This page contains a Flash digital edition of a book.
IS THE CYBER THREAT REAL?


Misunderstood and overlooked, impersonal yet with the potential to bring an airport or airline to its knees, the cyber threat to aviation is here and here to stay. This January’s attack on El Al Israel Airlines’ website, purportedly by Saudi hacker OxOmar, whilst annoying rather than catastrophic, was a wake-up call to the aviation industry and clearly demonstrated that even the most security conscious of organisations can be vulnerable to attack. QinetiQ’s Antony Bridges and Elliott Atkins explain the reality of the threat and suggest measures that the industry needs to take to, at the very least, be able to respond to a cyber attack should it occur and steps that can be taken to better protect against an attack in the first place.


W


hat is the cyber threat? How well protected am I from it? Simple as these questions


sound, many organisations are struggling to provide an equally simple answer. The cyber threat is constantly evolving, difficult to attribute and can happen in a matter of milliseconds and this adds further complexity to the task. This article will focus on the first of those two questions, specifically: Are there groups that may wish to disrupt your business? Does your business require access to the internet either as a communication route or as a way of selling services? Are any of your industrial control systems accessible through your information communication technology? Does your organisation hold information that is of value to others? These questions are explored in


more detail below. The examples used are based on what has already


34


happened rather than what could happen. Whilst there is a possibility of terrorists attacking the aviation industry through a cyber attack, there are other threats that are far more likely and are already impacting on organisations’ effectiveness, efficiency and profit and we will focus on these.


Are there groups who may wish to disrupt your business? A protest outside the gates or perimeter of an organisation can attract media coverage. However, online activists, (or hacktivists as they are often described), have been discovering the power and impact of revealing sensitive organisational data. A recent Verizon report highlighted the impact of such groups. Hactivists were only responsible for 3% of the attacks analysed, compared with organised criminal groups who were responsible


Download your FREE ASI "iPad/iPhone APP" NOW


for 83% of attacks. However, hactivists were responsible for more than 58% of the records taken, which equates to over 100 million records.


As I write this article a company has experienced the impact on share price and customer loyalty that the loss of sensitive client data can have. In addition to unwelcomed publicity, losing data can result in fines from regulators. There is also a personal impact on your customer. Despite advice to the contrary, individuals tend to use the same password across a range of sites. The loss of password data therefore can require individuals to change details across a range of sites and accounts. You may be forgiven for one breach, but experience a second and your customer is likely to change supplier.


The aviation industry involves multiple partners and one organisation can find itself impacted by the activities of another.


April 2012 Aviationsecurityinternational


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52