F-Secure has launched a specialized Aviation Cyber Security Services offering that’s designed to help airlines and similar organizations protect their aircraft, infrastructure, data, and reputations.
While many industries have been dealing with data breaches and cyberattacks for many years, F-Secure’s Hugo Teso says that changes in the aviation industry are bringing new risks for the airlines.
“Off-the-shelf communication technologies are finding their way into aircraft, which makes security much more complicated than in the past,” said Teso, a former pilot and current head of F-Secure’s Aviation Cyber Security Services.
He further added, “Because these off-the-shelf technologies weren’t necessarily created to meet the rigorous safety requirements of airlines, the aviation industry is making cyber security a top priority. But they need a partner that understands both cyber security and the details of airline operations, because it’s an industry where those details make a big difference.”
According to the company, F-Secure’s Aviation Cyber Security Services was designed to help airlines and other companies working in aviation secure their operations from the ground up. It integrates security assessments of avionics, ground systems and data links, vulnerability scanners, security monitoring, incident response services, and specialized cyber security trainings for IT managers as well as cabin and cockpit crews, into a single package that helps airlines harden their operations against cyberattacks.
Security assessments play a particularly vital role in aviation cyber security by flagging potential issues before airlines or manufacturers attempt to certify devices or services for use. Security assessments can focus on individual components such as specific pieces of hardware and software, or broader issues, such as how different systems interact with one another in an entire aircraft program.
F-Secure’s head of Hardware Security Andrea Barisani works with a team of experts that has nearly a decade of experience in performing security assessments for avionics and aircraft manufacturers, and places particular focus on designing and verifying data diodes – a defense mechanism that mitigates worst-case scenarios by restricting how an aircraft’s systems can communicate with one another.
“A key issue we help organizations with is how to protect an aircraft’s safety-critical systems from compromises in systems that are, in a sense, more exposed but less significant to an airplane’s operations,” said Barisani. “A key protection measure is separating systems into different ‘trust domains’, and then controlling how systems in different domains can interact with one another. This prevents security issues in one domain, like a Wi-Fi service accessible to passengers, from affecting safety-critical systems, like aircraft controls or air to ground data links.”
But the service isn’t limited to simply assessing different technologies or components. According to Teso, the offering aims to help airlines achieve long-term security for all their operations and systems.
“In aviation, trust is everything, and airlines know that if they lose trust they lose business. And even though cyber security is a relatively new concern for them, they understand that they need to get on top of problems right away and stay ahead of potential issues as technologies, operations, and threats evolve,” said Teso. “The overlap between security and safety is 100 per cent clear to airlines, so even an attack that’s not intended to affect the safety of an aircraft in reality – like hacking into a database to steal passenger data – is an unacceptable risk that threatens to undermine customer confidence in other operations.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.