The air transport industry has cybersecurity as a top priority with 95% of airlines and 96% of airports investing resources into major cybersecurity programs or pilots over the next three years. Yet research released today from global IT provider SITA shows there is still room for improvement with only one third of boards at airlines, and a fifth at airports, having fully integrated cybersecurity into their business plans.
Speaking today at a gathering of European air transport industry leaders, Barbara Dalibard, CEO of SITA, highlighted that while cybersecurity is the number one priority for almost all airlines and airports, it demands more attention and must be higher on industry board agendas.
Dalibard said: “Recent global cyber attacks demonstrate the risks and the need for a proactive approach. The air transport industry is highly connected and reliant on partners. We must work as a community to fight the global threat to cybersecurity. While we are pleased to see a 46% increase in the number of airlines prepared to deal with major cyber threats over the past year, there is still more to be done. The industry should move from dealing with common cyber threats to being prepared for major ones. As the technology provider owned by industry members, SITA is committed to invest in, and lead, the community effort to maximize cybersecurity. Together we can ramp up the industry’s defenses and ensure we remain one step ahead of any threat.”
SITA has conducted in depth research into the level of cybersecurity maturity at airlines and airports in the fight against this global threat. The results show that there are very high levels of security awareness among staff at airlines (82%) and airports (85%). This year, beyond cybersecurity protection, the industry is focusing on threat detection and response management. Already CIOs at 69% of airlines and 47% of airports are implementing security events and correlation monitoring, while security incident response management is being put in place at 77% of airlines and 60% airports.
Dalibard added: “Airlines and airports are building their critical defenses and preparing to deal with common threats but we must all bring it to the highest level and integrate cybersecurity at executive and board level. Together we must identify, detect and react to cyber threats and protect the industry’s assets from attack.”
Having identified the challenge, SITA earlier this year partnered with Airbus to address the air transport industry’s distinct concerns and created a unique CyberSecurity Aviation Security Operations Center (SOC). It acts like a cyber control tower with an integrated combination of processes, people and technology to detect, analyze, respond to, and report on cybersecurity incidents.
Markus Braendle, Head, Airbus Cybersecurity, said: “The air transport industry has unique cybersecurity challenges because of the varied and increasing use of smart end points across a largely distributed infrastructure. Digital transformation is enabling the air transport industry to deliver better services to its customers, but raising its threat exposure. Together SITA and Airbus CyberSecurity bring expertise and solutions to help airlines and airports monitor their digital assets to detect and respond to incidents.”
The SOC is part of a broader portfolio of SITA products and services that help airlines and airports identify threats and protect against, detect and respond to cyber attacks.
SITA also operates the Community Cyber Threat Center, a security information sharing service run on behalf of SITA’s more than 400 air transport industry members. It enables actionable information on cyber threats to be shared in a timely manner among key industry stakeholders.
These initiatives are part of SITA’s commitment to lead the air transport community fight against cyber threats and to improve the integration of cybersecurity into business plans at board level at airlines and airports.
SITA’s 2017 Air Transport IT Trends Insights are available here. Over the coming months, further insight into the results will be made available.