Chris Moore, Chief Commercial Officer, Satcom Direct.
The Digital Elephant

The digitisation of aviation has delivered new opportunities for executive aviation. The extended network of interconnected data systems makes for an enriched passenger experience, as well as more efficient and improved operations. It makes users more comfortable as the ground connectivity experience is emulated in the sky. Yet just like the proverbial elephant, few want to talk about the negatives surrounding cyber security, and the fact that breaches are growing in frequency and sophistication.

The motivations behind the attacks are mixed, they range from “hackers” looking for the kudos of cracking supposedly impenetrable systems, to industrial espionage, disruption of services, terrorism or financial gain. Commercial aviation has already suffered from high profile incidents including attacks on Kiev, Ho Chi Min, and Hanoi airports. The prevalence of public attacks is also escalating, think Ukrainian power system, Equifax and numerous recent ransomware attacks.

So, we are continuously surprised at the number of colleagues we speak with that have not addressed the potential threats to their corporate fleet or private aircraft. We find that there is a misperception that once in the air, somehow aircraft are not vulnerable. Many passengers don’t make the connection, excuse the pun, that if access to the internet, email or telephone is working, that the aircraft is connected to the net. If you are connected digitally on an aircraft, and not following corporate cyber protocols, you may as well be operating from a local cyber café in terms of cyber safety.

Attacks may originate geographically, some countries will try to penetrate any foreign asset that comes into their territory whether on the ground, or at 40 000 feet. Phishing, and evil twin phenomena may inadvertently bring malware on board. A randomly found digital thumb-stick may contain a software virus that activates when plugged in. A third-party along the aviation supply chain may be used to penetrate a corporate network. Unmanaged devices from third parties can also form entrance points. We recently had a flight experiencing multiple attempts to hack email accounts of a passenger. We alerted the flight department and blocked all further attempts. It turned out this was a business colleague travelling with the client to a business meeting.

Satcom Direct Network Operations Centre, Melbourne, Florida.

As more clients ask us for support we have developed one of the industry’s first tailored cyber security solution packages that has been built upon our years of experience working with very demanding customers, including military and government. We are in a somewhat unique industry position owning the SD Data Centre. We can create private networks on behalf of clients connected to our hardware which enables satellite, or air to ground connectivity. Existing corporate compliance and security can be applied to the aircraft network like any other location.

We also offer onsite risk assessments to identify threats across the supply chain from ground level to altitude. Recommendations are provided that adhere to ISO 27001 and NIST, (National Institute of Standards and Technology) principles. We believe educating and awareness raising is essential for the industry too. As part of this we deliver CyberSAFE, a certified course, designed for anyone interfacing, supporting or interacting with the aircraft communications, including crew, flight department members and passengers. The course is designed to educate end-users about what to do, and more importantly what not to do, since our philosophy is that educated users keep networks safer. You don’t need to be an SD customer to maximise our suite of cyber security services.

As we see it the industry needs to collaborate, to discuss the issues, create standards and best practises. We’re an industry with a powerful safety culture, we just need to add cyber security to the mix. The dialogue shouldn’t be about how secure we are, but should discuss where vulnerability lies and how resilient we can be.

We want to support the industry’s understanding, collaboration and response to the increasing threat of cyber security, we want to tame that elephant.

satcomdirect.com

BlueSky Business Aviation News | 8th February 2018 | Issue #450