Protecting Your Data While in Flight
By Rich Pilock
Vice President, Network Solutions and Strategy, Satcom Direct
Many think their data can’t be hacked—until it is.
The Problem: Data theft or disruption of network systems is costing companies money, downtime, and often their reputations.
Flight departments are under increasing pressure to meet new and expanding IT security and compliance mandates. Cyber-attacks increasingly affect corporate networks and the aircraft is not excluded from these threats. With the increased dependence on digital tools and communication devices, flight deck operations and cabin services are becoming more vulnerable. To keep the corporate network safe, IT departments need to integrate the aircraft into their existing environment and apply the required compliance controls.
Securing corporate data in the air has been a tremendous challenge to flight departments because they have little control over how data moves across the various airborne networks. Most IT departments avoid building their own private network solution because the cost involved makes it a near impossible feat.
The Solution: To securely tunnel traffic using a Private Network
In a perfect world, the IT department wants to extend the security of its internal networking to the corporate aircraft no matter where they fly. Satcom Direct (SD) is uniquely capable of providing this solution through the SD Private Network (SDPN). This customizable solution will securely tunnel all customer traffic over any of their supported airborne networks via SD’s Private Network directly to the customer premises. The aircraft subnet/network will remain constant as it switches airborne networks, making the aircraft appear the same as any other remote office.
The IT department does not need to understand or have any insights into the underlying airborne network layer as SD will create a virtual network abstraction layer on top of those services which will greatly simplify traffic flow. This allows the IT department to apply the same tools and controls to the aircraft that they apply to all remote offices, meeting their security and compliance objectives. SDPN enables traffic monitoring for threats before they enter the corporate network, while ensuring confidentiality, integrity, and availability of their data, systems and IT services.
Best Practices: Self-Assessment Checklist
While most IT departments in the business aviation industry are aware of best practices and security standards, the ever-changing cyber environment is difficult to maintain without a third party aviation and security expert’s support. A thorough network and cybersecurity review must be done annually, at a minimum, to keep the company’s data protected. A proper assessment should include a network penetration test, a current state evaluation and a list of remediation recommendations. Security practices should be evaluated in the flight department, the aircraft itself, and all vendors associated with the network.
Flight departments need to create a strategy to meet necessary compliance standards and manage security risk, all starting with an on-site network security assessment. Unsure if you’re a candidate? Below are common best practice questions that you should be able to answer:
Q: Do you have Business Associate Agreements in place with application vendors that host protected data, especially flight data containing passenger sensitive information?
Q: If asked for evidence of proper cyber security practices, could you provide a documented set of procedures and processes?
Q: Does the flight department use or collect credit card information from passengers, customers, crew or support staff, and is the information collected and protected in accordance with the latest Payment Card Industry Data Security Standards (PCI-DSS)?
Q: Is the flight department’s network equipment updated with patches, security updates, firmware updates and other vendor required security actions on a regular basis?
Q: Does the flight department’s change management processes include the LAN / WAN / Wi-Fi networks external to and contained within the cabin?
Q: Is the flight department network, including the internal cabin network, segmented using VLANs or other hardware segmentation methods?
Q: Do users with mobile devices have remote access to data or systems within the flight department network? If so, does this access require the use of a VPN, secure token, or other secured communication method?
Q: Are technology devices including network equipment and mobile devices wiped before being reissued? Is there a separate, but equally detailed, procedure for equipment cleaning prior to disposal or resale?
Q: Are vendor supplied network components and their default passwords reset to “password” in accordance with corporate or flight department policy?
Q: If provided on the aircraft, is the wireless network secured via current industry accepted encryption levels with regularly scheduled password changes?
Manage cyber-threat risks and protect your data—before it is too late.
Satcom Direct’s SD Data Center brings enterprise-level security audits to data transmissions on the ground and in the air. SD’s compliance experts use a consultative approach to provide aircraft cyber security audits focusing on both the cabin and the ground network. The audit addresses cyber security issues, best practices in network design, and policies and procedures, all to ensure passenger data is classified and properly protected.
© 2019 Satcom Direct. All Rights Reserved.Next Article
- Safety Resources
- Airmanship Skills
- Unmanned Aircraft Systems Operations
- Cyber Security
- Safety Training
- Safety Systems (SMS)
- Safety Regulation
- Human Factors
- Safety Culture & Promotion
- Medical Support & Training
- Emergency Response & Family Assistance
- Book Reviews
- Airmanship Skills – Upset Recovery Training
- Risk Management and Flight Training for UAS Operations
- Acronym Guide
- SM4 Safety Poster Series
- Links to External Resources