aviation cyber-security sessionfrequent flyer program (ffp) 6% check-in systems 6% booking system 6%...
TRANSCRIPT
Aviation Cyber-Security session
Vivien EBERHARDT
Director - Aviation Cyber-Security, SITA
Threats landscape > 60% attacks target critical assets
2 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
• Network access, Wireless Access Ports, Targeted botnet attacks; DDoS
• E-mail / Phishing, Smartphones access, Laptops access, USB Drives / devices
• Social engineering, Identity theft, Third parties access
• IoT, Cloud Computing, Online Fraud
• Etc.
COMMON ATTACK TYPES…
… TARGET HIGH VALUE ASSETS FOR AIRPORTS & AIRLINES
AIRPORTS AIRLINES
• ANPR
• FIDS / BIDS / GIDS
• Public Address
• CUSS
• CUTE
• DCS
• BCBP Validation
Solution
• BRS
• BMS
• BSS
• Fallback Sortation
• Border Clearance
System
• AMS
• AODB
• Etc.
• DCS
• CUSS
• CUTE
• PSS
• IBE
• FFP
• Revenue Management
• Ticketing system
• Business Intelligence
• Fleet Management
Software
• Inventory
• GDS
• Crew Management
• Weight & Balance
• Etc.
ATI CYBERTHREAT VECTORS
TOP 10 TARGETED SYSTEMS
INSIGHT
Whole Information System 22%
Airport Website 14%
ATC / Air Navigation systems 12%
Airline Website 7%
Frequent Flyer Program (FFP) 6%
Check-in systems 6%
Booking System 6%
Online services 5%
Border control system 3%
FIDS 2%
Whole Information System 22%
Airport Website 14%
ATC / Air Navigation systems 12%
Airline Website 7%
Frequent Flyer Program (FFP) 6%
Check-in systems 6%
Booking System 6%
Online services 5%
Border control system 3%
FIDS 2%
ATI CYBERTHREAT
3 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
CCTC SHARING PLATFORM
CREATING COMMUNITY VALUE
Build our CyberThreat Intelligence
Improve Industry Collaboration
Foster increased collaboration for collective defense to
facilitate industry responses and mitigation of risks disruption to
business
Support sharing of actionable security information on
emerging threats, vulnerabilities and techniques to support their
security management and risk mitigation activities
Aviation : a complex cyber landscape
4 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
CYBER & PRIVACY REGULATIONS CYBER THREATS & ATTACKSCOMPLEX AVIATION ENVIRONMENT
DOZENS OF CYBERSECURITY LAWS &
REGULATIONS, APPLY TO AIRPORTS
AND AIRLINES
GDPR NIS Local
regulations
300+ AIRPORTS & AIRLINES
EXPERIENCED MAJOR CYBER-
ATTACKS IN THE LAST 5 YEARS
CANSO ICAO EASA
Script kiddies Cyber Criminals Terrorists
Hacktivists State Third parties
Financials performance
Operations
efficiency
Safetyguarantee
Reputation trusted
Legalcompliance
Supply chain
IT/OT Assets
Stakeholders
Airport,
Airline, ATC
....aircraft turnaround processes and data flows at Airport...
SITA Air Transport Industry CYBER-EXPERTISE
ATI BUSINESS PROCESS
6 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
MORE THAN 240 IT ASSETS
IDENTIFIED FOR AIRPORTS
For each of them, we identified the
following information:
• Business impact levels (Safety, operations, financials, reputations and
legal)
• Business activities impacted (flight
departure, police operations, passenger check-in,
etc.)
• Cyber criteria to handle (confidentiality,
availability or integrity)
• Potential interconnections with
other IT Assets
• Other information: providers, reports /
standards in the industry, etc.
BUSINESS ACTIVITIES IT ASSETS
Business divisions
Business activities
Business processes
IT Assets
AVIATION CONTEXT
Similar materials available for
Airlines
SITA Air Transport Industry CYBER-EXPERTISE
ATI IT ASSETS
7 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
For each IT Asset considered
“Functional briefing” sheet “Technical interface briefing” sheet Cyber-Risks Assessment sheet
Understand the key features of the IT
assets considered
Considered the key technical interface,
potentially used as a threat vectors
Identify and prioritise the Cyber-risks, in
order to focus on the most important
SITA CyberSecurity Portfolio overview
8 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
OUR INDUSTRY’S
PRIORITIES
OUR AVIATION-TAILORED CYBERSECURITY ANSWER
TRUSTED
PARTNERS
SITA ATI* CYBER-EXPERTISE CELLCONSULTING
SERVICES
MANAGED
SERVICES
360 CyberSecurity Assessment,
Awareness & Training, Pentests
& Vulnerability Assessment, etc.
Aviation SOC & SOC advisory,
Managed Security Appliance
(MSA) & Cloud Security, etc.
ATI*
CyberThreat
300+
CyberAttacks in
the ATI analysed
ATI CyberThreat
framework
ATI Business
Processes
1000+ Business
Process
referential
Criticality level
assessment
ATI IT
Assets
400+ IT Assets
referential
Risks, Funct. &
Tech. interfaces
briefing
ATI
Organisation
500+ roles &
responsibility
identified
Critical persons
referential
ATI
CyberTools
ATI Risk scales
NIST / ISO
Questionnaires
ATI Threat
detection rules
FROM BUSINESS
UNDERSTANDING…
… TO CYBER RISKS
MANAGEMENT
LINK LINK
Financials performance
Operations
efficiency
Safetyguarantee
Reputation trusted
Legalcompliance
9 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
1 – Aviation
Cyber Threat
Profiles
2 – Aviation Cyber
Controls Review
3 – Aviation Attack-
Surface Assessment
An end-to-end service for Aviation Stakeholders at the
center of their CyberSecurity program
AVIATION 360 CYBERSECURITY ASSESSMENT
BUSINESS RISK BASEDAVIATION-TAILOREDCOST-EFFECTIVE
What is the cyber exposure of my Aviation critical scope?
What are my risks?
What is the potential impact (financial, safety,
reputation...) ?
AVIATION 360
CYBERSECURITY
ASSESSMENT
SITA CyberSecurity Portfolio overview : assess exposure !!
Internet
MPLS
Datacentres
Internet LAN Endpoint
s
Apps
Database
s
Files
WAN
Offices Airports
Users Endpoint
s
LAN
WLAN
Internet
Admins WAN
Supply ChainMobile
Workers
Connected
Aircraft
Public Cloud
OT & IoT
Sensors Controllers
1 Perimeter Security
2 Network Segmentation
1
2
1
Global
Managed
Services
3Network Visibility &
Access Control
4Endpoint Protection &
Configuration Compliance
5 Application Security
6Data Loss Prevention
(DLP)
7 User Awareness Training
8Privileged Account
Management (PAM)
3 34 4 5
6
7
89
Cloud Access Security
Broker (CASB)
10 DDoS Protection
11 Remote Access
12 OT & IoT Security
91011
12
SITA CyberSecurity Portfolio overview : Protect !!Managed Security Services
CyberSecurity Portfolio presentation
SUPPORTED TECHNOLOGY VENDORS
11 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
PERIMETER SECURITY
WEB SECURITY
DDOS PROTECTION
REMOTE ACCESS
OTHERS
12 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018
Aviation SOC
Consultancy
SOC provider
agnostic
Aviation SOC
Managed service
Aviation SOC
Aviation SOC Strategy
definition
Aviation SOC
transformation
Aviation SOC
improvement
Support our customer for the
definition of its SOC projectTransform a “Generic” SOC
to an Aviation-specific SOC
Assess the efficiency of an
existing SOC & suggest
improvement actions
SITA CyberSecurity Portfolio overview : Detect !!