Protect Your Network in the Air and on the Ground by Learning Cyber Security Basics

Elizabeth Counsman

By Elizabeth Counsman
Corporate Communications Manager, Satcom Direct

Posted on October 5, 2018
Plane flying through clouds and Matrix binary

Cyber Security continues to be a global concern affecting every industry, including business aviation. The news is plagued with stories of companies that have had their networks compromised by criminals using dozens of methods to gain access, but is access alone enough to say that your network has been breached?

Josh Wheeler, Director Cyber Security Solutions for Satcom Direct (SD), explained how the ability to view a network alone does not necessarily mean your network has been compromised. “Think about a parking garage filled with cars at an airport. Is walking through the garage and looking into the windows illegal? Would it be considered breaking in? Now, what about jiggling door handles? Suspicious, yes; nonetheless, you are not breaking into the vehicle. But, if you happen to find a car that isn’t locked when you jiggle the door handle, you have the opportunity to take anything out of that car that you want.”

“This is how most incidents can be visualized,” Wheeler continued. “Threat actors can scan addresses and ports ‘looking into windows’ and trying to find these ‘unlocked doors.’ Although many of these incidents fail to turn into anything more malicious than snooping, sometimes they do.”

Cyber Security: Protection Starts with Education
To protect yourself from falling victim to these opportunistic attacks on the ground or in your aircraft, you need to be proactive and knowledgeable of network security basics, starting with understanding the difference between a cyber event, incident, and breach.

“You have to understand, there could be a security event without a security incident,” explained Bryan Ray, Information Systems Security Manager at SD. “In the industry, we define a security event as any security-related action that occurs on an information system. It does not have to be malicious. It could be as simple as a user logging into a network computer. Now, a security incident occurs when any security event violates a security control, such as when a person bypasses established controls to access information they shouldn’t. This is unauthorized access, which is one form of a data breach.”

“There are two types of breaches, a network or system breach and a data breach,” said Ray. “A data breach is the unauthorized destruction, modification, access, or exfiltration of data, and a network or system breach is the unauthorized access to a network or system. Just because someone breached a network does not necessarily mean that there was a data breach.”

Understanding the differences between these two definitions is critical to understanding cyber security. Again, system access does not always mean someone has done anything malicious with the data.

How a Hacking Incident Unfolds
There are five steps in the lifecycle of a hack, according to Ray. The first step is reconnaissance, which could occur through a social media platform. Cybercriminals use this step to learn everything they can about their potential targets. Second, they scan for the weak points of their targets, which is why corporations need to protect their complete value chain. Many companies have been exposed to cyber‐attacks through third parties, such as vendors.

“Flight Departments often deal with third party vendors to provide everything from catering to medical services. Understanding how they ensure data integrity is very important,” said Wheeler.

Cybercriminals look for the easiest targets using the simplest methods. Therefore, another way to be proactive is to constantly evaluate your attack surface to see where you are most vulnerable, including when your aircraft is 40,000 feet in the air. You also need to educate yourself on the methods used by cybercriminals.

It is human nature to be inquisitive and helpful, and cybercriminals capitalize on this with social engineering. Social engineering comes in many flavors, but a favorite among cybercriminals is phishing, which is intended to trick people into doing things they shouldn’t. This may be opening a malicious document in an email or convincing them to click on a hyperlink that takes them to a malicious website. Both situations can lead to compromised credentials or computer.

Wheeler explained that firewalls and intrusion prevention systems can offer additional support to something that looks rather harmless to the average passenger. These systems, when properly used, can block and provide notification of any threatening content.

The third step, according to Ray, in the lifecycle of a hack is to access the information system and look for ways to escalate privileges, which is when the damage begins because the fourth step is to maintain access by creating a back door for reentry.

Finally, the fifth step in the lifecycle of a hack is to exfiltrate the sensitive data accessed, such as intellectual property or financial information, while covering any tracks the hacker made into and out of the system.

“If malware is installed without the knowledge of a passenger, it will ‘call home’ attempting to send any data available back to its source. With ample bandwidth available through Ka or Ku networks on today’s modern aircraft, it’s become that much easier to send,” stated Wheeler.

In order to protect your network on the ground and in the air, you must be educated and proactive. When it comes to cyber security, the reality is that no network is bulletproof. But if you take steps to evaluate your risk and educate those in your value chain, you can minimize the likelihood of a successful attack.

Satcom Direct Satcom Direct
Satcom Direct’s compliance experts use a consultative approach to provide business aviation aircraft cybersecurity audits focusing on both the cabin and the ground network. The audit addresses cybersecurity issues, best practices in network design, and policies and procedures, all to ensure passenger data is classified and properly protected. The SD Data Center brings enterprise-level security audits to data transmissions on the ground and in the air.
https://www.satcomdirect.com/

© 2024 Satcom Direct. All Rights Reserved.

Related Posts

Air traffic control team working in airport tower

Code Red: Planning for the Cyberattack Aftermath

This is an era of rapid change and technological advancement, and although it is challenging, responsible organizations seek to manage and mitigate cyber risks. Insecure systems and uncertain people, added to inadequate contingency plans, create a perfect business continuity storm in the aftermath of a cyberattack.

Posted on December 10, 2024
Earth at night with imaginary lines connecting cities

Cyber Security Tips and Recommendations for International Travelers

When traveling internationally, you should be proactive and take preventive measures to protect your mobile devices and personal data. The SD Cyber Security team has put together the following guidelines…

Posted on May 8, 2019