This page contains a Flash digital edition of a book.
Screenshot from El Al Israel Airlines website. In January 2012 a Saudi hacker, OxOmar, attacked the site, demonstrating that even the most security conscious of airlines can be vulnerable to cyber attacks.


For example, airport operators may find themselves targeted because of the activities of an airline operating from their airfield. Whilst organisations may feel such protests or attacks come from nowhere with no advanced warning; the reality is that such attacks are often discussed in open forums prior to the incident. Monitoring such discussions provides Information Security teams with the ability to prepare a response, for example by protecting staff from a barrage of e-mails by updating e-mail filters. The industry has already seen an example of a joint cyber and physical protest. The "Anonymous" group caused significant disruption of ground- based transportation systems, including San Francisco's Bay Area Rapid Transit (BART), in August 2011.


This attack


took place both online and with physical protests, a combination which resulted in BART closing four stations and switching off mobile telephony services in stations and tunnels.


“…this January’s attack on El Al Israel Airlines’ website, purportedly by Saudi hacker OxOmar…”


April 2012 Aviationsecurityinternational


Does your business require access to the internet either as a communication route or as a way of selling services? Clearly most organisations do rely on access to the internet. Those seeking to disrupt organisations’ activities have found Denial of Service attacks can be an effective weapon. A Denial of Service is where your system becomes inundated by requests for information and is therefore unable to respond to legitimate requests. These attacks frustrate users as systems become slow, unresponsive or unavailable. It is equivalent to a protest blocking the entrances to your organisation. It will put some people off using your business, at least for as long as the protest is underway, and for those that do still make it through it will be a less than ideal experience. A variety of organisations have been reported to have suffered from such attacks in the last 12 months, including law enforcement organisations, the finance industry and media. Airlines which conduct most or all of their retail business online are very susceptible to Denial of Service attacks against their websites. Any organisation with a single route-to-market online will be disproportionately affected by such attacks, compared to carriers who have a variety of channels via agents or partners.


Are any of your industrial control systems accessible through your information communication technology? Industrial control or SCADA systems become linked to the internet or external computers for many practical reasons. Maintenance engineers plug in their laptops in order to collect diagnostic system data, finance departments require connections in order to bill, and operations teams connect in order to provide real-time performance data. The end result is that systems that were once isolated are becoming connected to the wider world. This makes them not only vulnerable to a specific attack against your organisation but also vulnerable to attacks that were aimed at a completely different organisation in another continent. Stuxnet is often used as an example of an attack, allegedly aimed at the Iranian nuclear facility, but which, because of the multiple use of the same systems components elsewhere, also ended up damaging other industries. This is a significant issue within the transport security industry. In some cases organisations are unaware that their conveyor belts, fuel systems or access control systems can be accessed externally. Their systems have evolved rather than being planned, and the overall risk to the organisation is not fully understood.


www.asi-mag.com 35


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52