cyber attacks - ccr · 2018-03-31 · maintainence records gps communications usb ... the...

Prepared by Aon Risk SolutionsAviation

Cyber AttacksAre you Prepared?

Future of Cyber

Aon Risk Solutions | AviationProprietary & Confidential

2Copyright Aon UK Limited. All rights reserved.Aon UK Limited is authorised and regulated by the Financial Conduct Authority.

Source of Threats



Cost of Cyber



Cost of Cyber

Financial Cost of Attacks



Approaches to Cyber



Approaches to Cyber

Who Buys Cyber Insurance



Stakeholder Differences



New Technology Big Opportunities





“As we move into having smart workplaces and offices,you’re really talking about a technology backbone that’s

driving an organization”

“What impact can that have on a business? What arethe potential losses to an organization if you have a

network security breach that results in property damageor bodily injury?”

Stephanie Snyder Tomlinson, a cyber insurance expert at Aon



“As we move into having smart workplaces and offices,you’re really talking about a technology backbone that’s

driving an organization”

“What impact can that have on a business? What arethe potential losses to an organization if you have a

network security breach that results in property damageor bodily injury?”

Stephanie Snyder Tomlinson, a cyber insurance expert at Aon

Digital Threats Turn Physical

An unfortunate side effect to some of the most high-profile recent cyber breaches is that many have come toregard cybercrime as solely a privacy issue. It can be far more complex than that.

“If there is a failure of network security or systems,” warns Snyder Tomlinson, “there could be a resultantbusiness income loss. It could be intangible loss in terms of loss of data information assets or, especially aswe move into relying more heavily on technology and the Internet of Things, it could be tangible loss as well.”

You don’t need to look very far to get a sense of the potential risks to property and other physical assets whenthe Internet of Things begins to help run a workplace. As organizations grow increasingly dependent ontechnology to run their businesses and offices, the attack surface for cybercriminals increases dramatically.Each new device represents an additional access point for hackers.




These scenarios can sound like something out of a science fiction film:– Does your building have computerized entry or elevator systems, with employees issued smartcard keys

for access? Hackers could take control and lock down your building, trapping employees and visitorsinside.

– Computer-controlled electricity or water supplies can be shut down, rendering working impossible.– Connected thermostats are becoming increasingly common – these could be taken over, shutting off

heating in winter, air conditioning in summer, or driving temperatures to unbearable levels, making youroffice unusable.

– Logistics servers managing orders and deliveries could be hacked into, with real orders cancelled, falseorders placed, or essential supplies redirected to the wrong locations, disrupting your supply chain.

– Factory robots could be set to destroy rather than create your end products.– HVAC systems in a company data center could be overridden, causing a rise in temperature that could

render network servers inoperable.– Fire alarm systems can be turned off just as real-world arsonists attack.



These scenarios can sound like something out of a science fiction film:– Does your building have computerized entry or elevator systems, with employees issued smartcard keys

for access? Hackers could take control and lock down your building, trapping employees and visitorsinside.

– Computer-controlled electricity or water supplies can be shut down, rendering working impossible.– Connected thermostats are becoming increasingly common – these could be taken over, shutting off

heating in winter, air conditioning in summer, or driving temperatures to unbearable levels, making youroffice unusable.

– Logistics servers managing orders and deliveries could be hacked into, with real orders cancelled, falseorders placed, or essential supplies redirected to the wrong locations, disrupting your supply chain.

– Factory robots could be set to destroy rather than create your end products.– HVAC systems in a company data center could be overridden, causing a rise in temperature that could

render network servers inoperable.– Fire alarm systems can be turned off just as real-world arsonists attack.


This may sound far-fetched, but it has already become a reality. A cyber attack on a German steel mill in late2014 caused immense physical damage after hackers installed malware on the network. “It caused the blastfurnace to be unable to be shut down, leading to massive property loss,” says Snyder Tomlinson. “Theproperty loss arose from a network security breach. It’s a perfect example of the potential risks when you havecompanies that are relying on technology to run their business.”



Aviation Cyber Risks



Aviation Cyber Risks

Risks include

Website defacement Attacks against online reservation or passenger information systems Interference with communications Blocking navigation Hacking an aircrafts avionics or other critical components

– Either externally or from within the aircraft Disabling airports and other ground support apparatus Viruses Malware Attacks from countries/terrorist organisations/industrial espionage



Website defacement Attacks against online reservation or passenger information systems Interference with communications Blocking navigation Hacking an aircrafts avionics or other critical components

– Either externally or from within the aircraft Disabling airports and other ground support apparatus Viruses Malware Attacks from countries/terrorist organisations/industrial espionage

Risk to Aircraft

Cockpit Artificial Horizon Radar Throttle Flight Control Computer Control Stick

Aircraft Flight Surfaces Maintainence Records GPS Communications USB Wi-Fi



Passenger Laptop

Communication Channels Technology Risks

Mobile Devices



Aircraft Manufacturer

Ground Station ATC Ground Radar Airline HQ

Passenger Laptop

WWW

Data

Examples of Recorded Incidents

Company Affected Description of EventAmerican Airlines A malfunction of an iPad application that offers navigation maps for pilots led to the cancellation or delay

of over 50 flights across the country. The pilots were forced to return to the terminal and download afixed application before proceeding on their flights version.

Lufthansa, American Airlines,United Airlines, British Airlines,Japan Airlines (Security Breaches)

The frequent flyer programs were compromised. Hackers used botnets to launch the attack, using liststo match user names with passwords. Once agreed, the numbers of stolen frequent traveler were usedto purchase flights and redeem other benefits. Hackers did not have access to the database of theairline and no personal information was compromised.In the case of BA million accounts affected were reportedAA, United Airlines offered credit monitoring service to affected customers.

Hobart International Airport andMalaysian Airlines

The airport's website was hacked and its home page replaced with a pro-Islamic State message.Although airport operations were not affected, the site was disabled for several hours.A similar incident happened to Malaysia Airlines, just after the fatal incidents in 2014, where a groupcalled "Official Cyber Caliphate" hacked their web page and replaced information with a photo of a Lizardwith a hat and a message saying 404 - Plane not found

El Al Israel's national airline, El Al, was the victim of a coordinated DoS attack affecting its online bookingsystem. The website and would not load and it was unable to process new reservations. Hacktivistsrepeatedly queried the information database of flight information – bypassing the traditional cybersecurity safeguard embedded in e-commerce websites



Company Affected Description of EventAmerican Airlines A malfunction of an iPad application that offers navigation maps for pilots led to the cancellation or delay

of over 50 flights across the country. The pilots were forced to return to the terminal and download afixed application before proceeding on their flights version.

Lufthansa, American Airlines,United Airlines, British Airlines,Japan Airlines (Security Breaches)

The frequent flyer programs were compromised. Hackers used botnets to launch the attack, using liststo match user names with passwords. Once agreed, the numbers of stolen frequent traveler were usedto purchase flights and redeem other benefits. Hackers did not have access to the database of theairline and no personal information was compromised.In the case of BA million accounts affected were reportedAA, United Airlines offered credit monitoring service to affected customers.

Hobart International Airport andMalaysian Airlines

The airport's website was hacked and its home page replaced with a pro-Islamic State message.Although airport operations were not affected, the site was disabled for several hours.A similar incident happened to Malaysia Airlines, just after the fatal incidents in 2014, where a groupcalled "Official Cyber Caliphate" hacked their web page and replaced information with a photo of a Lizardwith a hat and a message saying 404 - Plane not found

El Al Israel's national airline, El Al, was the victim of a coordinated DoS attack affecting its online bookingsystem. The website and would not load and it was unable to process new reservations. Hacktivistsrepeatedly queried the information database of flight information – bypassing the traditional cybersecurity safeguard embedded in e-commerce websites

Examples of Recorded Incidents

LOT AIRLINES, IT SYSTEM ATTACKED AND THE AIRLINECANCELLED 20 FLIGHTS AND GROUNDED 1,400

PASSENGERS

FBI CLAIM A SECURITY RESEARCHER CAUSED A PLANESENGINE TO CLIMB WHEN HE GOT INTO THE SYSTEM WHILEON A UNITED FLIGHT (NOT SURE WHEATHER HE ACTUALLY

MANAGED TO TAKE OVER THE JET)



LOT AIRLINES, IT SYSTEM ATTACKED AND THE AIRLINECANCELLED 20 FLIGHTS AND GROUNDED 1,400

PASSENGERS

FBI CLAIM A SECURITY RESEARCHER CAUSED A PLANESENGINE TO CLIMB WHEN HE GOT INTO THE SYSTEM WHILEON A UNITED FLIGHT (NOT SURE WHEATHER HE ACTUALLY

MANAGED TO TAKE OVER THE JET)

Cost of Cyber



Cost of Cyber

Scope of Cyber Insurance Coverage

Liability SectionsDefense Costs + Damages

+ Regulator Fines

Failure of NetworkSecurity

Failure to Protect/Wrongful Disclosureof Information,including employeeinformation

Privacy or Securityrelated regulatorinvestigation

All of the abovewhen committed byan outsourcer

First Party SectionsInsured’s Loss

Network-relatedBusinessInterruption

System FailureBusinessInterruption (somepolicies)

DependentBusinessInterruption (somepolicies)

Extra Expense

Intangible Assetdamage

Property Damage(some policies)

Expense/Service SectionsExpenses Paid to Vendors

Crisis Management

Breach-relatedLegal Advice

ForensicInvestigation

Breach Notification

Call Center

Credit Monitoring,Identity Monitoring,ID Theft Insurance

Cyber ExtortionPayments/Assistance



Failure of NetworkSecurity

Failure to Protect/Wrongful Disclosureof Information,including employeeinformation

Privacy or Securityrelated regulatorinvestigation

All of the abovewhen committed byan outsourcer

Network-relatedBusinessInterruption

System FailureBusinessInterruption (somepolicies)

DependentBusinessInterruption (somepolicies)

Extra Expense

Intangible Assetdamage

Property Damage(some policies)

Crisis Management

Breach-relatedLegal Advice

ForensicInvestigation

Breach Notification

Call Center

Credit Monitoring,Identity Monitoring,ID Theft Insurance

Cyber ExtortionPayments/Assistance

Effective Cyber Response



Effective Cyber Response

Cyber Risk Assessment Steps



Cyber Assessment Checklist



cyber attacks - ccr · 2018-03-31 · maintainence records gps communications usb ... the...

Documents