The aviation industry has many potential enemies including state and non-state actors, such as, hacktivists, terrorists, and cyber criminals.
Aviation companies must acknowledge the emerging cyber threats, to understand the challenge and to become as innovative in security as they are in other aspects. Aviation companies should work together, share information and create solutions that will lead to a safer future.
We do not possess the ability to know what is ahead, yet it is safe to assume that with regards to cyber security the future is not bright. We already know that in 2016, we will witness more major cyber attacks. Why? Because it is an undeniable truth that we live in a world in which everything is hackable and nothing is safe.
Cyberspace favors the attacker. Attacking is much easier than defending, for many reasons. A hacker needs one success, while the security staff need to succeed all the time. Hacking is unpredictable, while security is routine and predictable. A hacker can exploit a single technology, while security needs to secure everything; hacking is cheap, while protection is very costly.
Only organizations that acknowledge the fact that everything is hackable are able to leap frog others’ abilities to address threats. Sadly, many still do not accept this as a fact and thus they still invest their resources and efforts mainly in prevention solutions and hope that nothing bad will happen.
Organizations that have accepted that the prevention approach is not enough have started executing a shift in their priorities. Those organizations are rebalancing between prevention and detection solutions. They understand that while they cannot fully stop hackers from breaking in, in many cases they can discover them as soon as they do it.
The interesting thing about detection solutions is that they favor the security department over the attacker. Super sophisticated hackers who attack an organization will usually spend more time and effort on staying anonymous and undetected than on the break-in itself. This is to show that staying undetected is the toughest part in the hacking process. An effective detection strategy is one that will make attacking an organization a costly decision.
But, more can be done once a company understands that they can go beyond prevention solutions. This will mean investing in other aspects of security, such as incident response. That combination of protection, detection and other aspects of security will allow an airline to create a robust and effective cyber strategy.
The aviation industry is one of the most innovative of the technological industries in the world. From the cyber security perspective, this is just one more advanced technology to be deployed, this time to protect the IT business critical systems just as if it were a maintenance system keeping the jet engines in perfect working order.
Menny Barzilay, Strategic Advisor, Tel Aviv University’s Interdisciplinary cyber research center