“DEFCON has been cancelled !” DEFCON the world famous hacking convention has entered in SAFE MODE, meaning that it will take place virtually this year. During this outstanding event, the Aerospace Village is organizing a variety of virtual talks, workshops and CTFs with contributions from both public and private industry, all designed to provide education and awareness about aerospace cybersecurity and foster collaboration between the aerospace industry and the security researcher community.
CyberInflight is following this event with great interest !
If you can’t join the event or if you don’t have the time to go through all the content and videos made available by the Aerospace Village, CyberInflight will provide you with flahcards so you can the takeaways of each talk at one glance !
Here is a snapshot of CyberInflight’s Quarterly Digest. For this edition, we have set the focus on the topic of Dark Web. Find out how it works, what type of information can be found, and how it could impact the aerospace community.
You will also learn about the recent ransomware attack on an aerospace engineering group, how cyber attackers are impersonating major aerospace companies to spread malware, recent attacks targeting air transportation in the Middle-East, the data breach of a US airport, another case of supply chain attack and much more.
The topic of Dark Web seems to convey its set of myths and questionings. In its coming quarterly digest, CyberInflight is willing to share the result of its latest researches and analysis to shed some light on this topic and help aerospace stakeholders improve their posture.
The figure below shows that ransomware groups are accelerating the creation of websites dedicated to the publication of confidential corporate data stolen during their malicious activities. Some aerospace companies are among the victims, either through direct attack or through the compromising of their supply chain.
Digest available beginning of July. You will also find in this digest a review of the latest cyberattacks on aerospace stakeholders.
1. THE COVID-19 CRISIS: A LAND OF OPPORTUNITIES FOR HACKERS
The world economy has been hit by the COVID-19 pandemic, and the air industry is among the industries most severely impacted by this crisis. Airlines and OEMs, in particular, have started to announce cost reduction plans, which are probably not possible without downsizing their workforces, in order to survive until the end of the crisis. On top of the operational difficulties triggered by the crisis, theweakening of industrial players is seen by cyberthreat actors as an opportunity to be seized. The cyberattack level has soared in the last two months, and all but a handful of hackers have shown how far they are from following any code of conduct and how unethical their behavior can be, particularly when striking medical institutions and hospitals. Factors such as the economic downturn, mandatory home work for millions of employees, and difficulties setting up strong cybersecurity rules in a short timeframe make it the right moment for hackers to weaken companies that already have a knee on the ground.
2. CYBER-RESILIENCE CANNOT BE BUILT IN A DAY
By hitting airline revenues directly, this crisis may mechanically impact their level of defense. The airline industry’s level of IT investment in the last 5 years has shown a remarkable compound annual growth rate (CAGR) of 10.4%, from $21.5 bn in 2014 to $35.2 bn in 2019. The airline cybersecurity budget represents a decent portion of this IT budget. It has been estimated that the cybersecurity budget of airlines followed an outstanding CAGR of at least 50% in the last 5 years from $0.5 bn in 2014 to $3.8 bn in 2019 (2019 figure is an estimate by CyberInflight. 2018 figure, provided by SITA, is at $2.75 bn).
Does the level of investment in cybersecurity actually reflect the airline industry’s levels of maturity and resilience? It is certainly a good indicator. In 2019, the cybersecurity/IT budget ratio was estimated at 11%, when national security agencies usually advise a ratio between 5% and 15% depending on the industry. At first sight, this 11% could be seen as fair for the airline industry. In comparison, the cybersecurity investment level in the airport industry is estimated around $1.5 bn in 2019, which represents a 14% cybersecurity/IT ratio. This difference could be explained by the fact that airports have been targeted by cyberattacks more frequently due to easier physical access to their facilities. Airports have had to answer this level of exposure by increasing their levels of cybersecurity maturity. The airline industry would probably need to reach a similar cybersecurity/IT ratio to be on the safe side. In addition, an important point to mention regarding cybersecurity investments is that it takes time to raise a company’s level of maturity, and probably several months at least to see the outcome of a cybersecurity investment. The cyber/IT ratio grew from 4.6% in 2016 to 7% in 2017 and 9% in 2018. It may take time for these increasing investments to be totally effective and for cyber-resilience —which is mainly linked to the culture and maturity of a company— to be achieved. Ultimately, it is important to keep in mind that a company’s level of cyber-resilience not only depends on the level of investment, but also on how well these investments have been made.
3. THE REGULATORY FRAMEWORK: ON THE CUSP OF A MORE PROFUND CHANGE
Simply by measuring maturity based on the cyber/IT ratio, it is difficult to foresee whether this maturity level could increase in the coming months and years, as current priority is oriented toward the survival of the industry and its companies. Nevertheless, it seems that cybersecurity will remain high in company’s agendas, as forcing people into quarantine has revealed that strict cyber-hygiene rules must be timely and properly deployed. Basic cybersecurity practices appear to be the foundation of the sustainability of any organization. As an unexpected benefit, the COVID crisis will probably help to raise the entire industry’s cybersecurity awareness.
Among the strongest drivers of the adoption of cybersecurity, the influence of international regulatory bodies is considered key. The year 2019 was marked by a set of initiatives launched by international regulators regarding cybersecurity. Among the most significant ones, one can mention:
The publication of Aviation Cybersecurity Strategy by ICAO (October 2019)
The adoption of Assembly Resolution A40-10 addressing cybersecurity in civil aviation by ICAO (Oct. 2019)
The creation of the Aviation Cyber Security position paper by IATA, outlining IATA’s cybersecurity vision and mission (Jun. 2019)
The establishment of the Security Advisory Council (SAC) by IATA (Jun. 2019)
The first Aviation Cyber Security Roundtables (ACSR) held by IATA (Apr. 2019)
The rulemaking task from EASA, called RMT.0648, created in May 2016 with a Notice of Proposed Amendment (NPA2019.01) process performed between Q1 and Q3 2019
Several interesting initiatives launched by ACI in 2019.
A stronger and clearer cybersecurity framework is under construction and set to be introduced beginning in 2021, particularly in Europe. Hopefully, the crisis won’t delay the decision-making process of regulatory bodies, as the 2019 initiatives show a compelling momentum for air cybersecurity regulations. The current crisis’ slowdown of air traffic and restructuring of priorities could also be seen as the right moment to pave the way for a solid regulatory framework.
4. IN-FLIGHT CYBERSECURITY: BREAKING THE GLASS CEILING
In its “Aerospace Cybersecurity Market Intelligence” report, CyberInflight identified in-flight cybersecurity (IFCS) among one of the next trends. Despite the downturn, the evolution of the mindset regarding cybersecurity and the development of the regulatory framework could be seen as solid driving forces to encourage the deployment of IFCS components once the crisis softens. The crisis could help break the existing glass ceiling that has prevented many cybersecurity solutions suppliers to penetrate this market and to embed their products in aircraft.
To date, the cybersecurity of in-flight systems communications (IFE and IFC systems in particular) is mainly implemented within legacy equipment. With the development of cyberthreats, airlines could consider the introduction of independent dedicated cybersecurity components from third parties to monitor, detect and react to cyberthreats. The take rate of in-flight cybersecurity is definitely set for significant growth, as it is considered to be fairly low today. The adoption of dedicated embedded cybersecurity components (hardware and/or software) is already happening in business and military aviation and other vertical-mobility markets such as maritime and rail.
While IFCS may represent a small fraction of airlines’ cybersecurity expenses compared to items such as employee awareness and training, regulatory compliance or the setup of SOC infrastructures, it is expected to show the greatest growth rate in the coming years.
Find the complete details in our report. CyberInflight’s market research report features key findings regarding the aerospace cybersecurity market. Table of contents and excerpt available here: link. For more information, please contact us at email@example.com.
CyberInflight releases its quarterly digest for Q1 2020 on Aerospace Cybersecurity. Readers of the market intelligence report will shortly receive a link by email to access this document.
For this first edition, a focus on cybersecurity insurance based on discussions and interviews with stakeholders. Readers will learn about the evolution of cyber-insurance, how do insurers evaluate the cyber-risk, the role of the regulator, the link between the turnover of a company and its exposure to cyber-risk, the link between the turnover and the motive of hackers, trends in the cyber-insurance, the concept of exclusion etc. A list of must-reads on this topic has also been selected.
Ultimately, the digest identifies noticeable cybersecurity facts impacting the aerospace industry and gathers the last cyber-attacks on airlines and airports (for this first quarter at least 2 airlines and 1 airport).
Remember that you can suggest your topic for the next edition of the digest by writing at firstname.lastname@example.org.
APSYS was one of the first customer of the Aerospace Cybersecurity Market Intelligence report. APSYS specializes in controlling industrial risks. For 30 years the company has defined and implemented a process for controlling technical, human and operational risks on behalf of its customers. APSYS’ Aerospace Business Unit offers solutions combining state-of-the-art and innovation for the management of risks in the aerospace industry.
With a turnover of €66m in 2019, APSYS, a subsidiary of Airbus at 99.2% headquartered in Toulouse, has shown an outstanding growth in the last years and announced, in February 2020, the opening of 200 jobs.
” CyberInflight’s report helped us validate our hypotheses of the market and supported our strategic decision making. We found CyberInflight’s aviation background valuable, which is clearly imprinted in the in-depth insights shared via its report.“
Our first market intelligence product got off to a good start and CyberInflight will improve and enrich its aerospace cybersecurity intelligence offer during the year 2020. The velocity and complexity of the cybersecurity market requires stakeholders to adopt a dynamic posture achievable through better understanding of this emerging market and better information sharing.
CyberInflight is striving to provide its customers adequate informative and intelligence tools to guide them in their quest for cybersecurity. Customers of CyberInflight’s “Aerospace Cybersecurity Market Intelligence Report” will receive a quarterly update on aerospace cybersecurity as part of their purchase of the report. This quarterly update also offers a unique chance to provide feedback and suggest topics for the future publications.
The “CyberInflight’s Quarterly Digest”, in the same vein as the yearly report, will bring a thorough and analytical approach of the market, identifying the latest trends, describing the most recent cyberattacks, and summarizing the essential and strategic information necessary for better decision making.
Send us an email to submit your idea for the next digest to come at the end of this quarter.
As a former Aerospace MBA student at Toulouse Business School, I was honored to share with the current cohort some insights during an Aerospace Cybersecurity Awareness session. Three hours was probably not enough to cover this broad and exciting topic ! Thanks to the students, future leaders of the aerospace industry, for their interest and their constructive feedback.
CyberInflight is proud to announce the publication of its flagship report “Aerospace Cybersecurity Market Intelligence report”. This is a unique market intelligence resource tackling the topic of aerospace cybersecurity. Among other topics, the report offers an overall analysis and understanding of the market trends and dynamics, the investment levels, the competitive landscape, the regulatory landscape and the evolution of the threat level in commercial aviation. CyberInflight anticipates the profound change happening in the aerospace world triggered by digitization. This resource brings a fresh perspective on aerospace cybersecurity and provides the stakeholder a thorough and data-oriented analysis for better decision-making.