Aviation Cyber-Security session

Vivien EBERHARDT

Director - Aviation Cyber-Security, SITA

Threats landscape > 60% attacks target critical assets

2 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

• Network access, Wireless Access Ports, Targeted botnet attacks; DDoS

• E-mail / Phishing, Smartphones access, Laptops access, USB Drives / devices

• Social engineering, Identity theft, Third parties access

• IoT, Cloud Computing, Online Fraud

• Etc.

COMMON ATTACK TYPES…

… TARGET HIGH VALUE ASSETS FOR AIRPORTS & AIRLINES

AIRPORTS AIRLINES

• ANPR

• FIDS / BIDS / GIDS

• Public Address

• CUSS

• CUTE

• DCS

• BCBP Validation

Solution

• BRS

• BMS

• BSS

• Fallback Sortation

• Border Clearance

System

• AMS

• AODB

• Etc.

• DCS

• CUSS

• CUTE

• PSS

• IBE

• FFP

• Revenue Management

• Ticketing system

• Business Intelligence

• Fleet Management

Software

• Inventory

• GDS

• Crew Management

• Weight & Balance

• Etc.

ATI CYBERTHREAT VECTORS

TOP 10 TARGETED SYSTEMS

INSIGHT

Whole Information System 22%

Airport Website 14%

ATC / Air Navigation systems 12%

Airline Website 7%

Frequent Flyer Program (FFP) 6%

Check-in systems 6%

Booking System 6%

Online services 5%

Border control system 3%

FIDS 2%

Whole Information System 22%

Airport Website 14%

ATC / Air Navigation systems 12%

Airline Website 7%

Frequent Flyer Program (FFP) 6%

Check-in systems 6%

Booking System 6%

Online services 5%

Border control system 3%

FIDS 2%

ATI CYBERTHREAT

3 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

CCTC SHARING PLATFORM

CREATING COMMUNITY VALUE

Build our CyberThreat Intelligence

Improve Industry Collaboration

Foster increased collaboration for collective defense to

facilitate industry responses and mitigation of risks disruption to

business

Support sharing of actionable security information on

emerging threats, vulnerabilities and techniques to support their

security management and risk mitigation activities

Aviation : a complex cyber landscape

4 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

CYBER & PRIVACY REGULATIONS CYBER THREATS & ATTACKSCOMPLEX AVIATION ENVIRONMENT

DOZENS OF CYBERSECURITY LAWS &

REGULATIONS, APPLY TO AIRPORTS

AND AIRLINES

GDPR NIS Local

regulations

300+ AIRPORTS & AIRLINES

EXPERIENCED MAJOR CYBER-

ATTACKS IN THE LAST 5 YEARS

CANSO ICAO EASA

Script kiddies Cyber Criminals Terrorists

Hacktivists State Third parties

Financials performance

Operations

efficiency

Safetyguarantee

Reputation trusted

Legalcompliance

Supply chain

IT/OT Assets

Stakeholders

Airport,

Airline, ATC

....aircraft turnaround processes and data flows at Airport...

SITA Air Transport Industry CYBER-EXPERTISE

ATI BUSINESS PROCESS

6 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

MORE THAN 240 IT ASSETS

IDENTIFIED FOR AIRPORTS

For each of them, we identified the

following information:

• Business impact levels (Safety, operations, financials, reputations and

legal)

• Business activities impacted (flight

departure, police operations, passenger check-in,

etc.)

• Cyber criteria to handle (confidentiality,

availability or integrity)

• Potential interconnections with

other IT Assets

• Other information: providers, reports /

standards in the industry, etc.

BUSINESS ACTIVITIES IT ASSETS

Business divisions

Business activities

Business processes

IT Assets

AVIATION CONTEXT

Similar materials available for

Airlines

SITA Air Transport Industry CYBER-EXPERTISE

ATI IT ASSETS

7 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

For each IT Asset considered

“Functional briefing” sheet “Technical interface briefing” sheet Cyber-Risks Assessment sheet

Understand the key features of the IT

assets considered

Considered the key technical interface,

potentially used as a threat vectors

Identify and prioritise the Cyber-risks, in

order to focus on the most important

SITA CyberSecurity Portfolio overview

8 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

OUR INDUSTRY’S

PRIORITIES

OUR AVIATION-TAILORED CYBERSECURITY ANSWER

TRUSTED

PARTNERS

SITA ATI* CYBER-EXPERTISE CELLCONSULTING

SERVICES

MANAGED

SERVICES

360 CyberSecurity Assessment,

Awareness & Training, Pentests

& Vulnerability Assessment, etc.

Aviation SOC & SOC advisory,

Managed Security Appliance

(MSA) & Cloud Security, etc.

ATI*

CyberThreat

300+

CyberAttacks in

the ATI analysed

ATI CyberThreat

framework

ATI Business

Processes

1000+ Business

Process

referential

Criticality level

assessment

ATI IT

Assets

400+ IT Assets

referential

Risks, Funct. &

Tech. interfaces

briefing

ATI

Organisation

500+ roles &

responsibility

identified

Critical persons

referential

ATI

CyberTools

ATI Risk scales

NIST / ISO

Questionnaires

ATI Threat

detection rules

FROM BUSINESS

UNDERSTANDING…

… TO CYBER RISKS

MANAGEMENT

LINK LINK

Financials performance

Operations

efficiency

Safetyguarantee

Reputation trusted

Legalcompliance

9 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

1 – Aviation

Cyber Threat

Profiles

2 – Aviation Cyber

Controls Review

3 – Aviation Attack-

Surface Assessment

An end-to-end service for Aviation Stakeholders at the

center of their CyberSecurity program

AVIATION 360 CYBERSECURITY ASSESSMENT

BUSINESS RISK BASEDAVIATION-TAILOREDCOST-EFFECTIVE

What is the cyber exposure of my Aviation critical scope?

What are my risks?

What is the potential impact (financial, safety,

reputation...) ?

AVIATION 360

CYBERSECURITY

ASSESSMENT

SITA CyberSecurity Portfolio overview : assess exposure !!

Internet

MPLS

Datacentres

Internet LAN Endpoint

s

Apps

Database

s

Files

WAN

Offices Airports

Users Endpoint

s

LAN

WLAN

Internet

Admins WAN

Supply ChainMobile

Workers

Connected

Aircraft

Public Cloud

OT & IoT

Sensors Controllers

1 Perimeter Security

2 Network Segmentation

1

2

1

Global

Managed

Services

3Network Visibility &

Access Control

4Endpoint Protection &

Configuration Compliance

5 Application Security

6Data Loss Prevention

(DLP)

7 User Awareness Training

8Privileged Account

Management (PAM)

3 34 4 5

6

7

89

Cloud Access Security

Broker (CASB)

10 DDoS Protection

11 Remote Access

12 OT & IoT Security

91011

12

SITA CyberSecurity Portfolio overview : Protect !!Managed Security Services

CyberSecurity Portfolio presentation

SUPPORTED TECHNOLOGY VENDORS

11 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

PERIMETER SECURITY

WEB SECURITY

DDOS PROTECTION

REMOTE ACCESS

OTHERS

12 | SITA CyberSecurity | GVA meeting | 21 September 2018 | © SITA 2018

Aviation SOC

Consultancy

SOC provider

agnostic

Aviation SOC

Managed service

Aviation SOC

Aviation SOC Strategy

definition

Aviation SOC

transformation

Aviation SOC

improvement

Support our customer for the

definition of its SOC projectTransform a “Generic” SOC

to an Aviation-specific SOC

Assess the efficiency of an

existing SOC & suggest

improvement actions

SITA CyberSecurity Portfolio overview : Detect !!