CYBER THREAT IN AVIATION ARE YOU READY TO ADDRESS IT YET?

Transcription

1 CYBER THREAT IN AVIATION ARE YOU READY TO ADDRESS IT YET? Peter Armstrong, Hong Kong March 2015 GROWING FROM STRENGTH TO STRENGTH...

2 WHY IT MATTERS IT IS A REAL PROBLEM AND IT IS PERVASIVE GOVERNMENTS ARE WORRIED Cyber Threat in Aviation 1

3 CYBER SECURITY 4 KEY MESSAGES I wasn't always a cyber Geek I want to focus on 4 Key Messages 1. It's not just Hype: Cyber really is a pervasive problem and its probably going to get worse before it gets better 2. The threat actors are not constrained by airworthiness 3. The Regulators, Manufacturers and Trade bodies are only just waking up to this asymmetry 4. It s a global community responsibility A chink in Gabon undermines everything Cyber Threat in Aviation 2

4 THE UNCERTAINTY OF CYBER - REAL-WORLD EXAMPLES An Industry unaccustomed To Uncertainty Cyber Threat in Aviation 3

5 THE UNCERTAINTY OF CYBER - REAL-WORLD EXAMPLES Cyber Threat in Aviation 4

6 INDICATIVE CYBER RISKS TO THE AVIATION SECTOR Cyber Attack Actors and Vulnerabilities Threat Actors Nation State Actors Terrorist Organisations Organised Criminality Hactivist communities Areas of Vulnerability Air Traffic Control Systems The Aircraft Platform Airline Companies Airport Operational Control systems Flight Side Ground Handling systems Travel Industry Booking systems Airport customer and baggage support systems Integration across these platforms and systems is a key risk. Vulnerabilities Border crossings at sophisticated boundaries and pace of innovation (e.g. EFB) make it worse Cyber Threat in Aviation 5

7 TWIN LENS ANALYSIS OF CYBER RISK NEEDS DRIVEN NOT PRODUCT DRIVEN First Lens - Cyber is an enabler/accelerator/amplifier of risks already in the portfolio probably means you have underestimated current exposure The Willis Approach Second Lens - Discrete Cyber Risk beyond the existing trigger perimeters Organisations need to understand their cyber vulnerabilities from the perspective of portfolio impact this will be need to be synthesised with an understanding of: Approach to classifying your critical digital assets what really matters to your business Specific threat to the organisation and the sector who are you trying to keep out Effectiveness of the outcomes of their cyber controls Have a meaningful Incident Response and Business Continuity Plan Allows you to determine the right balance of retained risk, risk mitigation affordability and overall Risk Transfer construct for the entire risk portfolio Finally allows you to use this understanding of the gap between your needs and existing cover to generate augmented cover for existing portfolio and for additional cyber specific wording if that is necessary Cyber Threat in Aviation 6

8 CYBER INSURANCE MARKET IS NOT YET MATURE Scale is a Challenge Market for stand alone Cyber insurance is in its infancy although growing in 2014 US business will be $1.5 Billion in 2014 London Market will be $235 Million in 2014 Total global Market for stand alone cyber insurance likely to grow to $8 10 Billion in next 5 years Capacity has not yet evolved to the levels the risk and threat require Largest single tower to date $500 Million Capacity limit in US $500 Million Capacity limit in London Market $200 Million Cyber Threat in Aviation 7

9 PRODUCT IS NOT ALIGNED TO THE SCALE OF THE THREAT AND RISK Product portfolio is thin and not standardised - mainly related to data protection regulatory requirements, particularly in the US There are many non-standard products for 3 rd and 1 st party risk related to privacy Only 2 products (AIG and BRIT Consortium) look at Industrial Control Systems Most cyber capacity for first or third party critical infrastructure protection is provided as an extension of traditional property & casualty products often with small and inadequate limits In many ways, Cyber enables and amplifies existing risk so perimeter for cyber relative to other areas of risk cover is not yet clearly understood or delineated This will need to be unpicked Legislative developments in US and EU will drive greater demand for relevant cover Technology evolution is amplifying the risk, particularly CLOUD adoption Cyber Threat in Aviation 8

10 Title of Presentation edit in master 9