Reuters reports that around 1,400 passengers at LOT were grounded at Warsaw’s Chopin airport yesterday after hackers attacked the airline’s computer systems used to issue flight plans. The computer system was hacked in the afternoon but took five hours to fix, during which 10 flights were cancelled and about a dozen more delayed.
LOT took care of the passengers on Sunday evening and some were able to board flights. LOT said it provided hotels for those who needed to stay overnight. At no point was the safety of flights compromised, A LOT spokesman said, and flights destined for Warsaw were able to land safely. No other airports were affected, he added. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” the spokesman said. The attack in now being investigated by the authorities.
This story highlights a few items worth considering.
- Airlines are increasingly IT sensitive and highly vulnerable to cyber attacks. Most people look at the e-Enablement of aircraft as the primary hacker target. But its far easier to attack ground based IT systems. Although only one system seems to have been hacked, the truth is that the entire LOT IT system has been compromised. They will have to undertake forensic work on every IT system.
- Other airlines are facing sleepless nights of their own. Cyber disruption now gets added to the list of exogenous factors like weather, health scares, oil and politics.
- State of the art IT systems are not good enough to be regarded as secure. As we have seen banks regularly lose millions to hackers and even government websites thought to be secure get defaced.
- So why LOT and why now? Nobody has claimed responsibility for this cyber attack. But here’s an idea to guide your thinking. Obviously nobody can be certain at this stage. But there may be a correlation.
I think the important thing to keep in mind here – either from the perspective of the consumer or the airlines themselves – is the approach that has been taken thus far among both airlines and governments/institutions with regard to cyber threats. I don’t think we will ever be able to reduce the threat potential to zero, but what must be done is reevaluate the fundamental approach to the issue. And time is certainly of the essence, especially now that it is clear this is a multi-industry epidemic.
Of course, there are many parts to the security equation, but when it comes to the cloud database space, for example, the developer is a key factor in securing a network for the parent company. It is the tools the developer utilizes that will have the largest influence on the security of the database.
CipherDB is a product by Crypteron which allows the developer of a .NET Application, for example, to seamlessly deploy and secure its data on the cloud without requiring the trust footprint to extend beyond the app itself. That means everyone else – network administrators, cloud providers, etc. – don’t have the ability to decrypt the data. This security model presents a fundamental shift in the way cyber security is approached, and reduces the likelihood of a hack occurring dramatically. The more people you have to trust, the higher the risk of a malicious exploit. Simple as that.
If you want to learn more, visit this link: https://crypteron.com/blog/crypterons-cloud-first-security-model/
(Disclaimer: I work for Crypteron)