Cybersecurity Was a *Hot* Topic at the Dubai Airshow

Cybersecurity Was a *Hot* Topic at the Dubai Airshow

November saw the return of the Dubai Airshow, one of the biggest and most important events in the aviation industry. With an estimated 120,000 attendees, there was a true level of excitement to be personally engaged with colleagues again and see business moving forward (an estimated AED300 billion – about US$80 billion – in deals done) even in pandemic-disrupted times. The successful return to face-to-face interaction is in large part due to the United Arab Emirates (UAE) government’s excellent job managing health protocols so that all attendees could feel safe and comfortable. We thank them for that!

This year’s conference offered a new Tech Xplore track which was very heavily attended. In particular, there seemed to be keen interest in cybersecurity, which fit well with the show’s focus on resilience in the aviation industry. Through the course of many discussions, we learned that the aviation industry suffers from many of the same cyber challenges as critical national infrastructure organizations like energy generation and transmission providers and industrial management companies. It was very encouraging to see the Airshow elevating a positive level of discussion around cyber for attendees’ benefit.

We were privileged to give a presentation on product-based security that offered specifics on implementing appropriate technical cyber controls to address unique aviation industry needs. Based on the large amount of feedback received, we were pleasantly surprised to see that security vendors like Owl and OEMs like Schneider Electric were able to provide attendees with what they perceived as high-value information.

For one, we discussed specific technical challenges associated with the airframe. Given its vulnerabilities when in the air and on the ground, airframe security has a direct impact on flight and passenger safety. Connectivity to other broader aviation infrastructure compels cyber-securing the airframe through network segregation and hardware enforcement that goes far beyond configuring vulnerable software-based firewalls.

These insights were greatly informed by Jay’s own direct expertise as a pilot who happens to also have a background in cybersecurity. Pilots, when operating an aircraft, are critically dependent upon data not only about the aircraft’s performance, but on things like radar and traffic, collision avoidance, weather systems and communication channels. They make decisions based on the integrity and validity of that contextual data in combination with their inflight sensorial experience. When the data coming from instruments doesn’t add up in the pilot’s mind, it impairs his or her ability to make effective decisions. Practically speaking, the credibility of that data keeps people alive.

The vulnerability goes beyond just the aircraft’s systems to the complex environment that includes ticketing, baggage handling, and other systems integral to airport operations. As aircraft transit from one airport to another, particularly across state or international borders, they rely on an ecosystem maintained by diverse, local operators who connect to and service the aircraft. Each operator has its own processes and procedures; how they configure the supporting systems with regard to infrastructure security can vary considerably.

They industry has long worked based on trust in these systems, but realistically there is not a strong enough set of checks and balances for today’s volatile security environment. An effective cybersecurity posture will provide those checks and balances for every organization that’s trying to transport passengers and goods from one point to another.

Another interesting observation at this event was the aviation industry has kept pushing forward on innovation even during the pandemic. There was strong interest newer technologies like more sustainable types of fuel supplies and more efficient engines. And there was obviously increased adoption of data-driven environments to support this innovation in design and testing.

That increased reliance on data-rich systems only escalates the need for strong cyber security. Clearly there is a need to expand the cyber conversation and carry it forward to other aviation events around the world. We are thrilled to see this expanding recognition of security as integral to the entire aircraft and aviation ecosystem, and look forward to helping the aviation industry meet the cyber requirements that will keep them and the flying public safe.

Insights to your Inbox

Stay informed with the latest cybersecurity news and resources.

Defending Against the Unknown: Hardware-Enforced Security and Zero-Day Vulnerabilities

Until something even worse comes along, the Log4j remote code execution vulnerability will be the biggest story (and biggest headache) in cybersecurity. But even as security teams around ...
January 6, 2022

After Two Years, DoDIIS Returns to an Environment of Changing Priorities

The Department of Defense Intelligence Information Systems (DoDIIS) conference took place in mid-December in Phoenix, AZ. It was great to reconvene with many colleagues we hadn’t seen i...
December 22, 2021

Owl’s Hardware-Enforced Security Provides Reliable Protection Against Log4j Vulnerabilities

Like thousands of other organizations, Owl Cyber Defense began reviewing the potential impact of the Log4j remote code execution vulnerability as soon as the vulnerability was announced. ...
December 17, 2021