Security: Top design priority
An aircraft with passenger exit doors that securely lock is not impressive. Similarly, secure information and technology is inherent to the design of a functioning product – and a functional business. Security systems should eliminate problems before they’re even a blip on the radar. The best security system isn’t one that fends off a mammoth threat; it’s the one you don’t notice is there.
Designing aircraft with security already top-of-mind prevents the need for rearguard actions to correct vulnerabilities.
The three most critical measurements of an A&D company are cost, quality, and schedule. As more threats are realized, the need to protect against them during aircraft design demonstrates that digital and physical security has become the fourth.
De-silo security disciplines
In our Internet of Things (IoT)-driven world, every company is now a software company to some extent. Everything in our lives is more connected; refrigerators can text owners to pick up milk, coffee makers can start as soon as alarms go off on smartphones, and soon, cars will navigate and drive themselves. Adding 5G networks shows this is a growth trend for the foreseeable future.
Companies typically arrange their security disciplines in silos: physical security, cybersecurity (or IT security), and operational technology security. While effective in the past, as connections grow between silos, it is necessary to have visibility across sectors to see the big picture. Disjointed approaches can be costly, inefficient, and leave gaps that hackers can exploit.
The terminology to describe security disciplines has changed alongside this trend. Cybersecurity now encompasses various formerly siloed solutions: network, endpoint, application, content, cloud, and wireless security. Although each solution can perform well individually, when melded together, they create a strong, multi-layered wall of defense against next-level threats.
Open the door to White Hats before Black Hats kick it in
As flight personnel become increasingly reliant on digital controls and multiple networks, the potential grows for in-flight malicious cyberattacks. Prevent Black Hat hackers from getting in the door by using a White Hat security evaluation to pinpoint system weaknesses. The U.S. Air Force instigated one of the first instances of White Hat hacking to test its Multics operating system for potential use as a secret/top secret system.
By creating a competition, organizing an in-house hack-a-thon, or hiring a third party to help, a friendly hack can locate holes in systems and technologies before someone else does.
Create a data tripwire
According to Jabil’s “Aerospace and Manufacturing Trends” report, an online survey fielded to 203 decision-makers in A&D companies, during the past 5+ years, companies have invested in protecting customer data more than any other area of security. The ongoing news cycle of high-profile data breaches and privacy leaks – combined with the connected world – reveals why data privacy is top-of-mind. Customers must trust information won’t be used without consent. Most importantly, breaches of defense-related information could compromise national security.
Readers of detective novels may be familiar with how a tripwire, such as a thread laid across a desk drawer or a hair taped across a door frame, can prove that someone is rifling through something they shouldn’t.
This same concept applies to information security: put systems in place to track who is accessing data and – more importantly – if they’re supposed to. And then ask questions; if someone works in finance, why are they accessing design plans? Or why is someone dedicated to Customer A digging into information on Customer B? There may be a legitimate explanation, but it’s better to have the information needed to play offense rather than defense once a situation arises.
Communication is key
Set up clear, efficient communications with industry players outside the organization to stay current on industry trends and news. Several organizations founded by governments and corporate enterprises share information, including:
- Aviation Information Sharing and Analysis Center (A-ISAC): Established in 2012 with backing from Boeing, A-ISAC is a focal point for security information sharing across the aviation sector. It aims to share security information with its community of airlines, airports, aircraft manufacturers, equipment suppliers, service providers, technology providers, infrastructure providers, and/or general aviation entities.
- Cyber Information Sharing and Collaboration Program (CISCP): Founded by the U.S. Department of Homeland Security, CISCP consists of government intelligence analysts, airline representatives, and airport officials devoted to sharing security information across various industries, including A&D.
Digital and physical security is not something that the A&D industry can or does take lightly. Everyone working in A&D is aware that security directly impacts people’s lives and the country’s ability to protect itself, enforce its policies, and protect national and international investments. As technology advances, new threats will arise, but so will new safety features that can withstand these assaults and guide the A&D industry into a more efficient, safer future.