Tag Archives: air traffic controllers cyber threat

‘Unrelenting’ cyber threats rising, warns government

Industries targeted. by cyber hackers image ACSC www.intelagencies.com

Industries targeted. Photo: ACSC

Cyber threats are on the rise and becoming more difficult to defend, with businesses increasingly targeted by cyber criminals, an alarming new report from the nation’s top security brass warns.

The inaugural Australian Cyber Security Centre report – collated by the Australian Federal Police, the Australian Security Intelligence Organisation, the Defence Intelligence Organisation, the Australian Crime Commission, the Computer Emergency Response Team (CERT) Australia and the Australian Signals Directorate – tips the cost of these rising threats at more than $1 billion annually and rising.

Cyber attacks reported to the ASD leapt from 313 in 2011 to 1131 in 2014, while CERT responded to 11,073 threats to businesses in 2014.

Incidents responded to by ASD image ACSC www.intelagencies.com

The agencies conceded there were “gaps in our understanding of the extent and nature of malicious activity”, particularly in the private sector.

Clive Lines, Australian Cyber Security Centre co-ordinator, said the report demonstrated that the cyber threat to Australian organisations were “undeniable, unrelenting” and continuing to grow.

The five sectors most at risk of cyber attack were energy, banking, communications, defence and transport.

The number, type and sophistication of cyber threats was increasing in Australia, making detection and response more difficult, the report said.

Confirmed compromises against Australian government systems have fallen since 2012, however.

The report warned of worrying trends including the rise of “cybercrime-as-a-service”, where those inexperienced in the dark arts of the web could simply hire others to commit a cyber crime for them.

It detailed examples of how widely reported vulnerabilities such as Heartbleed and Shellshock had impacted a range of systems in Australia.

One alleged offender was charged with several counts of attempted unauthorised access to 12 Australian servers, after attempting to access sensitive data more than 360 times via the Heartbleed vulnerability.

The report warned complacency and compromise were options that “Australia cannot afford”, with the consequences of inadequate cyber security potentially including financial loss, reputational damage, intellectual property theft and disruption to business.

“Organisations must move now to implement cyber security measures to make Australia a harder target, increase the confidence of Australians when they are online, and maximise the benefits of the internet for Australian organisations,” it said.

ooo

Henry Sapiecha

Rep. John Katko to FAA: Take steps to prevent cyberattacks on airplanes

Katko1-on airport security image www.intelagencies.com

U.S. Rep. John Katko is calling on the Federal Aviation Administration to address concerns that airplanes are vulnerable to cyberattacks after a Government Accountability Office report found a hacker could access the plane’s controls using its wireless Internet system. 

The GAO report said the FAA has taken action to protect its air traffic control systems, but the agency will continue to face challenges because it hasn’t implemented a model to help identify cybersecurity threats. And while the GAO acknowledges that the FAA has taken some steps to develop such a model, it hasn’t dedicated the funding or time needed to finalize the plan.

A co-requester of the report, Katko, R-Camillus, said GAO’s findings are “troubling.”

“This report exposes an enormous vulnerability in our system — that any traveler could gain unauthorized access to cockpit avionics systems from the cabin,” Katko, chairman of the House Homeland Security Subcommittee on Transportation Security, said in a statement.

“Nearly 14 years since 9/11, terrorists have adapted both to our airport security protocols and to the modern communication systems used in aircraft systems, requiring us to be agile and resourceful in ensuring airport and in-flight security.”

In its report, the GAO recommended that the FAA should assess the cost and time needed to develop a cyberthreat model and add the Office of Aviation Safety to the agency’s Cyber Security Steering Committee.

The GAO also advised that the FAA should develop a plan to implement revisions to federal cybersecurity standards.

“In light of the significant threats we face, I urge FAA to quickly implement the GAO’s latest recommendations to eliminate these vulnerabilities and prevent cyberattacks on aircrafts in flight,” Katko said.

According to the report, the FAA agreed to two of the recommendations. But the agency said the Office of Aviation Safety “is sufficiently involved in cybersecurity” and won’t be added to its Cyber Security Steering Committee.

ooo

Henry Sapiecha