Airport breach a sign for IT industry to think security, not money

Time for the nation's best technology minds to start building better security for critical infrastructure, expert says

The two U.S. airports that had their computers compromised by an unknown group of hackers is a wake up call that America's best IT talent needs to focus less on money and more on national security, an expert says.

[Six ways to prevent a breach like the one at AT&T]

The Center of Internet Security (CIS), a government-endorsed nonprofit that helps states with cybersecurity, said in its recently released report that it was notified in the summer of 2013 of advanced persistent attacks (APTs) against four U.S. airports.

The CIS later learned that the same attackers were targeting eight other airports.

Because there's no financial gain from going after airports, "the logical point of these attacks is to be able to support taking down or controlling critical systems in time of war or conflict," Murray Jennex, a San Diego State University professor and former systems engineer at the San Onofre nuclear power plant in California, said.

The reason hackers can break into systems in critical infrastructure like airports is because of the use of Internet technology in critical systems, a trend that has been continuing for more than 15 years.

By connecting Internet-enabled business computers to control systems, the Internet has made management of the latter easier and less expensive. At the same time, it has introduced the threat of a cyberattack, which didn't exist when critical equipment were kept in a silo.

"Our best minds have focused on how to use the Internet to make things cheaper, to use data better, to make more money," Murray said. "We need to catch up with the security of these blended systems and require simpler security design approaches."

The CIS found that a total of 75 U.S. airports "were impacted" in some way by the APT attack. The group did not release details.

"Two airports had systems that were compromised," the report said. "CIS provided assistance and all compromised systems were remediated."

The compromise started with a phishing attack in which email containing a malicious link was sent to people working in the aviation industry. The CIS said the attackers used a "public document" in selecting their victims, but did not identify the document.

The fact that the attackers were able to trick people into downloading malware that led to the compromise is "surprising, but not unexpected," Murray said. "Simple attacks work."

To help defend against such attacks, people need to be educated on the signs that an email may be malicious, he said. People too often are lulled into thinking that technology can provide all the needed security.

[HackingTeam mobile, PC spyware for governments spans many countries]

"I worry that it will take a very major and severe security event for everyone to get the message that technology will not protect them," Murray said.

The CIS notified the U.S. Department of Homeland Security and the Federal Aviation Administration.

Join the CSO newsletter!

Error: Please check your email address.

Tags airport securityapplicationscritical infrastructure under attackAPT attackcritical infrastructure securityadvanced persistent threatsdata protectioncritical infrastructure protectionsecurityphysical securityat&tdata breachcritical infrastructuresoftware

More about APTFederal Aviation Administration

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place