Just as RTCA brings together competing companies to make aviation safer across the world, entities working to prevent cyber threats are coming together in partnership to address threats to aviation, says Jeff Troy, President, CEO of the Aviation Information Sharing and Analysis Center (AISAC), one of approximately 24 such organizations in the U.S.
“We bring together companies in the industry to share cyber threats, collaborate on incident response, secure networks, and share best practices to protect and defend networks and products,” says Troy. “This trusted community increases the speed at which companies can find threats, develop solutions, and secure the entire aviation eco-system.”
For example, threat data is gathered by intel analysts, who then pass this information along to network security architects (NSAs). The NSAs are then better equipped to design more secure infrastructure. Similarly, Product security experts look at best practices and make recommendations, such as increasing their engagement with cyber security researchers in the aviation field and by setting up a vulnerability disclosure program. Over the past several years, this outreach has led to several security design improvements of products.
Airport technology is also an important arena, as at airports many companies merge on single systems, such as common use ticketing kiosks. Other airports technology such as flight information display systems have also been hacked. Several airports have been hit with ransomware in the past two years.
To combat all of these threats, the Aviation ISAC has formed communities such as the threat actor working group, whichtracks known bad actors and builds profiles that seek to understand intent and identifying characteristics of each attacker. This includes how the attackers break into systems and move around within systems. By working together the industry has built comprehensive profiles, says Troy, which help each company understand how best to respond to the attack. In some fraud cases, many companies have suffered a small attack, however we were able to bundle the cases together as we proved it was one common attack group and the total financial damagesjustified law enforcement resources to address the case.
While threats to cyber security will continue to occur and increase in their level of sophistication, Troy is optimistic the collaborative atmosphere of the industry and its government partners will keep the aviation industry resilient and operational.
“We’ve seen a lot of wins through this global collaboration,” said Troy. “As more trusted partners become a part of the Aviation ISAC community, the more effective we will become in discovering threats earlier, innovating on best practices and strengthening the cyber security of the global aviation network.”