Securing Air Traffic Control Systems
I fly quite a bit for my job as a Security Services consultant for Cisco. I’m one of billions of passengers traveling annually: according to the International Air Transport Association (IATA), passenger numbers are expected to reach 3.8 billion in 2016. The number of unique city pairs connected by airline networks will reach 18,243.
With numbers like these, you can understand why the job of an air traffic controller is considered to be one of the most stressful jobs.
Now consider the job of the aviation chief information security officer (CISO): they are charged with safeguarding the air traffic control systems in an era of hyper-connectivity in the Internet of Things (IoT) and constantly evolving cybersecurity risk.
Air traffic control (ATC) is collectively a set of regional, interconnected systems that perform numerous functions such as in-air flight separation and routing, on-ground traffic control, radar control, and runway lighting control. Working together, the network of regional ATC systems provides comprehensive coverage for the nation’s airspace and allows travelers to safely enjoy commercial and private air travel.
The interconnected network of ATC systems is part of the evolving IoT landscape. Various aspects of ATC interface with physical processes such as radar control and airport runway lighting. Without reliable radar and lighting, safe air travel wouldn’t actually be possible. Industrial control systems—and their components and networks—provide the ability to control these kinds of physical processes. If industrial control systems are disrupted or taken out of normal operation, ATC functions could be severely impacted.
Fortunately, aviation CISOs can implement an effective security program strategy by incorporating best practices from industrial security environment. A few to consider:
- Obtain executive-level visibility and support for the security program
- Implement robust internal network segmentation
- Implement real-time cyber threat detection and response capability
- Implement robust remote access controls
- Regularly evaluate third-party and supply chain security risks
Aviation CISOs can build on this foundation to achieve higher levels of cybersecurity program maturity, and ultimately keep the 3.8 billion passengers in our skies safer.
For a more detailed review of my recommendations and other resources, read this blog I recently wrote for Homeland Security Today and visit Cisco’s Security Services for the Internet of Things web page.