12 septembre 2018 | International, C4ISR
A senior official from Tampa International Airport (TPA) told US lawmakers the risk of cyberattack “without question represents the preeminent and persistent threat” to global aviation.
The comments came during a Sept. 6 joint hearing of the House Homeland Security Committee's Cybersecurity and Transportation Security subcommittees, held to examine cyber threats to aviation.
“In today's modern and technologically advanced airports, there are virtually no areas or functions that do not rely at some level on a digital network,” TPA EVP-IT and general counsel Michael Stephens said. “The operational importance of these systems ... makes airports immensely appealing targets and potentially vulnerable to malicious cyber threats, such as criminal organizations and state sponsored actors.”
In his testimony, Stephens said US airports have reached a point “where voluntary compliance is no longer adequate,” and asked lawmakers to consider mandating the adoption of “uniform minimum cyber security standards and frameworks.”
He also said the “human factor remains the most highly exploited vector” for breaching cyber defenses, and threat awareness and information security training programs for airport, airlines and aviation industry employees are “perhaps one of the most effective and cost-efficient ways of increasing airports' and airlines' cybersecurity readiness.”
Lawmakers also heard from Christopher Porter, chief intelligence strategist at cybersecurity group FireEye, Inc., who testified that state-backed hackers are “routinely” targeting the US aviation industry through cyberespionage to steal industrial secrets from manufacturers, researchers and operators of military and civilian aircraft.
Porter called cyberespionage the “most common cyber threat facing the aviation industry,” and said that hackers sponsored by China, Russia and more recently Iran have all “targeted the US or its close allies for theft of aviation secrets.” All three countries also routinely target ticketing and traveler data, shipping schedules and even partner industries like railways or hotels as part of their counterintelligence efforts, Porter added.
However, Porter reminded lawmakers that, because cyber-espionage is routine, “it should not be viewed as destabilizing.”
“When cyberespionage operators get a foothold on a system, they can often use that access for stealing information or to launch a disabling or destructive attack using the same technology,” Porter said. “But they rarely choose to do so, and in the US, there are significant redundancies in place to ensure safety. A crashed IT system does not mean a crashed plane, and it's important for the public to keep that in mind.”
http://atwonline.com/security/cyberattack-risk-poses-biggest-threat-airports-aviation
16 juin 2024 | International, Terrestre
Protecting military trainers in the event they're deployed back into Ukraine is the top consideration for Canadian defence planners as France steps up pressure on allies to join its training initiative, Canada's top military commander says.
9 juin 2023 | International, C4ISR
“We had our first defend-forward mission, a hunt-forward mission, in SOUTHCOM just recently, which is amazing.”
4 juin 2020 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité
By: Aaron Mehta WASHINGTON — The Defense Department's portfolio of 121 key defense acquisition programs now has a price tag of $1.86 trillion, according to a new report by the Government Accountability Office. The number comes from the GAO's annual assessment of Pentagon acquisition, delivered to the public on Wednesday. The figure involves a 4 percent increase over the previous year but also factors in, for the first time, 15 major IT investments ($15.1 billion) and 13 middle-tier acquisition programs ($19.5 billion). The vast majority comes from 93 major defense acquisition programs, or MDAP, worth $1.82 trillion. Of those, 85 MDAPs worth a total of $1.8 trillion are already underway, with the rest expected to enter production in the near future. The $1.8 trillion figure marks the largest level of investment in MDAPs since 2011, and an increase of $44 billion over the department's 2018 MDAP portfolio. The current MDAP portfolio has accumulated more than $628 billion in cost growth over the life of its programs — or 54 percent more than the projected cost when programs began — with schedule growth overshooting targets by 29 percent at an average capability delivery delay of more than two years. Over the last year, 42 MDAPs reported a combined total acquisition cost increase of more than $80 billion. Nine programs that saw cost estimates increase by over 25 percent made up more than half of that total. While some of that is driven by increased procurement numbers, such as with the Joint Air-to-Surface Standoff Missile for the Air Force, those changed procurement plans are not the major driver of the cost increase. However, it's not all bad fiscal news: The remaining 43 MDAPs saw a cost decrease of more than $16 billion. And 19 programs that increased procurement managed to drive costs down through those updated plans. One worrisome trend the GAO highlighted is the lack of factoring in cybersecurity to early development of key performance parameters on MDAPs. The watchdog dug into a sample of 42 MDAPs as a test case, it and found that 25 of those programs had zero cybersecurity factored into the key performance parameters. Another 10 programs had one KPP related to cybersecurity, which is unlikely to be enough in the modern, wired world. For the middle-tier programs, which are designed for rapid prototyping and fielding, the GAO warned there is “inconsistent cost reporting and wide variation in schedule metrics” across the programs, adding that this poses “oversight challenges for Office of the Secretary of Defense and military department leaders trying to assess performance.” However, the watchdog agency also said the Department of Defense is in the process of addressing those issues. One notable program challenge identified in the report: The Navy's presidential helicopter replacement program, known as the VH-92A, has yet to “demonstrate that it can meet the requirement to land on the White House South Lawn without causing damage.” Parts of the helicopter are too hot, which will damage the lawn under “certain conditions.” As a result, the program is studying everything from lawn surface treatments to changes in aircraft design. “Due to concurrency in the program, which entered production while simultaneously addressing problems identified during the operational assessment, a design change to address this or other deficiencies discovered in the future may require modifications to units already in production,” the GAO found. https://www.defensenews.com/pentagon/2020/06/03/heres-the-newest-price-tag-for-dods-arsenal-of-equipment/