Cyber security: Much ado about nothing?
We are all aware of the risks of cyber crime. And we are all aware that unfortunately they do not vanish when you are flying.
INTERNET security is something that we should all take very seriously at home, as well as in the office. But like flossing our teeth only sporadically, our good intentions can often let us down.
No matter what we do, whether it is at home or in the office, we can never be 100% safe all of the time. And the same applies when we are flying. So, should travellers be worried about using their devices when on an aircraft?
“There are some in this industry that give the impression that you are at greater risk when you are on your corporate aircraft when you are connected, but we just don’t see it that way,” says Doug Young, Gogo Business Aviation’s vice president of software infrastructure.
“There certainly are risks, those risks are very real, but they are not any greater when you are in your aircraft than when you are on the ground. In fact, we think you are safer in the air than you are when you are on the ground,” Young says that internet users need to be as vigilant in the air as they are on the ground, adding that as well as using Virtual Private Networks (VPNs), users should preferably be using two-factor authentication methods whenever possible.
He says that Gogo’s newest generation of products has cyber security built in from the very beginning, adding that before the first line of software code was even written, its platform was designed to be as secure as possible.
“Our airborne platform has a trusted privacy module, and we can leverage that for secure computing and secure communications”
“Our airborne platform has a trusted privacy module, and we can leverage that for secure computing and secure communications,” he adds. James Person, global business development director for Viasat says that cyber security is not something that its potential users are specifically asking about right now. But as users become more sophisticated he believes that it will become part of a check list of questions that will be asked of potential network providers.
“If they ignore this topic, they ignore it to the peril of their business, just from issues around IP protection and everything else that’s going on in the news,” says Person. “It’s almost comical to me that some people in our industry advertise and are very proud to advertise that they do threat detection,” says Person. “The problem is that if people only do detection, and some of the people in our industry do only do detection, they aren’t really doing anything except letting you know that there is a problem.”
Viasat say that it approaches threat detection slightly differently from other service providers, partly because it is also an Internet Service Provider (ISP) serving 500,000 properties, as well as to aircraft and boats.
“We start by detecting what’s happening at the root level, and that includes the typical Denial of Service (DoS) attacks, the attempts to inject viruses into the network that could make it all the way out to the end user if we didn’t stop it. We don’t only detect it, but we eliminate it as well.”
One thing that Gogo and Viasat share in common is that both companies are constantly monitoring new threats and updating internal departments and clients about the best practices to avoid threats.
But protecting the internet connection for passengers on board is not the only priority. With the increasing use of technology in the cockpit, the fear is that hackers might be able to access critical flight systems as well.
One way that this can happen is to spoof the GPS data that an aircraft relies on for navigation. We have already seen many attacks in aviation, with Manila Airport in the Philippines alone reporting over 50 cases of GPS interference in 2017. This caused airliners using the airport to abort their landings and go around for another approach, this time using backup equipment.
As well as the ability to hack, or spoof the GPS, there is also a growing concern that an aircraft or the systems on the aircraft can be hacked into. It has already happened. In 2017 the US Department of Homeland Security admitted that it had successfully hacked into the systems of a Boeing 757. Regulus is an Israeli start up that is developing a dual software and hardware solution that identifies GPS spoofing attempts. Yontan Zur, cofounder and CEO says that GPS spoofing attempts usually rely on the target aircraft having older technology on board.
“Most companies today are relying on technologies from the 1980s,” says Zur. “Most of them deal with beamforming, which usually requires heavier equipment and very expensive antennas, and they aren’t very capable against the new forms of spoofing attacks.”
Despite advances in threat-detection technology, nobody can be safe all of the time. But most of the threats that do get through can be mitigated by common sense on behalf of the user. Both Gogo and Viasat say that the biggest threats originate from the end users themselves and urge the same caution in the air as is used on the ground. The standard advice of not opening suspicious attachments or links or being careful when inserting USB drives into your laptop very much applies in the air as it does on the ground.
“The most difficult part of the entire eco-system to keep secure is the human element. Humans can be compromised in their ability to make good decisions about new threats that appear to them,” says Young. “Phishing, and spear Phishing (Phishing attempts that appear to come from a known contact) are evolving rapidly and it is becoming harder to discern between valid emails and forged emails.”
In other words, your behaviour is the first line of defence against evildoers.