Making the Friendly Skies Safe

The winter weather, high fuel prices, customer complaints, and bad publicity for dragging a passenger off an overbooked flight are some of the worries that can keep an airline executive up at night. Add to this list the rising concern of cyber-attacks and many CSOs of airlines wish they were vacationing instead in an overwater bungalow in Bora Bora.

Why are airlines being attacked by cyber-criminals? For one, Airlines have a treasure trove of sensitive customer information including private passport and credit card data-valuable information for cyber-criminals.  The other issue is that the airlines often connect disparate systems and networks together which can open the door for increased vulnerabilities. Reservation systems, baggage system, logistical data and partner networks are all connected and we’re now adding IoT to the mix providing more potential entry gateways for criminals.

This is all happening while people are flying more than ever. By the end of 2019, the airline industry will set a new record in terms of the number of scheduled passengers, almost 4.6 billion which is up 130% from 2004. The International Air Transport Association (IATA) revealed that present trends in air transport suggest passenger numbers could double to 8.2 billion in 2037.

Problem for Airlines Around the World

A little while back, British Airways was in the embarrassing situation of announcing that 500,000 customers visiting its website were redirected to a fraudulent site where sensitive data was subsequently stolen. It was an expensive problem to fix not to mention the huge $230M fine which British authorities asked the airline to pay for not safeguarding people’s personal data.

And then there was the big headline shared globally involving Cathay Pacific. A little over a year ago, Cathay Pacific was hit hard by hackers and passport numbers, credit card data and other sensitive information such as nationalities, dates of birth, addresses of up to 9.4 million people were illegally accessed. Over at Delta Airlines, the chat software was to blame for the cybersecurity breach exposing customer data. And for our friends in the North, Air Canada said that a data breach occurred on its mobile app, effecting about 20,000 people.

Numerous Connections Make it More Confounding

For busy airlines, the risk of a major security breach can increase with the number of third party vendors involved with a company’s operational process and the number of connected devices. At SFO for example, over 30 airlines connect to the airport systems, the baggage systems, the maintenance network, the FAA, various business partners, all tied together to make the system work seamlessly and get passengers to their destinations.

When a breach occurs, it can be a flurry of activity to contain the damage and find a remedy. Air Alaska for example right after it closed its deal with Virgin America was hacked when cybercriminals gained access to Virgin airline’s systems. When hackers used a remote access toolkit to exploit an Apache Struts vulnerability they were able to move laterally inside the network environment, basically jumping to other systems where more desirable information and data were stored. It was all hands on deck to contain the damage and the good news was that Alaska Airline at that point, and even now for that matter had Virgins network environment separate from the core Alaska Airline’s network.

Segmentation, Sort of, Kind of

This segmentation of sorts helped contain the damage and limited the negative impact to the parent brand. The bad news, however, was that that vulnerability point of ingress was a vendor controlled system that had to remain online as required by the FAA so the system could not simply be switched off and even worse so Alaska had to wait for the vendor to provide a patch update.

Thinking the Problem Through

Having sensitive customer information, unfortunately, means Airlines are subject to cyber-attacks. And the cost and fines related to compliance can be a big deal in addition to the negative publicity and consumer loss of confidence when a breach occurs. The number of devices will continue to be connected to the network for major airlines exposing carriers from international all the way down to regional to security risks.

Segmentation the Ordr Way

The airline industry has been consolidating in North America and its understandable and prudent to keep networks separate after a merger. Cost savings nonetheless can be limited by keeping multiple systems and different networks running vs combining things together. Keeping things separate can keep help contain and limit the expansion of damage yet we like to think a better approach is via micro-segmentation, keeping things separate not just physically but logically as well.

Micro-segmentation gives network administrators more granular control over the traffic that travels up and down and across a network. If and when a breach occurs, micro-segmentation limits the potential spreading and helps prevent potential business disruption. At Ordr, we can help companies segment their network and make sure that traffic within one subnet is carefully monitored and that any anomaly is quickly detected and contained. For Ordr, segmentation applies to the detection and isolation side and just importantly the protection and prevention side.

The Control Tower…Be in Control

The airport control tower is where key operations such as flight data, clearance delivery, and ground control are orchestrated. Ground control makes sure airplanes that have landed can taxi to the right terminal while airplanes ready to take off are sequenced correctly and in order. Even if there was an incident or emergency, there is a segmented and orderly way to contain an issue and keep it from spreading throughout the airport. Likewise, Ordr’s system sees all the elements in a network, keeps things orderly while also making sure operations flow smoothly throughout.

Beyond classification and visualization, our security vision is to provide proactive protection and automate and streamline what can be labor-intensive and time-consuming tasks similar to how things are performed within an air traffic control tower. It all starts with doing segmentation the right way so that things are orderly, even considering the 100,000 flights a day or the millions of bags traversing every day. As an added benefit at Ordr, we have supported multi-vendor heterogeneous networks and our approach is not limited to how and where we can instantiate policy enforcement but rather across the entire airline’s network system.

For airlines we can help implement policies dynamically automate remedial actions and policies across different segments or disparate subnet of a network, helping to keep the friendly skies safe.