Warfare has moved from the physical world to the cyberworld, and from airspace to cyberspace.
A huge amount of data is processed with each flight or journey. With next-generation cloud solutions, data can be easily stored and processed, and areas such as predictive maintenance and in-flight performance can be better traced, understood and improved.
However, the rise of cloud computing also brings along cyberthreats. One of the areas that is most vulnerable to attack in the aviation industry is the connective communication system between the plane and the ground, which transmit flight information to on-the-ground networks.
With hackers bombarding the aviation sector with over 1,000 attacks per month, how can these cloud systems be best protected? What are some precautionary measures that both aviation industry players and travelers alike can take to ensure the safety of data?
Another area in which technology comes into play is in aviation defense. Warfare has moved from the physical space to the cyberworld, and countries are investing heavily in the modernization of their defense resources and building their defenses in cyberspace.
Ahead of the Singapore Airshow 2020, CybersecAsia talks to Estie Peshin, VP & General Manager, Cyber Division, ELTA Systems, a subsidiary of Israel Aerospace Industries.
With cyber-warfare, cyber-espionage and cyber-terrorism a reality today, how differently should relevant organizations approach the way airspace and aircraft are being protected, secured and defended?
Peshin: We are experiencing some strategic trends in cyber, namely:
- The weaponization of cyberspace, including but not limited to state and super power involvement.
- The difficulty to attribute cyber-attacks reduces the cost and risk of cyber-attacks and renders them a preferred mode of operation for malicious operators.
- The skill gap is increasing. Cyber defenders are no trained quickly enough to be able to effectively combat cyber-attacks.
- The malicious actors are quicker to make use of modern technologies and trends (cloud, IoT and more).
Aviation is an extremely lucrative target on one hand and is rapidly adopting novel technologies and becoming more and more connected. As such, the aviation eco-system must rapidly implement cyber security solutions in order to protect the mission critical systems.
These solutions encompass 4 elements:
- elevating cyber security by hardening the mission critical systems
- deploying monitoring solutions for detecting animalizes which may indicate cyber attacks
- deploying cyber threat intelligence capabilities in order to detect, in advance, intentions of cyber attacks
- sharing information with other stakeholders
IAI is a global leader in cybersecurity solutions for the aviation ecosystem, and the leader of the Israeli Aviation Cyber Companies Consortium (IAC3)
Please share some insights from your digital transformation journey, especially how safety and security should be part and parcel of the entire strategy, not as an add-on or afterthought?
Peshin: When considering national-grade challenges, e.g. protection of the national aviation ecosystem, there is a need for national-grade cyber solutions. IAI is a global leader in national grade, and the leader of the Israeli Cyber Companies Consortium (IC3).
The National grade cyber solutions encompass 5 elements:
- State of the art cybersecurity technology
- Effective methodology (how to use the technology effectively)
- Constant innovation in order to constantly adapt to emerging threats
- Collaboration and information sharing – if an organization within the eco-system is attacked, all other organizations within the ecosystem should immediately be aware and deploy the proper defenses
- Capacity buildup – training, awareness and assessment – in order to overcome, as much as possible, the skill gap
What, in your opinion, are the shared and distinct roles of governments, enterprises and their technology partners in building a safer aviation industry and providing better consumer flight experience, including ensuring security and privacy?
Peshin: We believe that effective cybersecurity requires collaboration among all stakeholders. This derives from the fact that an attack would normally target the weakest link, so it’s imperative to elevate the cybersecurity of all stakeholders.
It also derives from the fact that collaboration and information sharing are key element in effective national-grade cybersecurity.
The collaboration does not diminish the singular responsibility of each stakeholder to protect its own organization (as well as the privacy of the organization’s employees, customers and suppliers).