![]() ![]() Furthermore, organizations must consistently update and patch their systems. The updated regulations necessitate that aviation entities under the TSA’s jurisdiction implement network segmentation controls, formulate policies, establish access control measures, and develop incident detection and response protocols. This is a reaction to the unrelenting threats targeting the nation’s aviation industry and other vital infrastructure. In March of 2023, the United States Transportation Security Administration (TSA) established fresh cybersecurity mandates for airport and aircraft operators, compelling them to devise strategies to enhance their resilience and avert disruptions to their infrastructure. Companies based in other countries are also required to comply with the requirements to prevent workarounds. The move, which is intended to bolster US national security, means that export licenses will likely be denied for any US company trying to do business with the firms. In December of 2022, the US Department of Commerce placed several Chinese high-tech companies, including those that manufacture aviation equipment on its export controls blacklist. Fortunately, the attacks did not impact critical airport operations as the websites hosted extraneous flight and service information. KillNet, a threat actor group, promoted the attacks by publishing a list of targeted sites. In October of 2022, several major US airports, including Atlanta, Chicago, Los Angeles, New York, Phoenix, and St Louis, experienced distributed denial of service (DDoS) attacks on their public-facing websites. They also discovered that attacks disproportionately targeted IT infrastructure. It is unknown how many Enrich members were affected by the breach.Īcross the pond in early 2022, researchers reviewed aviation cyber-security attacks over the past 20 years and concluded that the majority of threats originated from APT groups working with state actors to steal intellectual property and intelligence. The information exposed includes member names, contact information, date of birth, gender, frequent flyer number, status, and rewards tier level. The breach occurred at a third-party IT service provider, with the data of Enrich members exposed between March 2010 and June 2019. In early 2021, Malaysia Airlines began notifying customers that a data breach exposed the personal information of members in its Enrich frequent flyer program. Additionally, the adoption of connected Aircraft Health Monitoring Systems (AHMS) has enabled real-time monitoring and analysis of aircraft performance data, streamlining maintenance and enhancing overall operational efficiency. The aviation industry has witnessed significant digital transformation in the last few decades, with advancements such as the transition from paper-based navigation charts to Electronic Flight Bags (EFBs) for pilots. The findings from these tests can then be used to develop effective countermeasures, enhance security policies, and contribute to the safety of passengers, crew, and ground personnel. ![]() ![]() By emulating the techniques, tactics, and procedures (TTPs) of real-world threat actors, cybersecurity professionals can uncover hidden vulnerabilities and evaluate the resiliency of aviation systems against cyber intrusions. These include communication networks, air traffic control systems, and aircraft avionics. The work entails simulating cyber-attacks and exploiting weaknesses within the aviation ecosystem. Securing aviation systems involves proactively identifying, assessing, and addressing potential security vulnerabilities within aviation infrastructure. Whether it be looking to gain a competitive advantage, or financially motivated actions, or simply a political statement, the space will always be crowded by malicious actors seeking to do us harm.” That is because nation-states, cyber criminals, and hacktivists all possess an incentive to manipulate systems within this sector. John Ratcliffe forecasted back in 2018, “as devices, aircraft, and systems become more interconnected, cybersecurity will increasingly play a larger role in aviation security. I was never drawn to the skies like he was instead, I ended up a hacker. My Dad’s career in aviation spanned 40+ years across military, commercial, management, and regulatory domains. I grew up surrounded by Aviators and their stories. ![]()
0 Comments
Leave a Reply. |