerns. The US Government has determined that the air transport industry is one of 18 critical national infrastructures. Governments everywhere must work with industry to meet the challenge.

23 Airport Industry Approach Four Cybersecurity is a Top Management Issue Airports tend to bury technology issues with the CIO or IT Director. This is an issue that needs top management attention and is shared throughout the organization Legal Counsel, Risk Management, Facilities, Law Enforcement all may play a role in cyber defense.

24 Airport Industry Approach Five - Participate in Info Sharing and Sponsor R&D The Airport community needs a greater presence in A-ISAC. A-ISAC is largely led by aircraft manufacturers and airlines. Cost prohibitive for even CAT X airports. Either amend A-ISAC cost approach or find an airport alternative. The Airport community needs to develop an airport framework based on the framework developed by the US government under EO

25 Airport Industry Approach Six - Think Aviation Industry-Wide The Airport community cannot assume that by protecting their own airport that they are safe. All airports must work together to ensure a comprehensive approach to cybersecurity Airlines cannot assume that the airports in which they operate are safe

26 Airport Industry Approach Seven Identify The Risk Risk assessment is essential and every airport is different. Communications networks, Wi-Fi in terminals, POS for concessions, SCADA, law enforcement systems, web sites, parking systems, third party vendors, contractors and consultants all pose a risk what do you need to protect??

27 Airport Industry Approach Eight Don t Defend the Entire Network Based on the risk assessment, look for the most immediate vulnerabilities and vigorously defend the most likely threat vectors while doing more is desirable, there is an increasing reduction in cost effectiveness as you defend less likely targets. The Deming Cycle Predict, Prevent, Detect, Respond

28 Airport Industry Approach Nine Look at Worse Case Scenarios If you are cyber-attacked, what is your response? Airports routinely practice emergency response on a variety of issues, but rarely on a cyber attack. Immediate response or wait until you can determine the full threat? Are media relations, law enforcement, emergency response teams ready to have the IT organization take front and center after a cyber attack? What is the COOP and DR Plan?

29 Airport Industry Approach Ten - Have an Industry Strategy The African proverb It takes a village applies in cybersecurity. Government (ICAO), NGOs (IATA, ACI), industry leaders (SITA), contractors and, especially, airports must develop an industry wide strategy the leading airports assist trailing airports and where organizations such as SITA play a prominent role.

30 Conclusion Airports still have a long way to go to understand and mitigate the cyber threat Airports have fewer resources than other players in the ATI A common approach is critical Start with education and information-sharing Proceed to mitigation and defense techniques Airports need to work as a community, led by ACI and supported by major industry players such as SITA

31 Questions and Comments

32 DISCLAIMER Any use, republication or redistribution of this content is expressly prohibited without the prior written consent of the Author. Permission to copy and reproduce content may be granted by the author, at their discretion, and by request only. Source: presentation of Dominic Nessi, ACI World Cybersecurity Taskforce at the 2016 SITA Air Transport IT Summit, Barcelona Air Transport IT Summit. Confidential. SITA 2016