Stephane Gomez, cybersecurity lead, consulting and security operation center (SOC) practice at SITA, explores the financial implications surrounding online security and how they can be overcome.
Cybersecurity has shot to the top of the airport chief information officer’s investment priorities, with the vast majority of airports (96%) planning to invest in cybersecurity projects in the next three years.
That shouldn’t surprise any of us, as forecasts from IT analysts are unable to keep pace with the dramatic rise in cybercrime. What’s certain is that the unstoppable march of digital transformation projects across all industries, including aviation, will only serve to heighten our vulnerabilities to cybercrime.
The air transport industry’s insatiable hunger for more data and better business intelligence is driving an explosion of cloud computing initiatives and Internet-of-Things (IoT) devices. This further accelerates the need to better secure our fast-evolving airport IT infrastructure.
A security paradox: Exploding threats, limited budgets
Recent research shows that cyber threats are at an all-time high. Symantec reports increases across the board: 46% increase in new ransomware variants, 600% increase in attacks against IoT devices, 54% increase in mobile malware variants, and 80% increase in new malware on Macs.
Yet despite the explosion of threats, security executives, especially at smaller organizations such as airports, are struggling to keep up with the rising costs, skills and resources that are needed to stay on top of this growing threat to their data, and maybe more importantly, to their company reputation.
So far, spending on IT to protect from the increasing risks has not grown in the same way. Ernst & Young reports that 87% of enterprises say they require up to 50% more budget for effective cybersecurity.
Building a SOC on a tight budget: The shared service model
A cybersecurity aviation SOC is often the first component security executives look at when building up their cyber capabilities. This centralized unit takes charge of security monitoring for the airport’s entire information systems and the management of detected cybersecurity incidents. It addresses many of the key challenges facing the airport’s IT organization in starting up a cybersecurity capability, in particular, the shortage of skills and people.
Building a dedicated SOC can be costly and time-consuming. It demands ongoing attention to be effective, and for many smaller airports, this is often seen as a stumbling block.
An alternative approach is to share SOC services across multiple airports within an airport group or commercially linked airports. A shared model spreads benefits and costs across multiple airports, enabling the sharing of information, best practices and a common governance of cybersecurity. That includes detection technology and tools, security knowledge and people, all of which are common across every participating airport’s IT department.
It also enables a group of airports to act as a single community to engage with the government on issues related to security. For many airports across the world, this is a clear way forward in the quest to tackle cyber threats, bringing with it substantial cost savings over a dedicated SOC.
A vital final point: Make sure it’s tailored to air transport
Airports, independent of their size or location, share similar business objectives and are driven by comparable business models and processes. Cybersecurity must be tailored to those business objectives, as it demands specific in-depth knowledge of those unique airport processes and priorities. This leads to a growing call for the development of ‘verticalized’ solutions to address the industry’s unique threat profile. SITA CyberSecurity launched a comprehensive suite of expert security services focusing on the specific needs of the airport.
Find out more about SITA’s cybersecurity offerings here.