euro cybersecurity campaign · 2017-10-03 · 1. rise of cyber threats •major cyber attacks in...
TRANSCRIPT
![Page 1: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/1.jpg)
SITA CYBERSECURITY
Romanian Airports Association
Conference 03.Oct. 2017
Senior Sales Manager EUROPE
![Page 2: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/2.jpg)
AVIATION CYBERSECURITY IN THE NEWS
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
2
![Page 3: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/3.jpg)
CYBER SECURITY IS RANKED AS THE #1 FOR OUR INDUSTRY
3
of large companies
have reported a
breach
81%
of airports consider
sophisticated attacks
a significant threat
63%
of CIOs are investing in
major cyber security
projects
72% of airlines consider
cyber security at board
level
77%
![Page 4: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/4.jpg)
THREATS LANDSCAPE
Istanbul’s Airport
passport control
systems shut down,
2013.
Dubai International
Airport: critical
credentials stolen,
2013.
U.S. airport among
the targets
announced by the
Tunisian Hackers
Team.
Kiev’s Airport
widely infected by a
malware campaign
traced back to
Moscow.
Attacks on
Vietnam's two
largest airports
(flight information
screens, sound
system and
website), 2016.
There has been an increase in information security incidents, including both cyber-attacks and ICT dependencies disruptions,
experienced by the aviation sector worldwide in recent years. ENISA Securing Smart Airports
Dec. 2016
• Malware
• Web application vulnerability
exploits
• Denial of service
• Botnets
• Phishing
• Ransomware
• …
What techniques are used for cyber attacks?
• Theft of passengers personal
data
• Business disruption
• Credit card fraud
• Passport control system
disorder
• Reputation damage
• Threats to health & safety
• Luggage control failure
• Destruction of critical
infrastructure
• Fuel hedging tactics disruption
• Schedule management
algorithm disturbance
• Terminal CCTV hack
• …
How airports and airlines are targeted?
CYBERCRIME WILL COST BUSINESSES OVER $2 TRILLION
BY 2019 Juniper Research, 2015
HACKERS BOMBARD AVIATION SECTOR WITH OVER 1,000 ATTACKS
PER MONTH IN 2016
European Aviation Safety Agency, 2016
• Malicious actions
• Human error
• Third party failures
• System failures
• Natural phenomena
• …
What are the threats?
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
4
Attack on European
Airline Grounds 10
Flights
Ground operation
systems affected
Nation state
dirven attacks
targeting Airlines,
Aiports and Air
Traffic Control ,
2017
Mass Hack Sees
European Airline
Freeze Accounts
Frequent flyer
accounts targeted
![Page 5: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/5.jpg)
IT'S A C-LEVEL / BOARD LEVEL
TOPIC
5
CISO, CIO Board, CEO,
CMO, CRO
We need to assess our
Security Program
and Strategy.
We need a Security
Operations Centre to
be compliant to
regulation, could you
help?
Could you test the
effectiveness of my
incident detection ?
Is is possible for a
threat actor to put
down an aircraft ? Can
you help to protect
my reputation and
safety ?
Could you help us
understanding the ATI
specific threats &
risks we have to
cover? How do I
compare to others?
How do I stop hackers
from stealing my
customers miles ?
Could you help me
with GDPR or other
regulations (NIS, PCI
DSS, CNI, BSI...)
I am facing a cyber
crisis, could you send
your experts now ?
Could you add us to
your Cyber Threat
Intelligence
community service?
CONCERNS
FOR
CYBER RISKS
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
Cyber Risk Insurance Avoid Regulatory Fines Avoid Damaged Reputation Regulatory Compliance Business Drivers
![Page 6: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/6.jpg)
1. Rise of Cyber Threats
• Major Cyber attacks in the Aviation industry doubled since 2015.
• Recent audits realized by SITA show that airports & airlines are more and more subject to Cyber attacks
2. Growing Aviation regulation
• Aviation Industry faces a complex legal and regulation environment and permanent needs for Safety.
• GDPR, NIS, FAA, ICAO strengthen security constraints that weigh upon the industry.
3. Aviation environment specificities
• Cyber attacks are becoming more industry-tailored while Aviation has unique characteristics such as
loyalty program, baggage handling system, airfield lighting control, etc.
• There is a need for ATI unique cybersecurity management and solutions.
4. On-going digital transformation
• Digital innovation such as Modern Aircrafts and Smart Airports
• Significant opportunities for hackers to compromise Aviation information systems.
ARE YOU READY FOR AVIATION CYBERSECURITY TURBULENCES?
6
4
CHALLENGES
THAT IMPACT
YOUR
BUSINESS
![Page 7: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/7.jpg)
Our Credentials
Aviation regulatory & standard compliance assessment
Aviation Crisis management
Airline incident response
Airport risk assessment
More than 60 customers in managed infrastructure security
Leveraging Unique Capabilities
• Knowledge of Aviation critical business processes
& IT assets
Focus on addressing risks and optimizing customer’s
time, resources and budget.
• Collaboration between SITA’s members
Facilitate industry responses to cybersecurity threats
and help mitigating risks.
• Knowledge of Aviation security standards and
regulations
Supporting airports & airlines in the delivery of their
activity globally.
• Unique partnerships
The best of cybersecurity expertise & SITA’s industry
know-how. (inc. Airbus)
• Local presence at airports
Performing first actions following an attack (first
responder).
ENABLING CYBER RESILIENCE: 100% AVIATION-TAILORED PORTFOLIO
7
![Page 8: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/8.jpg)
IT'S A C-LEVEL / BOARD LEVEL
TOPIC
Reputation
Financial
Resilience
Confidentiality
Integrity
Availability DATA &
INFORMATION
SYSTEMS
PEOPLE &
ENVIRONMENT
AVIATION
CYBER
SECURITY
RESILIENCE
IT
Risks
Business
Impact
8
CISO, CIO Board, CEO,
CMO, CRO
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
![Page 9: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/9.jpg)
AVIATION CYBERSECURITY BEST PRACTICES
9
Source: SITA Analysis
Develop the institutional
understanding to manage
cybersecurity risk to systems,
assets, data, and capabilities
Identify aviation cyber risks
Mitigate potential business
impacts of an incident or
eventually a crisis.
React for business safeguard
Tailored detection solutions and
scenario to the aviation sector.
Detect Industry specific attacks
Risk mitigation controls and
safeguard tailored to the Air
Transport context and constraints.
Protect Aviation critical assets
AVIATION
CYBER
SECURITY
RESILIENCE
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
![Page 10: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/10.jpg)
Cybersecurity
Strategy
Cybersecurity
Transformation
Program
Target
Model
Definition
Risk
Appetite
RECOMMENDED AVIATION CYBERSECURITY APPROACH
10
PROTECT REACT IDENTIFY DETECT
EXECUTIVE LEVEL AWARENESS TARGET OPERATING MODEL
RESOURCES & FUNDING
Maturity
Assessment
Benchmarking
Mitigation Measures
IT security governance
Users and third party
Information security policies
Communication & awareness
User account & rights management
Information system hardening
Servers administration & operations
Network partitioning
Integration of security in project
Managed Security
Services
Security Operations
Center
Monitoring & Reports
Inform Stakeholders
SIEM Security Information
Management Systems
Logging Policy Definition
& Implementation
CONTINUOUS IMPROVEMENT (IDENTIFY – PROTECT – DETECT – REACT)
Business Continuity
Cybersecurity Incident Process
Cybersecurity Incident
Classification
Cybersecurity Readiness
(People & Tools)
Incident Response
External Incident Response
Team
Compromise Assessment
Our Engagement Model Enabling Cyber Resilience Cybersecurity Challenges References & Partners Cybersecurity Organization
RISK
ASSESSMENT
REGULATORY
COMPLIANCE
![Page 11: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/11.jpg)
REFERENCES
GOVERNANCE AND RISK
MANAGEMENT
ACTIVE CYBER DEFENSE
INCIDENT RESPONSE
Build / Improve Security Program
Typical engagement
$50K to $300K
Typical engagement
$150K to $1M
Typical engagement
$250K to $1M
IDENTIFY CYBER RISK AND PROTECT AVIATION CRITICAL ASSETS
DETECT AVIATION SPECIFIC ATTACKS
RESPOND AND RECOVER FOR AVIATION BUSINESS SAFEGUARD
Manage Cyber Risks
Security Program Assessment
Maturity Assessment
GDPR
Assess Security Level
Detect Risks and Threats
Compromise Assessment
Aircraft OT & IT Pentest
Prepare for Attacks
Respond to Attacks
Incident Response
Crisis Management
How we helped? Our Cybersecurity Offerings
How we helped? Our Cybersecurity Offerings
How we helped? Our Cybersecurity Offerings
11
![Page 12: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/12.jpg)
CREATING COMMUNITY VALUE
12
Support sharing of actionable security info. on emerging threats,
vulnerabilities and techniques to:
• support their security management and risk mitigation activities
Cyb
er
Th
reat
In
tel.
Ind
ustr
y
Co
llab
ora
tio
n
Foster increased collaboration for:
• collective defense to facilitate industry responses and mitigation of risks
disruption to business
![Page 13: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/13.jpg)
CCTC SHARING PLATFORM
13
![Page 14: Euro Cybersecurity Campaign · 2017-10-03 · 1. Rise of Cyber Threats •Major Cyber attacks in the Aviation industry doubled since 2015. •Recent audits realized by SITA show that](https://reader034.vdocument.in/reader034/viewer/2022042600/5f45c9a8e0bbd72a81381d6a/html5/thumbnails/14.jpg)
14
Q&A