US regulators are seeking to revise and simplify the framework for cybersecurity provision on aircraft, in order to harmonise with European certification standards and avoid continually having to issue special conditions.
This revision follows several years of work to address the need to protect against unlawful electronic interference as aircraft systems have evolved – notably since the development of the Boeing 787 – to feature increasing levels of data-exchange and interconnectivity. Previously the US FAA has tackled the cybersecurity requirement by issuing special conditions – rules which apply to individual aircraft or engine designs to overcome safety concerns which are not covered by current airworthiness standards.
Read more…
Source: FlightGlobal News
Related:
- Air India cyber-attack: Data of millions of customers compromised
May 22, 2021
India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February. Details including passport and ticket information as well as credit-card data were compromised. But Air India said security details for credit cards – CVV or CVC ...
- Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
May 21, 2021
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...
- Fresh Loader Targets Aviation Victims with Spy RATs
May 13, 2021
A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan (RAT) malware bent on cyber-espionage. Researchers from Microsoft said this week on Twitter that spear-phishing emails are the main attack vector. Individuals in the aerospace and travel sectors are being targeted with a range of gambits, such as using ...
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests
March 18, 2021
Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...
- Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack
March 8, 2021
Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers. The information technology and communications company, which claims to serve around 90% of the world’s airlines, said that a cyberattack on February 24, 2021 led to “data security incident” involving passenger ...
- Malaysia Airlines suffers data security ‘incident’ spanning nine years
March 2, 2021
Malaysia Airlines has suffered a data security “incident” that compromised personal information belonging to members of its frequent flyer programme, Enrich. The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. The airline had sent out an emailer to Enrich members ...