As companies worldwide switch from analog to automated digital industrial control systems, malicious cyber actors are finding new opportunities for extortion and mayhem. It’s happening in a range of industrial settings, from power stations to manufacturing plants, and it’s a growing problem in the aviation industry.
In January, aircraft leasing giant AerCap Holdings confirmed it had been the victim of a ransomware attack by a cybercrime gang calling itself “Slug,” which claimed to have stolen roughly one terabyte of data from the company. Several months later, Airport and Aviation Services Sri Lanka experienced a significant data breach that exposed over 7,000 records, including names and passport details.
“If you can compromise a cyber-physical system and move freely undetected, the consequences can be catastrophic,” said Ollie Gagnon, who manages the Idaho National Laboratory’s (INL) relationship with the U.S. Department of Homeland Security (DHS). “Aviation infrastructure is particularly vulnerable because it is so globally connected. It requires an international effort to keep it secure.”
In response to the mounting worldwide threat, cybersecurity experts from INL traveled to Warsaw, Poland, in September to deliver a weeklong Critical Infrastructure Cybersecurity Training program for U.S. strategic partners in the European aviation sector. The trip was sponsored by a six-agency coalition (Department of State, Department of Justice, Department of Homeland Security, Department of Defense, Department of Transportation and Department of Energy) to support the Transportation Safety Administration’s (TSA) Aviation Cyber Initiative (ACI).
The ACI is a U.S. government task force focused on reducing cybersecurity risks and improving cyber resilience to support safe, secure and efficient operations of the nation’s aviation ecosystem. Engaging with aviation stakeholders around the world is essential to success, given the international scope of the danger.
“We are working to cultivate a community of international transportation security partners who can secure transportation infrastructure, particularly airports, against sophisticated cyber threats and respond robustly to potential cyberattacks,” said Carissa VanderMey, the Transportation Safety Administration’s senior liaison to DHS’ Cybersecurity and Infrastructure Security Agency (CISA).
In Warsaw, 43 cybersecurity professionals from 12 countries, including 14 participants from Ukraine and nine from Poland, experienced rigorous coursework, hands-on exercises and specialized briefings to advance their knowledge and capabilities. The program focused heavily on wireless security in the airport environment and cybersecurity for industrial control systems. Topics included:
- Cybersecurity assessments of wireless access applications, analyzing methods for determining wireless security gaps and making recommendations for improving defenses. These steps are valuable now and in the future due to the movement to wireless 5G connectivity, the expanded number of entry points an attacker can access, and the convergence of information technology and operational technology.
- Comparative analysis of information technology and industrial control system (ICS) architectures. These analyses involve understanding risk in terms of consequence, security vulnerabilities within ICS environments and effective cyber risk mitigation strategies for the control system domain.
- Technical instruction on protecting ICS using offensive and defensive methods, such as recognizing how cyberattacks are launched, why they work and developing strategies to strengthen control system networks.
- Tackling operational risk by focusing on consequences using a simplified approach of identifying, binning and prioritizing the infrastructure environment.
INL’s wireless security training and Industrial Controls Systems Cybersecurity Training are unlike other cybersecurity training programs because they offer hands-on exercises with process control networks. INL even houses its own aviation cybersecurity research test bed. Participants can see how attackers gain unauthorized control of equipment, which lets them brainstorm solutions in a live critical infrastructure environment. At Warsaw Chopin Airport, participants collected and analyzed real-world data and applied techniques to identify wireless security gaps, addressed critical vulnerabilities and responded to potential cyber threats.
“The hands-on activities are very eye-opening for the participants,” Gagnon said. “You’ve got to consistently look at the critical functions in your operating environment.”
Participants gain enhanced knowledge and skills to help address the significant cyber risks associated with aviation-related cyber-physical systems providing critical services.
“This training has profoundly strengthened the abilities of the participants within the global cybersecurity framework and underscored our unwavering commitment to supporting our strategic partners in safeguarding their essential infrastructure against evolving cyber threats,” said Serra Pehlivan, DHS Homeland Security Advisor for Southeast Europe. “The expertise gained will play a vital role in enhancing the resilience and security of aviation systems worldwide.”
INL has had a relationship with DHS since the department was established in 2003. Under the auspices of CISA, it began training for the aviation community seven years ago. That work has migrated to TSA as demand for critical infrastructure security and resilience expertise has expanded abroad. Since 2019, TSA has hosted 20 regional courses within the U.S. and held additional training internationally. The training in Poland was the second session this year. The first was held in January on the island of Guam for international partners in the Asia-Pacific region, and a third, for Caribbean nations, recently took place in December in New York City. Learn more here about how INL uses cybersecurity and other research to keep critical infrastructure secure and resilient.
