IT security and counterterrorism experts from TAL Gobal Corporation implored the audience at RSA Conference to consider the unintended ways in which aircraft systems and networks, essentially “computers that fly,” could be used for malicious intent.
According to Lawrence Dietz, general counsel and managing director of information security at TAL Global, this attack path, which also falls under the Internet of Things (IoT) threat category, could serve as a prime example of how terrorists may aim to exploit unknown security vulnerabilities in the future that impact public safety.
The Friday morning session, called “Cyber Security and Aviation,” also addressed how social engineering can be used by terrorists who taunt the public through social media platforms, like Twitter, in an attempt to spread fear and encourage operators to waste resources responding to threats.
Erroll Southers, managing director for counterterrorism and infrastructure protection at TAL Global, told attendees that some “air scares,” which didn’t result in physical harm, can still result in billion-dollar losses, if operators are forced to shut down an airport, for instance. Failed attacks have historically caused changes in airport policy and procedures, moves also intended to hemorrhage critical infrastructure resources.
Both Southers and Dietz agreed that, in order to diminish the impact of these false threats, operators can best handle the situation by getting in front of the incident and being transparent with the public and media.
“You don’t want to not tell people what you’ve got [going on],” Southers said. “You’ve got to be transparent because everyone is so connected today,” he added later, explaining that ignoring or misrepresenting the issue can backfire, causing more panic and potentially undue scrutiny.