Cybersecurity for the commercial and the private aviation
Tailored cybersecurity awareness and training for managers and employees working in the commercial and private aviation
For decades, when we were using the words “airline security” or “aviation security”, we were usually referring to unlawful seizure of aircrafts, destruction of aircrafts, hostage‐taking, forcible intrusion, weapons or hazardous devices intended for criminal purposes, or use of an aircraft for criminal purposes or terrorism.
Cybersecurity is the new challenge for the aviation industry.
Customers and employees of commercial or private aviation today expect that the same level of protection extends to the digital assets that reside on aviation systems. Airlines are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR).
The commercial and private aviation must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their customers and employees.
A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of customers regarding cybersecurity.
Aircraft cybersecurity involves the policies, procedures, awareness and training for the prevention, detection, and response to deliberate malicious acts that target systems, persons (via social engineering) and data, to compromise an aircraft's systems and staff.
Airport cybersecurity involves the policies, procedures, awareness and training for the prevention, detection, and response to deliberate malicious acts that target systems, persons (via social engineering) and data, to compromise an airport's systems and staff.
During the past decades, airlines have made substantial investments in information technology solutions that contribute to improved operational efficiency, safety, and customer satisfaction. The more complex and interconnected the systems, the more awareness and training is required for all managers and employees that use these systems.
Cybersecurity awareness for all managers and employees in the commercial and private aviation is necessary, in order to make information security considerations an integral part of every job, habits and conduct, embedding them in their day-to-day actions.
We tailor the program to meet specific requirements. You may contact us to discuss your needs.
The program is beneficial to managers and employees working in the commercial and private aviation.
Modules of the tailor-made training
- Important developments in the commercial and private aviation industry after the new privacy regulations, including the GDPR.
- Understanding the challenges.
- Cyber threats to the aviation industry.
- Cyber attacks against passengers, baggage, cargo, catering, systems, staff.
- Who is the attacker?
- Possible adversaries: Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Hacktivists and the commercial and private aviation industry.
- Professional criminals and information warriors.
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the aviation industry?
- Trojan Horses and free programs, games and utilities.
- Social Engineering.
- Reverse Social Engineering.
Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Phishing attacks.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- Point-of-sale (POS) fraud and challenges.
- Credit card cloning.
- Honeypots, rogue access points, man-in-the middle attack.
- What customers need, and which are the cyber risks?
- Examples of challenges and risks.
- From customer satisfaction vs. cybersecurity, to customer satisfaction as the result of cybersecurity.
- Cyber Hygiene.
- The online analogue of personal hygiene.
- Personal devices.
- Untrusted storage devices.
- Case studies. Cyber-attacks against airport operators, aviation authorities, airlines, and air navigation service providers.
You may contact us to discuss your needs.
Our catalog, instructor-led training in Switzerland, Liechtenstein, and Germany: www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2019.pdf