Product Briefing

Detect, respond, report

CyberSecurity
Aviation SOC

Ever-evolving
threats

2 | www.sita.aero/cybersecurity
 CyberSecurity
Aviation SOC

Barely a day goes by without

a cyberattack in the headlines.
Today, the threats are real, constantly
evolving and increasingly focused
on specific industries.

The aviation industry Across the air transport transport industry, Airbus
has a lot at stake industry (ATI), systems and SITA are working
are subject to an average together as pioneers in
in the fight against
of 1,000 attacks every ‘verticalized’ cybersecurity.
cybercrime – and month*. In 2016, every 4.6
many challenges The SOC is the first of its
seconds a new malware
kind, minimizing the impact
to address. In specimen emerged. In the
of cyberattacks on operations,
fact, the European first quarter of 2017, this
reputations and customer
reduced to 4.2 seconds
Commission in 2016 relations by responding
(G DATA, 2017) – a trend
ranked cybersecurity that looks set to continue.
to and reporting on the
its number one latest cyberthreats.
That’s why SITA and Airbus
challenge.
have developed a tailored,
Air transport is part of
And SITA’s Air Transport industry-wide response
the Airbus DNA, so it
IT Trends Insights 2017 to cybersecurity – our
was only natural that we
show that cybersecurity Security Operations Center
joined forces with SITA
is now topping the CIO (SOC). By combining
to adapt our innovative
agenda, with 95% of Airbus’s expertise in
cybersecurity solutions.
airlines and 96% of airports protecting organizations
planning to invest in major against cyberthreats and Markus Braendle,
Head of Airbus CyberSecurity
cybersecurity programs SITA’s deep knowledge of
over the next three years. operations within the air

* European Aviation Safety Agency, 2016

www.sita.aero/cybersecurity | 3
Challenges

Challenges: How can I For airlines and airports

that are increasingly being
identify aviation targeted, knowledge
cybersecurity is power. And not fully
understanding the nature
risks? of risks has made it more
costly and time-consuming
to address them. Prevention
for some organizations has
also been hampered by a
lack of available resources.

In the cat-and-mouse game

between organizations and
cybercriminals, it’s essential
that the industry has a shared
approach to managing
risk. It’s also vital that the
intelligence that feeds this
As cybersecurity approach is sourced from
becomes more across the industry and
is always up to date.
complex, sophisticated
and co-ordinated, That’s why a SOC is needed
no one is immune. to plug the gaps in a single
institution’s understanding
For any organization of risks and therefore its
in any industry, ability to identify threats
the ability to respond early. This can improve
to a cyberthreat the management of
quickly and effectively cybersecurity risks and
mitigate the impact on
is paramount. systems, assets and data.

4 | www.sita.aero/cybersecurity

How can I prioritize While you’re reading
and protect my this, a cybercriminal
network is targeting
critical assets? your organization.
Their methods
are increasingly
sophisticated,
but the approach
is simple: attack
the most vulnerable
or weakest link
in the chain.
Today’s world is increasingly
networked, linked by wires
and connected Wi-Fi.
That adds up to billions
of connected devices.
And every single one of these
online ‘endpoints’ – from
tablets to self-service kiosks
– is a possible point of entry
for a determined hacker.
The assets (systems,
devices and resources)
in the ATI are numerous
and critical. If any of these
were to be breached, the
consequences could be dire.
Challenges
The list of critical systems
not only manage check-in
and boarding kiosks,
baggage handling, and
access controls, but also
a raft of airport operations,
resource and infrastructure
management applications.
For individual organizations,
it’s becoming a battle to
safeguard every system,
but they often lack the
knowledge, skills and
resources to know where
to begin. Prioritization is
key and organizations need
to understand what assets
to protect first and allocate
security budgets accordingly.
That’s where a SOC can help.
By assessing the potential
risks to the business and
understanding the effect
these have on IT, a SOC
creates risk mitigation
controls and provides
a ‘control tower’ for attack
detection. All backed
by a 24/7 team of
cybersecurity experts.
www.sita.aero/cybersecurity | 5
Challenges

How can I Cyberattacks have Once an organization has

identified its most critical
maintain protection become more targeted
assets and implemented
at specific points of
of identified vulnerability. At the
protection measures,
it needs to continuously
critical assets? same time, there’s monitor them to support
been an explosion business continuity and
operational efficiency.
in connectivity and
digitalization which The SOC from Airbus
has multiplied risks and SITA is built on an
unparalleled understanding
many times over.
of how to maintain the
For the ATI, this creates ongoing security of ATI
competing priorities. assets, systems and
On one hand, systems procedures. From detection
require stronger, multiple to event and incident
levels of security. On the management, SOC
other, there’s pressure intelligence helps to
to open up platforms prioritize alerts to protect
to improve collaboration, airlines and airports as
deliver operational cost-effectively as possible.
excellence and enhance And it informs how they
customer experience. respond in ways that
mitigate and minimize
There are many systems,
the impact of unusual
devices, resources, assets
cybersecurity activity
and processes that require
and attacks.
unique, industry-specific
cybersecurity controls –
from baggage handling
to common-use platforms.
And then there are
insider-threat risks.

6 | www.sita.aero/cybersecurity

How can I react How fast is your
to safeguard my organization’s reaction
time? Would you even
organization? know if you were being
hacked or attacked?
Today’s cybercriminals
employ clever ways to
disguise and distract
organizations so they
can remain undetected.
Shockingly, 11 percent
of organizations say
it may take up to four
months to detect a
cyberattack*.
Early, intelligence-led
intervention is vital for you
to mitigate business impacts.
Speed is key to stopping an
event becoming an incident,
and eventually a crisis. And a
quick reaction is an essential
component of business
resilience and continuity
when it comes to managing
operations. Effective,
responsive safeguards
require industry-specific
knowledge and intelligence.
* SANS Institute, 2016
Challenges
The SOC reduces
cybersecurity-related
business impacts by
speeding up incident
detection time, thus
reducing attackers’
‘free time’. And a
combination of people,
process and technology
deliver cybersecurity
protection in three layers:
1. The first defense is
human – highly skilled
professionals with
deep industry and
cybersecurity knowledge.
2. Continuous monitoring
and detection processes
are providing round-the-
clock security for the
entire industry.
3. The latest technologies
and tools are used
(such as analytics,
big data and machine
learning) to match the
sophistication and tactics
of cybercriminals.
www.sita.aero/cybersecurity | 7
How our
Aviation SOC works

Tools for
the job

8 | www.sita.aero/cybersecurity
 How our
Aviation SOC works

The time is now

According to international cybersecurity specialists,
DarkMatter, in 2016, the total cost of cybercrime to the
global economy was over US$450 billion*. For airlines,
airports and other ATI stakeholders, this ever-evolving
challenge (and its associated costs) should be an urgent
call to action to co-ordinate effort.

The SOC acts like a cybersecurity ‘control tower’.

With a powerful combination of processes, people
and technology, key SOC features help organizations
detect, analyze, quickly respond to, and report on
cybersecurity events, minimizing their business impact.

Cybersecurity technology

Research highlights the increasing use of technologies in cybersecurity

– by 2018, it predicted:

• 38% increase in the use of big data analytics and behavioral profiling
• 21% increase in the use of automated forensics tools.
(Ponemon Institute, 2015).

* Announced the Interpol World 2017 congress in June

www.sita.aero/cybersecurity | 9
How our
Aviation SOC works

Features
Event management

Explore who accesses your systems by collecting

and analyzing selected and prioritized security
event logs from:
• critical applications and systems
• servers and workstations
• switches and other network appliances
• ATI specific assets.
Security incident management

Stay on top of incidents using an event management tool

– SIEM (Security Incident and Event Management), that:
• correlates events and matches them with generic
and ATI specific predefined rules
• qualifies any matches (managed by analysts) taking
into account the ATI business context.
• identifies security incidents and creates alerts.
Reporting management

Keeping organizations informed with:

• pre-defined sets of reporting processes
• comprehensive alert reports
• reports fitting the ATI context.

10 | www.sita.aero/cybersecurity
 Why choose our
Aviation SOC

Understanding the aviation

business context
Strengthening aviation cybersecurity begins with
looking at the big picture around system protection
and operational risk. Here, the SOC’s know-how
of aviation business applications and IT applications
is essential. It can also save time.

The next step is a Risk Assessment taking into

account the business impact of identified risks.
This establishes the critical business processes
and IT assets that support them.

The last step helps make the detection of threats

as accurate as possible. Here, it’s crucial to identify
the key industry monitoring goals and how they correlate
with the rules and regulations. In other words,
defining what is a regulatory obligation versus best
practice, and meeting the highest industry standards.

www.sita.aero/cybersecurity | 11
Why choose our
Aviation SOC

At the center of the cybersecurity

aviation landscape
Every organization is under pressure to manage costs,
including the investments they make in cybersecurity.
These need to be identified, prioritized and aligned
with industry best practices, known cybersecurity
risks and business constraints, along with current
and upcoming regulations.

While the Cybersecurity Aviation SOC is at the frontline,

it’s part of a wider portfolio of SITA products and services
that help customers meet the cybersecurity challenge.

The portfolio is based on four key pillars: audit,

protect, detect and respond. As a whole, it provides
organizations with effective ways to protect their
assets, detect potential cyberthreats, and respond
to them quickly and comprehensively.

2017 Airline IT Trends survey

of airlines and 96% of airports are planning to invest in major cybersecurity

95% programs over the next three years.

of airlines and 30% of airports believe they are prepared to deal with
35% cyberthreats today.

12 | www.sita.aero/cybersecurity
 Why choose our
Aviation SOC

A perfect combination
Cybersecurity is a global business challenge. Its urgency
and ubiquitous nature make it a top priority for every
organization across every industry. However, the ATI faces
specific challenges and has requirements that demand
expert insight, experience and industry knowledge.

With the threat growing year on year, Airbus and SITA have
joined forces to bring together their in-depth, collective
expertise in aviation and cybersecurity.

The nature of ever-changing threats requires constant

collaboration and innovation. SITA and Airbus are uniquely
placed at the heart of the ATI, and this perfect combination
of intelligence underpins effective cybersecurity programs.

www.sita.aero/cybersecurity | 13
CyberSecurity
Aviation SOC

In a nutshell

Globally, organizations in the ATI face growing

risks and relentless threats to their cybersecurity.
To cut the impact of cyberattacks, SITA and
Airbus have created a Security Operations
Center, (SOC). Combining local presence
with global resources, the SOC offers a
deep understanding of cybersecurity in
aviation that’s second to none.

14 | www.sita.aero/cybersecurity
www.sita.aero/
CyberSecurity
Aviation SOC

www.sita.aero/cybersecurity | 15
 SITA AT A GLANCE
SITA is the communications and IT solution provider
that transforms air travel through technology for airlines,
at airports, on aircraft and at borders. For further information,
please contact SITA by
The company’s portfolio covers everything from managed
telephone or e-mail:
global communications and infrastructure services,
to eAircraft, passenger management, baggage, self-service, Americas
airport and border management solutions. Owned 100%
+1 770 850 4500
by more than 400 air transport industry members,
info.amer@ sita.aero
SITA has a unique understanding of its needs and places
a strong emphasis on technology innovation. Asia Pacific
+65 6545 3711
For further information go to www.sita.aero.
info.apac @ sita.aero

Europe
AIRBUS AT A GLANCE +41 22 747 6000
info.euro @ sita.aero
Airbus CyberSecurity is a trusted partner of Governments,
Military, Enterprise Organizations and Critical National Middle East, India & Africa
Infrastructure across Europe. With sites in Newport,
+961 1 637300
Paris and Munich; Airbus CyberSecurity has highly skilled
info.meia @ sita.aero
and experienced experts developing market-leading
solutions in: Encryption, Key Management, Security
Operating Centres, Threat Intelligence, Industrial Control
Systems and CyberSecurity Consultancy.

Through CyberDefense Centers in the UK, France

and Germany, Airbus CyberSecurity offers a wide range
of services and solutions to ensure the protection
of the customer’s networks, data and endpoints.
By dynamically combining monitoring, early detection
and investigations, Airbus CyberSecurity drastically
reduces the incident response time for attacks. A 24/7
service also ensures that the customer’s security
is always at the forefront or our operation.

Follow us on www.sita.aero/socialhub

© SITA 2017 - 17-BRO-050-1

All trademarks acknowledged. Specifications subject to change without prior notice. This literature provides outline
information only and (unless specifically agreed to the contrary by SITA in writing) is not part of any order or contract.