If your firm is somewhere in the aerospace supply chain, a computer hack is coming. It looks like there a pattern is forming. First, a group of Chinese hackers stole a huge trove of US data from the US Office of Personnel Management. That was followed by United Airlines and health insurer Anthem being hacked. The United hack has a special value. Not enough? How about this – Chinese hackers just hacked Sabre, the largest GDS system and a key supplier to American Airlines.
As pointed out in the link to The Washington Post article, this massive trove of data can be (is being) aggregated. The new owners of the data can pinpoint specific people of interest and then, using insight from the assembled data, develop a highly targeted campaign to exert influence on these people. We are, understandably, being deliberately vague here. China, of course, denies anything to do with these hacks. So who these China-based hackers are is unclear. We cannot be sure why this data is being stolen. Are the hackers state actors? It’s not easy to tell, it seems. Both the Americans and Chinese are officially being opaque.
If indeed the pattern is acquiring data to develop a reasonably accurate digital picture of people – what kind of usefulness would such a profile have? Since the data has not, as yet, been made available for sale on the deep web, apparently, the value of the extensive data mining remains unclear. However, being one of the people whose data was stolen has to be singularly unpleasant, especially when considering what might be aggregated and utilized to potentially create an alternate identity or be set up as a target to compromise.
Concern within the US is now starting to match concern outside the US by foreign states about US-sourced data breaches. The US Government, as revealed by Edward Snowden, is not innocent in this regard, and retaliation is to be expected. But private parties may not be as “hardened” against cyber-threats as government agencies. Regardless of who is doing the breaching, it is crucial for firms (especially in the aerospace related supply chain; link 1, link 2) to immediately increase IT budgets and deploy state of the art cyber-security.
Stealing data is only a first step. Once computer systems are compromised, hackers can do a lot more harm than merely copy files. Commercial aviation rests on one bedrock belief – safety is priority #1. Given how dependent every organization has become on IT, a compromised IT system is going to negatively impact that priority. What could a Stuxnet-like virus do inside the aerospace supply chain?
Your company is going to face a hack attack if it touches the aerospace supply chain. It may have already been attacked, with “sleeping bots” (watch this zero days video) waiting to awaken, that you might not know about it. Cold wars are about disruption, whether economically or politically, and to create havoc whenever possible. Our increasing dependency on computers has created a new class of economic warfare based on disruption, and causing additional problems wherever possible. In a capitalist society, the largest targets, apart from government, are the corporations we depend on, and particularly the transportation infrastructure.
From airlines and ATC to e-Enabled aircraft, electronic flight bags, MRO facilities and even the industry supply chain, enemies will probe until they find the weakest link, which they will then exploit. You cannot afford to be the weakest link.