April 4, 2019, Deutsche Flugsicherung, DFS Sicherheitstag, Frankfurt
With the rise of the Internet cyber security has become critical issue for all types of industries. In just two decades, various industries were confronted with fundamentally new types of threats and attackers. Cyber risks are abstract, have developed slowly and, consequently, were ignored for a long time.
This talk first addresses the peculiarities and key mechanisms of the cyber security field and what other industries had to painfully learn in the past decades of the digitalization. To understand the cyber landscape and how it affects aviation we classify threat actors and explain global developments that critically impact the security (such as interdisciplinary, complexity, miniaturization, diversity of the crowd, price erosion, …).
- We highlight fundamental properties of the cyber domain that help us understand future threats, design effective security, and to identify ineffective security approaches.
- In part two the talk examines how the aviation industry and authorities handled safety and security issues in the past 100 years – and challenges the applicability of these processes to address current and future cyber threats. We show how previously secure and isolated aviation systems become critically exposed and identify security assumptions that are prone to fail in the present cyber landscape.
- The talk concludes with key lessons learned by other industries and how these can be applied to the aviation sector. Recommendations on the organizational, system design, and technical level are given in the hope to create awareness and avoid preventable issues with cyber security in aviation. For many of the challenges solutions already exist – let’s get them implement before they get exploited.