|
 |

Chris Moore,
Chief Commercial Officer, Satcom Direct. |
|
|
The Digital
Elephant |
|
|
 |
here’s an elephant in the room, it’s
very large, hard to visualise and few want to talk about it. The elephant is
called cyber security and it needs to be addressed. |
The digitisation of aviation has
delivered new opportunities for executive aviation. The extended network of
interconnected data systems makes for an enriched passenger experience, as well
as more efficient and improved operations. It makes users more comfortable as
the ground connectivity experience is emulated in the sky. Yet just like the
proverbial elephant, few want to talk about the negatives surrounding cyber
security, and the fact that breaches are growing in frequency and
sophistication.
The motivations behind the
attacks are mixed, they range from “hackers” looking for the kudos of cracking
supposedly impenetrable systems, to industrial espionage, disruption of
services, terrorism or financial gain. Commercial aviation has already suffered
from high profile incidents including attacks on Kiev, Ho Chi Min, and Hanoi
airports. The prevalence of public attacks is also escalating, think Ukrainian
power system, Equifax and numerous recent ransomware attacks.
So, we are continuously surprised
at the number of colleagues we speak with that have not addressed the potential
threats to their corporate fleet or private aircraft. We find that there is a
misperception that once in the air, somehow aircraft are not vulnerable. Many
passengers don’t make the connection, excuse the pun, that if access to the
internet, email or telephone is working, that the aircraft is connected to the
net. If you are connected digitally on an aircraft, and not following corporate
cyber protocols, you may as well be operating from a local cyber café in terms
of cyber safety.
Attacks may originate
geographically, some countries will try to penetrate any foreign asset that
comes into their territory whether on the ground, or at 40 000 feet. Phishing,
and evil twin phenomena may inadvertently bring malware on board. A randomly
found digital thumb-stick may contain a software virus that activates when
plugged in. A third-party along the aviation supply chain may be used to
penetrate a corporate network. Unmanaged devices from third parties can also
form entrance points. We recently had a flight experiencing multiple attempts to
hack email accounts of a passenger. We alerted the flight department and blocked
all further attempts. It turned out this was a business colleague travelling
with the client to a business meeting.
 |
Satcom Direct Network
Operations Centre, Melbourne, Florida. |
As more clients ask us for
support we have developed one of the industry’s first tailored cyber security
solution packages that has been built upon our years of experience working with
very demanding customers, including military and government. We are in a
somewhat unique industry position owning the SD Data Centre. We can create
private networks on behalf of clients connected to our hardware which enables
satellite, or air to ground connectivity. Existing corporate compliance and
security can be applied to the aircraft network like any other location.
We also offer onsite risk
assessments to identify threats across the supply chain from ground level to
altitude. Recommendations are provided that adhere to ISO 27001 and NIST,
(National Institute of Standards and Technology) principles. We believe
educating and awareness raising is essential for the industry too. As part of
this we deliver CyberSAFE, a certified course, designed for anyone interfacing,
supporting or interacting with the aircraft communications, including crew,
flight department members and passengers. The course is designed to educate
end-users about what to do, and more importantly what not to do, since our
philosophy is that educated users keep networks safer. You don’t need to be an
SD customer to maximise our suite of cyber security services.
As we see it the industry needs
to collaborate, to discuss the issues, create standards and best practises.
We’re an industry with a powerful safety culture, we just need to add cyber
security to the mix. The dialogue shouldn’t be about how secure we are, but
should discuss where vulnerability lies and how resilient we can be.
We want to support the industry’s
understanding, collaboration and response to the increasing threat of cyber
security, we want to tame that elephant.
|
 |
satcomdirect.com |
|
BlueSky Business Aviation News | 8th February 2018 | Issue #450 |
|
|
 |
|
|
|