Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/890230
n o industry is immune to cyber breaches, but few evoke visions of catastrophic loss and devastation than an aviation cyber attack. Despite being the safest mode of transport, the aviation industry's potential for large-scale loss makes it a high-value target for malicious actors. Aviation's inextricably connected systems and processes present numerous contact points for cyber threats, targeting its critical assets - data, information, systems, and equipment. From flight service delivery, aircraft maintenance, repair and overhaul, ground and airspace control, and in the case of military aircraft, combat, ordnance and navigation processes, the very nature of these pro- cesses make cybersecurity incredibly complex in both design and management. In the past fifty years, aviation has in- creased its operational dependency on sys- tems and software by at least 75 per cent. The evolution of aviation software and sys- tems emerged from isolated systems, rather than open systems that allowed for higher vulnerability resolution, that was designed for specific functional and availability needs, not security. While cybersecurity is now a priority for the development and implementation of aviation technologies, malware attacks are occurring between hundreds to thousands of times a month, seeking vulnerabilities in not only software but policies, processes, infrastructures, architectures, equipment, and components. When successful, these attacks have resulted in substantial data and prof- it loss, as seen in recent cyber exploits in the US, Turkey, Spain, Sweden, and Poland, causing a growing concern among industry authorities and regulators. While flight and system configuration data or entire systems are common targets for malicious actors, the impacts of these breach- es can extend far beyond financial and privacy to operational safe- ty, service levels and even, if severe enough, mass casualties to the destabilization of entire sectors and economies. Due to these risks, aviation must maintain an elevated security posture through comprehensive cybersecurity standards, frameworks, processes, and safeguards. However, balancing the priority of current threats with the broadening problem on the horizon is complicated by other unprecedented challenges: a global cybersecurity skills shortage, increases in less sophisticated but high-impact attacks and even more complex relationships between networks, systems, and equipment. Moreover, technologies like Big Data Analytics, the Internet of Things, smart-technologies, and smaller, cheaper, super-powered devices, all stand to radically transform aviation, but they will also obfuscate the very threats it strives to counter. Similarly, exter- nal public networks, third-party cloud storage, and out-sourced development are all important to improving efficiencies but they also increase the potential for modification of data, which poses a T THE LAST WORd by Valarie Findlay Cybersecurity in aviation should be a piece of cake 46 OCTOBER/NOVEMBER 2017 www.vanguardcanada.com Due to these risks, aviation must maintain an elevated security posture through comprehensive cybersecurity standards, frameworks, processes, and safeguards. greater risk than denials-of-service. While the benefits these tech- nologies - how they improve access, transmission and relational data constructs for more precise application and improved busi- ness processes and decisions - are significant, they are not limited to the industry and will be undoubtedly exploited and utilized by malicious actors. In recent years, it has been recognized that technological coun- termeasures alone are not enough. The International Air Trans- port Association (IATA), the International Civil Aviation Orga- nization (ICAO), and operational agencies like NAV Canada and the European Aviation Safety Agency (EASA), have made cyber- security a priority in standards, frameworks and in developing new capabilities that address emerging threat scenarios. Formulating cybersecurity approaches through part- nerships, collaboration and information sharing at the industry and international policy levels, in cooperation with nations, are crucial to maintaining alignment with the significant strides in technology. Beyond standards and toolkits, aviation regulators and operational stakeholders must engage to develop and implement higher operational acceptability levels - integrated design, standardization and interoperability at the system level, policy- driven grading and certification, research and development that test well outside "normal" and "predict- able" conditions and CERT-driven monitoring and operations. Like any other industry looking to harden assets and improve de- tection and response, aviation will need to invest in "better than best practices", comprehensive target evaluation and air-tight se- curity assurance requirements that are commensurate with thor- oughly assessed risks. While the cybersecurity challenges in aviation may appear to be monumental, a historical perspective on the industry may alter the paradigm: in 1903, two brothers embarked on the first powered, sustained and controlled flight. Today, aviation is a diverse, world- wide industry that puts sophisticated aircrafts in the air over a hundred-thousand times a day and supports 63 million jobs, $2.7 trillion in global GDP and drives several nations' economies and the global economy. In twenty years, this is projected to double. That is monumental. In light of that, cybersecurity in aviation should be a piece of cake. Valarie Findlay is a research fellow for the Police Foundation (USa) and has two decades of senior expertise in cyber security and policing initiatives. She holds a Masters in Terrorism Studies from the University of St. andrews, and her dissertation, "The Impact of Terrorism on the Transformation of Law Enforcement" examined the transformation of law enforcement in Western Nations.