“…attitudes across four major categories of concern: national security, financial security, Internet security, and personal security found that, overall, consumer concern was a full 20% higher than in 2014.”
The transportation industry faces threats from cyberattacks that can change in their nature from one day to the next, requiring ever-more robust processes to negate them. But what are those processes and how should they be properly applied? Providing the answers is Dheeraj Kohli of Unisys, who explains what can be done to make ‘better, smarter, faster’ security
Cybersecurity is easily one of the most pressing issues facing businesses today, and that threat is equally present in the world of aviation. Much of the industry’s infrastructure has transitioned online and into the cloud, making it an enticing target for hackers and opportunists – as several high-profile recent examples have shown.
With high-profile breaches frequenting the headlines, it’s no surprise that consumer security concerns globally are at an all-time high…and they’re rising. The 2017 Unisys Security Index – which sought to gauge consumer attitudes across four major categories of concern: national security, financial security, Internet security, and personal security – found that overall, consumer concern was a full 20% higher than in 2014, the last time the global Unisys Security Index was fielded.
The transportation industry, standing as it does at the intersection of multiple security concerns, is feeling the full burden of this consumer anxiety. The pressure is on to strengthen end-to-end security, and to do so swiftly. To appreciate the unique position that the transportation industry finds itself in, particularly airlines and airports, consider five reasons why these institutions face security risks:
- Lack of budget/resources. While great equipment and technology exist, not all airlines and airports can afford the latest security solutions. For example, the security system in a small airport in a developing country may differ greatly from those employed by an international hub in a major European city. Some airlines and airports, by virtue of budgeting necessity, may go with the minimum security requirements.
- Too much connectivity. Physical assets, such as scanners and monitors, are now connected to an airport’s or airline’s systems. This means that:
(a) a hacker can gain access to internal systems through physical equipment, and
(b) modify the data and/or results from physical equipment if they have access to internal systems.
Illicit movement can occur in both directions if proper protections aren’t put in place and kept up to date.
- Weak links in the system. Historically, airlines and airports have tended to have an eclectic mix of systems in place that have been developed or added on over the decades as need arose. However, in more recent years the rapid advancement in recent technology has led to a disconnect between legacy systems and emerging software. For many, it can be difficult to identify and ensure end-to-end security across a wide network of siloed, legacy systems.
- The evolving nature of cyberattacks: The reality is that the threats posed by different forms of cyberattacks are becoming ever-more sophisticated. Yesterday’s security may have been more than adequate to thwart yesterday’s hackers, but the hackers of today may have ways that go over, under, and through those protections.
- Multiple regulations and multiple stakeholders. Transportation is a global industry, with complex business relationships and geopolitics at play. There are countless stakeholders in the mix; data flows constantly back and forth between numerous internal and external systems; regulations and requirements evolve by the day. With so many moving parts and affected parties, it can be hard to keep up to speed with appropriate security measures.
While an airline or airport wouldn’t set out to cut corners when it comes to security, the security in place may not be enough to meet today’s multiplying risks. What the transportation industry needs is a better, smarter, faster way of incorporating end-to-end security.
How to build better, smarter, faster security.
What does ‘better, smarter, faster’ security look like for the transportation industry? There are four building blocks that form the foundation for dynamic security that can keep abreast of the changing threat landscape: microsegmentation, machine learning, encryption, and analytics.
Microsegmentation is a newer approach to security that enables organisations to quickly and easily divide a network into multiple microsegments, each of which can function as if they were all separate networks with separate access privileges. This means that it is much easier to manage the access rights of each player in the value chain and also ensure that they can only access the information relevant to them. It also means that any compromise is contained within a microsegment, mitigating some of the potential fallout from a breach.
Meanwhile, advanced analytics can be used to anticipate, identify, and counter risk in real time. Predictive analytics tools with built-in artificial intelligence and machine learning technologies allow airlines and airports to improve real-time detection of fraud while reducing costs.
In the current climate, where anxieties are growing about national, financial, Internet, and personal security, airlines and airports need to lead with security. Those airlines and airports that are best prepared to protect their customers’ data without adding any inconvenience will be well-positioned for the digital future of air travel.
You may also be interested in these stories from Transport Security World…