Cybersecurity training for the commercial and private aviation



Overview

For decades, when we were using the words “airline security” or “aviation security”, we were usually referring to unlawful seizure of aircrafts, destruction of aircrafts, hostage‐taking, forcible intrusion, weapons or hazardous devices intended for criminal purposes, or use of an aircraft for criminal purposes or terrorism.

Cybersecurity is the new challenge for the aviation industry.

Customers and employees of commercial or private aviation expect that the same level of protection extends to the digital assets that reside on aviation systems. Airlines are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR).

The commercial and private aviation must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their customers and employees.

A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of customers regarding cybersecurity. Managers and employees must be involved in the prevention, detection, and response to deliberate malicious acts that target systems, persons, and data.

During the past decades, airlines have made substantial investments in information technology solutions that contribute to improved operational efficiency, safety, and customer satisfaction. The more complex and interconnected the systems, the more awareness and training is required for all managers and employees that use these systems.

Cybersecurity awareness for all managers and employees in the commercial and private aviation is necessary, in order to make information security considerations an integral part of every job.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.

Target Audience

The program is beneficial to managers and employees working in the commercial and private aviation industry. This includes pilots (captains, copilots or first officers, flight engineers or second officers), flight attendants, administrative personnel, ground and station managers and employees, reservation sales agents, ticket agents. It has been designed for all employees that provide services and have authorized access to systems and data.

Course synopsis

Introduction.

- Important developments in the commercial and private aviation industry after the new privacy regulations, including the General Data Protection Regulation (GDPR).

- Understanding the challenges.

Who is the “attacker”?

- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.

- Hacktivists and the aviation industry.

- Professional criminals and information warriors.

- Cyber attacks against passengers, baggage, cargo, catering, systems, staff, and all persons having authorized access to systems and data.

How do the adversaries plan and execute the attack?

- Step 1 – Collecting information about persons and systems.

- Step 2 – Identifying possible targets and victims.

- Step 3 – Evaluation, recruitment and testing.

- Step 4 - Privilege escalation.

- Step 5 – Identifying important clients and VIPs.

- Step 6 – Critical infrastructure.

Employees and their weaknesses and vulnerabilities.

- Employee collusion with external parties.

- Blackmailing employees: The art and the science.

- Romance fraudsters and webcam blackmail: Which is the risk for the aviation industry?

What do we need? How can it be exploited?

- a. Speed and convenience.

It is difficult to balance speed, convenience and security.

- b. Effective and efficient accesss to the web site, computers and systems.

Examples of challenges and risks.

- c. Great customer service.

Example - how it can be exploited.

- d. A nice facility and great housekeeping.

Example - “The cleaning staff’s hack”.

- e. Food, drinks and entertainment.

Point-of-sale (POS) fraud and challenges.

Credit card cloning.

- f. Internet access.

Honeypots, rogue access points, man-in-the middle attack.

- g. Security.

Unauthorized access is a major problem, and social engineering is a great tool for attackers.

- h. Privacy.

The aviation industry is considered one of the most vulnerable to data threats.

- i. Money (if they can sue the service provider for negligence).

What must be protected?

- Best practices for all employees that provide services and have authorized access to systems and data.

- What to do, what to avoid.

- From client satisfaction vs. cyber security, to client satisfaction as the result of cyber security.

Malware.

- Trojan Horses and free programs, games and utilities.

- Ransomware.

Social Engineering.

- Reverse Social Engineering.

- Common social engineering techniques

- 1. Pretexting.

- 2. Baiting.

- 3. Something for something.

- 4. Tailgating.

Phishing attacks.

- Spear-phishing.

- Clone phishing.

- Whaling – phishing for executives.

- Smishing and Vishing Attacks.

Cyber Hygiene.

The online analogue of personal hygiene.

- Preparing and maintaining records.

- Entering and retrieving data into computer systems and devices.

- Researching and compiling reports from outside sources.

- Maintaining and updating files.

- Responding to emails and questions by telephone and in person.

- Ensuring that sensitive files, reports, and other data are properly tracked.

- Dealing with personnel throughout the company as well as external parties, customers, suppliers, service providers.

Case studies.

- What has happened?

- Why has it happened?

- Which were the consequences?

- How could it be avoided?

Closing remarks and questions.


Terms and conditions

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

For more information, you may contact us.




Our Services

Cyber security is ofter boring for employees. We can make it exciting.


Online Training

Recorded on-demand training and live webinars.

In-house Training

Engaging training classes and workshops.

Social Engineering

Developing the human perimeter to deal with cyber threats.


For the Board

Short and comprehensive briefings for the board of directors.


Assessments

Open source intelligence (OSINT) reports and recommendations.


High Value Targets

They have the most skilled adversaries. We can help.





Which is the next step?

1

You contact us

2

We meet and discuss

3

Our proposal

4

Changes and approval

5

We deliver







Cyber Risk GmbH, Cyber Risk Awareness and Training in Switzerland, Germany, Liechtenstein