Aviation Safety and Cybersecurity: Learning from Incidents

Aviation Safety and Cybersecurity: Learning from Incidents


The aviation security industry is the study and practice of aviation risk management. It is a solid concentration of regulations, legal documents, accident investigations and aviation near misses. Above them are lessons learned and knowledge shared; reports, facts and statistics that form a cognitive super vitamin, which the aviation community uses to keep their business healthy and safe.

The above concept is successful. People trust the aviation sector and consider it the safest form of transportation. Unfortunately, when it comes to cybersecurity, the community feels quite exposed and vulnerable. Statistics that are not available, dark corners and lack of lessons learned from cyber incidents are some of the aspects that blur their reputation. Wouldn’t it be better for companies and organizations to adopt the success of the aviation security industry to increase their level of cyber security and community trust?

The idea behind it

The recent cyber attacks renewed interest from industry, academia and the US government in some form of Board that could investigate cyber incidents. In the spring of 2021, a workshop was held on building a cyber incident investigation capability based on the National Transportation Safety Board (NTSB). The NTSB is considered the most robust set of aviation safety programs. It acts as an independent federal agency mandated by Congress to investigate aviation accidents and major transportation incidents. NTSB investigates causes and issues safety recommendations to prevent future disasters.

The workshop examined the feasibility of whether the cyber security industry can adopt aviation security procedures to improve its posture. The result was a report highlighting key findings, recording research questions and proposing a roadmap of recommendations. The report concluded that the cybersecurity industry lacks authoritative, independent processes and investigations aimed at publishing lessons learned from cyber incidents and enabling improvements.

Cybersecurity industry policymakers have called for an agency to investigate cyber attacks and incidents, identify leaks and gaps in security controls and inform the community. From this perspective, the NTSB transportation safety paradigm is frequently used as an analogy because it provides body, maturity, and substance to this concept.

The “cyber NTSB” conceptual approach.

The workshop was attended by 70 expert minds who worked for four months on the concept of creating a “Cyber ​​​​NTSB”, an idea born in 1991. The problem given to the participants was the same as in the NSF Report 2014: “A Critical Issue.” in cybersecurity is the lack of reliable and consistently reported data about security incidents. The lack of data makes it difficult for others to learn from these attacks and is leading to misplaced priorities.”

The workshop was based on assumptions, all of which argue that the current cyber security system is insufficient and should be adjusted to accommodate what the aviation security industry is doing. What the participants observed was that cybersecurity lacks information, knowledge and wisdom, not data; these are abundant.

Main conclusions of the workshop

Early on, the workshop looked at how a Board can be alerted to incidents to determine whether they merit an investigation. Unlike aviation, cyber incidents are not kinetic like air crashes and are shrouded in secrecy as companies fear liability and damaged brand reputation, making them difficult to detect. The conclusions of the workshop were the following:

  • The Council can use the existing information mechanisms effectively by filling the gaps between them.
  • Cybersecurity and IT have no incentives for voluntary reporting, although it is clarified that sharing information does not violate antitrust laws.
  • Board awareness can be improved through individual reporting, although this can be seen as the company’s weakness and underinvestment in security.

With an appropriate reporting system in mind, the following question arose: What incidents require investigation? The workshop emphasized that there should be quantitative and qualitative criteria that trigger the investigation procedure. In addition, it would be very useful if the Board investigated not only incidents but also trends. If you could track the cybersecurity ecosystem, identify common mistakes and trends in attack patterns, and associate best practices to defend against those trends.

The steps for a successful investigation were then examined. How should investigations be conducted, what exactly should be investigated and what techniques should be used? The Board concluded that:

  • Fact-finding should be a collaborative process; the independent analysis. As with aviation incidents, many parties provide expertise related to the investigation, but are excluded from the analysis and do not contribute to the final report.
  • Slow and careful research makes the effort worth it. Deep and detailed questions help gain insights for the incident. Errors in the products, tools and controls involved are significant and should be considered.
  • The NTSB’s independence allows the Board to evaluate regulators and regulations.

The publication of incident reports and “near misses” is paramount. The workshop concluded that because there is no reliable data, records, and history of cyber incidents that can be used to create policies and response plans based on what has happened, the advocacy community is often fighting cases that they do not fully understand .

Finally, the reporting system should use narratives and numbers, as this will enhance the concept of “learning and sharing”, but should share knowledge wisely. There may be sensitive data, such as the “last words of the pilots to the families”, which must be disseminated with discretion.

The next steps

If security were a fashion show, without a doubt, aviation security would be the model of reference; delicate but robust, where the maturity of time would bring more charm. The challenge is whether cyber security can shine on the same tracks as aviation security. The workshop showed that this is feasible if all parties cooperate to integrate knowledge at the highest possible level of security.

To this end, the workshop summarizes several research questions regarding the adaptation of aviation lesson learning systems and key findings for further research. Finally, it suggests a series of recommendations for the Cyber ​​Security Review Board (CSRB) and Congress to evolve the “Cyber ​​​​NTSB” concept into reality; an entity that can learn from mistakes and successes, sharing knowledge generously.


About the author:Christos Flessas is an information and communications systems engineer with over 30 years of experience as an officer in the Hellenic Air Force (HAF). He is a NATO Accredited Tactical Evaluator in the area of ​​Information and Communication Systems (CIS) and the National Representative (NatRep) in Signal Intelligence CIS and Navigation Warfare Working Groups (NavWar). Christos holds an MSc in guided weapon systems from Cranfield University, UK. He has also attended numerous online courses such as Palo Alto Networks Academy’s Cybersecurity Foundation course. His experience covers a wide range of roles, including radar maintenance engineer, software developer for airborne radars, IT systems manager and project manager implementing major armaments contracts.

Christos is intrigued by new challenges, open-minded and excited to explore the impact of cyber security in the industrial, critical infrastructure, telecommunications, financial, aviation and maritime sectors.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.



Source link

Related post

JavaScript-React Developer – Gauteng Pretoria

JavaScript-React Developer – Gauteng Pretoria

Platform for developers / Application integration Understanding of BI tools will be a plus Understanding the integration between different technologies Coordination…
How to access Netflix games on iPhone and iPad

How to access Netflix games on iPhone and iPad

While Netflix has made a name for itself as a streaming service that offers movies and TV shows, including an extensive…
WEBFLOW NAMED TO 2022 FORBES CLOUD 100 FOR THIRD STRAIGHT YEAR

WEBFLOW NAMED TO 2022 FORBES CLOUD 100 FOR THIRD…

Visual Development Leaders rank #50 on the esteemed list after crossing them 4 million dollars assessment and improvement 100 million dollars…

Leave a Reply

Your email address will not be published.