FireEye helps DHS understand threats to US aviation sector
Aviation Sector Graphic

FireEye helps DHS understand threats to US aviation sector

On September 6th, FireEye Chief Intelligence Strategist Christopher Porter gave expert evidence to a joint hearing by the Cybersecurity & Infrastructure Protection and Transportation & Protective Security Subcommittees on the Homeland Security Committee, in Washington DC.

The hearing set out to examine the current cybersecurity threats facing the aviation sector, and explore ways in which the industry is looking at cyber security in general. The objective was for Congress to find ways that the Department of Homeland Security can provide better assistance in bolstering the overall cyber security of the aviation ecosystem. Porter was joined by Jeffrey Troy, Executive Director, Aviation Information Sharing & Analysis Center and Michael Stephens, Executive VP, IT and General Counsel, Tampa International Airport.

Porter introduced FireEye by explaining that the company supports the aviation sector in the US by protecting the Transportation Security Administration with both email and web inspection, managed by the DHS Enterprise Security Operations Center. The FAA also utilizes FireEye's intelligence reporting and also uses its malware analysis tool to help prevent and detect future cyber attacks.

"The thing to keep in mind is that any foothold that any adversary gets into a system that’s used for cyber espionage, which is widespread and everyone does it, that can easily be turned into an attack."

He went on to share FireEye's perspective responding to breaches in the aviation sector and, from intelligence collected, on anticipated forthcoming threats in this, one of the most targeted sectors for cyberattacks. The main areas of concern – based on intelligence on actual activity by hostile actors – were cited:

Graphic Cyber Espionage Graphic

1. Cyberespionage

Nation-sponsored or endorsed actors - including those from China, Russia, and more recently Iran - routinely seek to steal industrial secrets from manufacturers, researchers, designers, and operators of both military and cutting-edge civilian aircraft by targeting the US or its close allies via computer network operations.

All three countries also routinely target ticketing and traveller data, shipping schedules and manifests - as well as partner industries such as railways and accommodation providers - as they gather counterintelligence data on travellers who could be from the worlds of industry, government, media or other VIPs of interest.

2. Economic threats to sector and passengers

Porter highlighted three principal ongoing threats to economic well-being:

  • For years, airlines and third-party ticket sellers have been compromised to facilitate the re-sale of illicit tickets for profit in underground forums.
  • Exploiting the trust placed in them by their customers, airlines are frequently the targets of theft of a wide variety of sensitive personal data.
  • FireEye devices have detected a sharp increase in the use of ransomware to temporarily disable ticketing and support operations, with cyber criminals cognizant that carriers and airports will avoid disruption at all costs.
Graphic Economic Threat Graphic
Graphic Hactivism Graphic

3. Hacktivism

Airports in the US, Europe, the Middle East and South East Asia have had their websites defaced or disrupted, principally by non-state actors seeking to draw attention to a particular political, social or moral cause. This can lead to passengers fearing that they or a loved one may be at risk of a terrorist attack or hijacking, whereas in reality, the compromised systems have no relationship with flight operations ... unless such disruptive activity is perpetrated by cyber criminals who have affiliations with terrorist groups.

In a limited number of cases, such hacks have caused flight delays and other damaging disruption, impacting both revenues and reputation.

Porter emphasized that FireEye looks forward to working alongside the DHS to strengthen the partnership between the public and private sectors and share best practices to thwart future attacks.