On September 6th, FireEye Chief Intelligence Strategist Christopher Porter gave expert evidence to a joint hearing by the Cybersecurity & Infrastructure Protection and Transportation & Protective Security Subcommittees on the Homeland Security Committee, in Washington DC.
The hearing set out to examine the current cybersecurity threats facing the aviation sector, and explore ways in which the industry is looking at cyber security in general. The objective was for Congress to find ways that the Department of Homeland Security can provide better assistance in bolstering the overall cyber security of the aviation ecosystem. Porter was joined by Jeffrey Troy, Executive Director, Aviation Information Sharing & Analysis Center and Michael Stephens, Executive VP, IT and General Counsel, Tampa International Airport.
Porter introduced FireEye by explaining that the company supports the aviation sector in the US by protecting the Transportation Security Administration with both email and web inspection, managed by the DHS Enterprise Security Operations Center. The FAA also utilizes FireEye's intelligence reporting and also uses its malware analysis tool to help prevent and detect future cyber attacks.
He went on to share FireEye's perspective responding to breaches in the aviation sector and, from intelligence collected, on anticipated forthcoming threats in this, one of the most targeted sectors for cyberattacks. The main areas of concern – based on intelligence on actual activity by hostile actors – were cited:
Nation-sponsored or endorsed actors - including those from China, Russia, and more recently Iran - routinely seek to steal industrial secrets from manufacturers, researchers, designers, and operators of both military and cutting-edge civilian aircraft by targeting the US or its close allies via computer network operations.
All three countries also routinely target ticketing and traveller data, shipping schedules and manifests - as well as partner industries such as railways and accommodation providers - as they gather counterintelligence data on travellers who could be from the worlds of industry, government, media or other VIPs of interest.
2. Economic threats to sector and passengers
Porter highlighted three principal ongoing threats to economic well-being:
Airports in the US, Europe, the Middle East and South East Asia have had their websites defaced or disrupted, principally by non-state actors seeking to draw attention to a particular political, social or moral cause. This can lead to passengers fearing that they or a loved one may be at risk of a terrorist attack or hijacking, whereas in reality, the compromised systems have no relationship with flight operations ... unless such disruptive activity is perpetrated by cyber criminals who have affiliations with terrorist groups.
In a limited number of cases, such hacks have caused flight delays and other damaging disruption, impacting both revenues and reputation.