- August 1, 2022
- Tag: Aviation
The aviation industry is classified as critical infrastructure in the United States due to its strategic relevance to economic growth and national security. As a result, advanced persistent threat actors and financially motivated cybercriminals have targeted aviation organizations and their supply chain networks.
In recent times, security experts have witnessed prevalent cyber attack methodologies such as social engineering, supply chain compromises, and ransomware attacks against targets in the aviation industry. Typically, threat actors look to disrupt business continuity within the aviation industry by compromising critical assets, such as aircraft IP networks, digital Air Traffic Controls (ATCs) and traffic management systems, Flight-By-Wire systems, in-flight interface gadgets, or flight history servers.
This article dissects the information circular (IC) from the US Transportation Security Agency (TSA) pertaining to cyber risk management mandates for the aviation industry and applicable partners.
Explaining TSA’s Self-Assessment Requirement
Self-assessment requirements are structured to collect, review, and use essential information about a system’s work. Self-assessments are carried out to determine whether programs are successful. This assessment aims to improve the system’s efficiency and boost productivity. The staff conducts interviews, questionnaires, or drills.
The requirements imposed by the TSA for self-assessments are mandatory for almost the entire aviation industry. The affected sectors include commercial aviation having flights scheduled and operated for monetary or cargo transport; general aviation, which provides for personal or business transportation; privately owned jets; and military aviation, which deploys flying machines for cargo transport or aerial combat purposes. Formally, TSA self-assessments include the process cost of conducting the self-assessment and the compliance costs.
Explaining TSA’s Incident Response Planning Requirement
An incident response plan (IRP) is an organization’s strategy to manage and respond to crises so that regular business operations are not disrupted. In the aviation industry, incident response planning assists organizations in minimizing losses, responding to existing vulnerabilities, restoring processes/services, and also helps to reduce future risks efficiently.
The IRP in the aviation industry is a document of calculated procedures and instructions for cognizing, reacting to, and combating the effects of malicious cyber attacks. These assaults are directed exclusively at aviation information systems. When establishing an IRP, the airline or airport must tailor their plan to the specific needs of their operations. When implementing an IRP, the airline/airport schedules its strategy to conform to its functions. Every department head in charge of operations must have a complete checklist of reactions.
The importance of an IRP in the aviation industry focuses on “airlines” and “airports.” Following an accident, an airline or airport must follow the procedures outlined in the IRP to avoid being held accountable for the incident. When determining how much an airport or airline should pay in premiums, one of the primary factors that insurance companies consider is its IRP. This document demonstrates that you have been prepared in the past for an unexpected or sudden disaster or occurrence that required a quick response.
As a result of the unpredictability of the security situation, the aviation industry has nearly every subsector covered by an incident response plan.
Recent Security Incidents against the Aviation Industry
- Phishing attack in New Zealand (2019): This attack was directed at users of the Air New Zealand Airpoints program. This attack compromised approximately 112,000 customers’ personal information, including names, contact information, and Airpoints numbers.
- Ransomware attack at Albany International Airport (2019): On Christmas Day of 2019, a ransomware attack occurred at Albany International Airport in the United States. The attackers successfully encrypted the airport’s entire database, forcing the administration to pay a ransom in exchange for a threat actor’s decryption key.
- Attack bots targeted Ben Gurion Airport (2020): Israel’s airport authority stopped about 3 million bot attacks daily to compromise airport security systems.
- Ransomware attack on San Antonio, USA (2020): ST Engineering’s aerospace subsidiary in the United States experienced a data breach due to a cybercriminal called Maze gaining unauthorized access to its IT network and launching a ransomware attack.
How GoldSky Can Help
GoldSky is an innovator in cybersecurity services security, privacy, and compliance. The following are some services that comply with TSA regulations in the United States and are offered to the aviation industry.
The security risk assessment service offered by GoldSky could be of assistance in better comprehending the current security posture of the aviation industry. Our engineers use high-end tools and tactics with a threat-based framework to perform 360-degree cybersecurity assessments in all five critical areas — people, processes, facilities, technology, and compliance — highly regarded in the TSA’s latest IC mandate on cyber risk management.
Moreover, GoldSky’s cybersecurity services offer a Chief Security Officer-as-a-Service (CSOaaS), which fully complies with the TSA’s Air transportation policies surrounding cyber security risks management. Some of the CSOaaS’s primary responsibilities include:
- Developing unique security policies, procedures, and guidelines.
- Overseeing the security awareness training for technical and non-technical internal teams.
- Creating and managing a resilient cyber security program.
In addition, GoldSky’s digital privacy services work to set a privacy baseline, identify relevant privacy compliance requirements, and define resilience tactics to effectively future-proof critical business operations and systems in the aviation sector. GoldSky provides tailored privacy techniques that make TSA authority compatible with organizational (aviation) processes while maintaining high privacy standards.
Conclusion
The aviation sector process millions of sensitive personal information daily, including payment card information, biometrics, etc. From airlines to third-party ticket processing companies, the aviation industry is a lucrative target for cyber threat actors. Therefore, security breaches have far-reaching consequences beyond monetary loss and reputational damage – national security implications apply too.
To introduce a proactive approach to cybersecurity management, the TSA (in collaboration with the Department of Homeland Security) decided to issue a mandate to help primary and secondary aviation suppliers comply with solid security and privacy best practices and framework. Additionally, by collaborating with reputable cybersecurity service providers, companies associated with the aviation industry can leverage the security, privacy, and compliance expertise available at an affordable cost.