Security experts from Tripwire and Securonix commented this afternoon on the Chris Roberts plane hack.
Tim Erlin, Director of IT Security and Risk Strategy, Tripwire (www.tripwire.com):
“The new information about Roberts‘ actions is high profile, but we should be asking how we validate what is possible on these aircraft, and how we then make them safer. Whether Chris Roberts is a criminal or not is secondary to the safety of passengers. As a consumer and a member of the information security community, I’d like to know what is being done to address the vulnerabilities that have been disclosed. Let’s make sure that no one can take over the plane electronically, rather than focus on whether this one person should be prosecuted.”
Igor Baikalov, Chief Scientist, Securonix (www.Securonix.com):
“Even if Roberts didn’t actively engage the plane controls, passive traffic monitoring in-flight that he admitted to is reckless and should be prosecuted.
Regardless of what happens to Roberts, he’s not the only one who should be punished. If the FBI claim is proven true, it should be an automatic indictment against the aircraft manufacturers, as well as the whole airline industry operating their planes, since these vulnerabilities were first disclosed back in 2010 and, apparently, nothing has been done about it. The negligence of the corporations endangers us disproportionately more than the actions of a single researcher.”
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.
Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior Securonix is able to automatically and accurately detect the most advanced data security and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around threat detection and monitoring, high privileged activity monitoring, enterprise and web fraud detection, application risk monitoring, and access risk management. For more information visit www.securonix.com.