Finding vulnerable equipment
of this kind is now trivial
enough to be carried out with
simple scans using public tools.
Incredibly, almost anyone on
the Internet can spot unpatched
equipment in seconds, even
though the companies running
them seem oblivious.
“In addition, direct
connections from the OT
(operational technology)
network to the Internet
are often made for ease of
maintenance; however, because
of the lack of segmentation,
this can be a route for attackers
to exploit, and so security
awareness in this area must
improve.
“The lesson is that while air
logistics is a complex industry
using specialised systems and
equipment, from the attacker’s
point of view, it’s just another
network that uses the same
vulnerable equipment. In the
past, specialised equipment
would have raised the level of
expertise required to bypass
security. The take-up of Internet
of Things (IoT) protocols, cloud
technology and applications
works against this this because
it creates a standardisation that
attackers can exploit.”
The obvious fi xes
Companies should secure
open ports and patch software
vulnerabilities, exhorts Carullo,
but doing this quickly can
be a complex undertaking.
There are two strategies that
help: the fi rst, to try and
see the network from the
criminal’s point of view. Are
there any open ports and do
public-facing applications
and equipment have known
vulnerabilities likely to be
targeted? The second, when
deciding which weaknesses
to look for, organisations can
*Footnote:
Nozomi Networks is a leader in OT and IoT security and visibility, accelerating digital transformation by
unifying cybersecurity visibility for the largest critical infrastructure, energy, manufacturing, mining,
transportation, building automation and other OT sites around the world.
Plan for the inevitable
When securing critical and logistics infrastructure, it’s essential to
assume attackers will eventually penetrate even the best defences –
so plan on that from the start. Part of this is about having a response
plan in place while remembering to slow attackers down as much as
possible by implementing proper network segmentation. There must
also be a willingness to prioritise patching known vulnerabilities,
remembering to manage how this is being done by managed service
providers so that outsourced security doesn’t turn into a blind spot.
Access to internal systems must be secured as rigorously as externally
facing ones.
Concluding, Carullo says: “A critical fi nal element is to monitor
real-world incidents and make use of threat intelligence, not least
through information sharing with other companies. An attack on
a competitor or a company in a related area is always a warning.
When the cybercriminals turn up at your company’s door, don’t let
it be a surprise.”
The need for robustness
As digitisation and connectivity continue to play a key role in airline
operations, carriers must be robust in dealing with the risks that
come attached to both. Such developments have increased effi ciency
across the board, but they have also opened up airlines and their
aircraft to vulnerabilities, such as cyber attacks.
At IATA’s Global Media Day in December 2019, Nick Careen,
IATA Senior Vice President, Airport, Passenger, Cargo & Security,
addressed the importance of understanding the cyber threat. New
levels of vulnerability arise from technological advances, as airlines
today face an ever-changing fi eld of cyber attacks.
“These technological advancements are creating tremendous
opportunities for fl ight effi ciency, customer service, security and
operations,” said Careen. “However, as a result, new levels of
vulnerability also arise from this progress, as airlines today face an
ever-changing fi eld of cyber attacks.” He added that the connectivity
of aircraft systems has extended the potential attack surface to the
aircraft itself.
In addition, the increasing digital footprint of aircraft means that
protecting data has taken on a new signifi cance, as illustrated by the
data breaches Cathay Pacifi c and British Airways suffered in 2018.
Careen denied claims from some hackers that they had the
ability to access critical fl ight systems by hacking passengers’
personal devices in fl ight.
“This is not the case,” he assured the audience. “That’s not to rule
out the danger, as no threat can ever be ruled out a hundred percent,
but so far manufacturers have confi rmed that no critical fl ight
systems have ever been at risk from such a threat.”
Cyber security is a key priority for aviation, demonstrated by
a resolution at the 40th ICAO Assembly, which committed to
addressing cyber security issues through a “cross-cutting” functional
approach.
IATA has welcomed the resolution, which urges states to
implement the ICAO Cybersecurity Strategy and ensure civil
aviation remains safe, trusted and resilient to cyber attacks, while
continuing to prosper.
WHEN
PERFORMING A
CYBER SECURITY
HEALTH CHECK:
1. Ensure that your assets are
updated with the latest software/
fi rmware versions on offi ce
equipment because this can be
the gateway to OT systems.
2. Apply a health-check on all
network infrastructure. Ensure
that correct network segregation
and fi rewall policies are in place.
3. Apply a health-check on your
SIEM solution and complementary
systems (Anti-Virus, IDS, etc).
Ensure that all the nodes are
monitored and that there are no
anomalies in the network traffi c.
4. Sanitise access and
authorisation. Verify that proper
authentication schemes and
policies are used (2FA, strong
passwords), and that old
credentials and expired digital
certifi cates are revoked.
5. Remain vigilant against
suspicious e-mails or external
devices that are allowed in your
environment (USB, mobile phones
and so on).
do worse than study public
incident reports for clues on
which weaknesses crime groups
are hunting for. A simple rule
of thumb is that any network
access, including that by
administrators, should require
multi-factor authentication as
a bare minimum, preferably
using hardware tokens.
www.airlogisticsinternational.com April 2020 39
/www.airlogisticsinternational.com