Earlier today DHS assessment report revealed that commercial flight systems are vulnerable to hackers and cyberattacks are only ‘a matter of time’. The research is a continuation of analysis that was made after a group of security experts last year were able to remotely hack a Boeing 757 aircraft without the pilots knowing about it. Edgard Capdevielle, CEO at Nozomi Networks commented below.
Edgard Capdevielle, CEO at Nozomi Networks:
“The possibility of a cyberattack against commercial airline is not something new. However, one of the most worrying findings from the latest DHS report is that airplanes currently in use do not have the necessary cybersecurity protections in place.
“Indeed, the lack on cybersecurity protection in the ‘network of trust’ model upon which today’s commercial aviation backbone is built leaves systems increasingly vulnerable to malicious attacks. As the lifespan of current aircrafts is set to increase, so does the risk of potential compromise. Organizations shouldn’t assume they’re not going to get hacked; they need to take proactive steps to protecting their systems.
“The airline industry should pay closer attention to the risk of cyberattacks on their systems before significant damage is done. Indeed, manufacturers and airlines should take aviation cybersecurity seriously and work together with critical infrastructure owners, hardware vendors, information security experts and government officials to identify and mitigate vulnerabilities. Organizations need to ensure multiple layers of security defences governance are designed and implemented to ensure the security of all critical systems.
“Innovation and implementation of advanced cybersecurity technologies, such as machine learning and artificial intelligence, are an important step toward safe and reliable critical infrastructure. By establishing a baseline of ICS network communications and conducting real-time monitoring for anomalies, anything that detracts from expected behavioural patterns can be flagged and addressed.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.