Cybersecurity group is on aviation’s front lines against hackers

On a Monday in late April 2019, the screens that display arrival, departure and baggage-claim information at Cleveland Hopkins Airport went dark without warning.

The airport had become the latest victim of a ransomware attack targeting large-scale enterprises. 

The city didn’t end up paying off the hackers who had been holding the system hostage. But fixing the problem took several days. 

In May of this year, in a much more widely reported incident, cybercriminals hacked into the Colonial Pipeline network, disrupting operations and demanding $4.4 million in ransom. The incident caused jet fuel supply problems at some East Coast airports. In Charlotte, for example, fuel shortages caused American Airlines to tweak its schedule. 

Such incidents speak to the potential havoc that hackers could wreak on commercial aviation. The threat is serious enough that it led to the creation of the Aviation Information Sharing and Analysis Center (A-ISAC), an international, nonprofit cyberthreat sharing organization founded with government encouragement in the wake of 9/11. 

“There is a never-ending stream of attempts to get into networks,” said A-ISAC president Jeff Troy.

Related story: Fraudsters target hotel and loyalty points

A membership organization, A-ISAC comprises airlines, airports, aircraft manufacturers, aircraft parts suppliers, air traffic control entities and other parties in the aviation industry. Though the organization doesn’t reveal its membership list, major airlines and airports are among them.

Southwest chief security officer Michael Simmons chairs the A-ISAC board, and a recent United job posting for its principal cybersecurity analyst position listed participation in A-ISAC intelligence-sharing meetings among the responsibilities. Also, the trade group Airports Council International partners with A-ISAC to enable membership among airports. 

According to Neal Dennis, threat intelligence specialist at Cyware, which powers the information-sharing platform used by A-ISAC members, the organization has high engagement rates.

Often, network security teams report day-to-day threats, such as email phishing campaigns from hackers. Other times, members will report unusual IT traffic they’ve noticed in order to validate their suspicions or to see whether they are alone, Dennis said.

Such information sharing has become increasingly critical to the aviation sector as cyberthreats have increased exponentially. According to an analysis published in July by Eurocontrol (an organization of 41 member countries that works to coordinate air traffic management in Europe), the European aviation industry endured a 530% year-over-year rise in reported cyberattacks in 2020, with airlines suffering 61% of about 1,250 incidents.

Airlines, the report noted, lost approximately $1 billion from fraudulent websites alone in 2020. Data theft, credit card fraud and loyalty point redemption fraud were also prevalent. 

The authors also said that every week, an aviation-related organization somewhere in the world suffers a ransomware attack. One such attack singled out by Eurocontrol reportedly targeted Spirit Airlines this past March, with 33,000 files of customer financial and personal data released onto the dark web and a ransom demand issued.

Spirit didn’t respond to a request for comment. 

Potentially, said Troy, an attack could be more substantial than the ones that have been reported to date. For example, instead of taking over flight display screens like happened in Cleveland, cybercriminals could take control of an airport baggage system, causing chaos. 

That’s why, along with information sharing, the A-ISAC also shares best practices to stave off cyberattacks, including how to incorporate layers of defense into all vital computer systems. 

“We keep our fingers on the pulse of the threats. We have our members sharing information about attacks, attackers, their tools and technologies,” Troy said.

Source: Read Full Article