What flying a plane can teach you about cybersecurity
Before taking on the role as GM of IAI’s cyber division, Esti Peshin was the Director General of the Hi-Tech Caucus in Israel’s parliament, balancing legislation and regulation to strengthen the country’s renowned Hi-Tech ecosystem.
Where cyber security and aviation are headed
Laying out the terrain of the aviation landscape “The commercial aviation ecosystem includes few major players. So there are the airplanes themselves, manufactured by the OEMs. Plus, there are the airports and then the airlines. When we fly, these three players are all involved in getting us from one place to another.”
Esti calls modern jets ‘flying data centers’ adding that “In some airplanes, the only analog device is the magnetic compass.” acknowledging that the more computers are involved, the greater the cyber risk grows.
Cyber attacks against airlines and airports are already becoming commonplace, causing disruption to the commercial aviation ecosystem and creating huge delays in flying, severe economic consequences, and negative media coverage. Since the major players are aware of the cyber threat measures to increase the cybersecurity of airplanes and regulations. This is going to be the biggest trend in aviation and cyber going forward.
Handling cybersecurity challenges on a national level
Esti works on national-level cybersecurity strategies where she faces the toughest challenges one can face in the aerospace industry. “National-level cybersecurity challenges require national-grade cyber solutions,” she sayid and that’s her favorite part of working at IAI. The ability to build national-grade solutions comprises these five elements:
- Developing state-of-the-art technology.
- Implementing a methodology that uses this technology effectively.
- Constant innovation – The cyber domain is evolving. Manufacturers must ensure solutions are adaptable to be future-proof.
- Collaboration is crucial- Organizations sharing cyber threats allow others in the ecosystem to protect themselves before it becomes a greater problem.
- Capacity buildup – Training, awareness, ensuring that the people involved, who are usually the weakest link, are aware of cyber best practices.
The biggest cyber threats in mission-critical connected devices
In a distributed world where various devices speak to one another, regulation must come into play to ensure the highest level of security across entire sectors. Esti explained how the lack of regulation complicates our ability to protect our devices.
“The main challenge we see today is the fact that devices can speak to other devices directly and not necessarily through a central authority. This means each device has to practice its own cybersecurity methodology and have its own cybersecurity protection in order not to impact other devices.”
The second challenge Esti points to is that attackers find vulnerabilities almost as quickly as the technology emerged. Whether it be Cloud infrastructure or connected devices while the cybersecurity community took longer to react. “The attackers quickly understood the potential vulnerabilities of a connected world, and the defenders were slower.“
Esti connects the risk of lagging security tools in an evolving landscape, which now includes AI, and how it can affect the cybersecurity ecosystem.
The role of artificial intelligence in the aviation cybersecurity ecosystem
Taking advantage of the growing popularity of AI in cyber defense can be a double-edged sword.
Generative AI relies on a growing pool of data to be able to provide better defenses, however, it’s up to teams to understand the defenses that are put in place as well as understand how it can benefit threat actors.
Esti warns about the lack of regulation and growing popularity of AI, “The world is not quite there in terms of AI and cybersecurity. Regulation and technology are behind. For me, the connected world is a huge cybersecurity risk looking forward. I think that we are now entering what I refer to as the age of AI. Now, some of us speak about AGI, artificial general intelligence, mimicking the activities or the behaviors of human beings, but AGI is not quite there in terms of technology. It’s a domino effect. You hit the weakest link, and it affects the entire ecosystem.”
Switching from a cyber security mindset to cyber resiliency
In the interview, Esti suggested switching the term cybersecurity to cyber resiliency. According to Esti the first thing product security teams should do is understand that “Focusing on defending our assets is like trying to protect the balloon against a needle. We won’t be able to protect the entire balloon because a motivated attacker will eventually manage to penetrate our defenses.” Esti says a cyber resilience mindset means we assume the attack will happen eventually and what we should focus on is the ability to recover quickly and with minimum damage.
A cybersecurity approach focuses on putting up barriers like antivirus, anti-malware solutions, and firewalls to prevent the next cyber attack. But this is an arms race. A cyber-resilient approach focuses on backups, external drives, formatting, and ensuring business continuity. “In essence, cyber resilience is the understanding that eventually we will be attacked. When we’re talking about the ecosystem, we need to protect not only ourselves but the entire ecosystem. Once the ecosystem starts to practice cyber resilience, I think the world will become safer and more cyber secure.”
The first step to this, according to the White House National Cybersecurity Strategy, is to ensure SBOMs are properly managed and shared with stakeholders. From there, companies can begin to identify their software components and understand where an attacker is mostly likely to penetrate their devices. From there, product security teams can allow the entire industry to continue forward without fear of a cyber attack.