In 2018, as per the International Air Transport Association (IATA), 4.3 billion passengers flew on over 46 million flights. This movement of passengers, and of goods, is facilitated by a complex system of airlines, manufacturers, government regulators, and other stakeholders. Regular testing and consistent training identify gaps and support remediation efforts that ensure safety.
Safety for the aviation industry is confirmed through exhaustive testing. For example, aircraft engines undergo extensive testing on the ground and in the air, including in freezing and other extreme weather conditions, and in simulation of ultra-long-range flights. Additional testing includes penetrant testing, eddy current testing, bird strike testing, acceleration testing, altitude testing, EMC/EMI testing, vibration testing, and DO-160 testing. Comprehensive testing empowers stakeholders to identify gaps in safety and implement remediation safeguards before service deployment.
Training is also critical for the safety of the aviation industry. Experts provide training according to the latest regulatory procedures, new standards, and emerging demands of the sector, for air navigation service providers and civil aviation authorities, airline management and operators, airport operators, cargo and logistics personnel, security, as well as maintenance and ground operators, among other stakeholders. Frequent training empowers all industry stakeholders to provide the highest quality service that upholds the industry’s high standards for safety.
According to IATA, the industry’s track record on safety is owed to the spirit of cooperation that exists between airlines, manufacturers, government regulators, and other stakeholders. Stakeholders work together to consistently deliver the highest safety scores for long-distance travel in the world.
With the accelerated adoption of complex IT and OT systems, cyber security is a critical area of concern for the aviation sector. Significant investments have been made to strengthen the people, processes, and technology that comprise cyber security programmes. However, these investments often lack the critical functions of testing and training that are necessary to ensure organizations can identify and respond to a breach by a malicious actor.
Red Team assessments are the only way for an organization to test and train for a cyber security breach. Like safety in the commercial aviation industry, there is no software, tool, or personnel that can protect an entire organization in one fell swoop. In fact, even if an organization has all the best tools, processes, and people, their ability to respond to and recover from a malicious actor that has breached their perimeter will directly reflect their experience in testing and training.
Red Teaming is adversarial emulation based on the real-world tactics, techniques, and procedures of an organization’s adversaries. The assessment measures the effectiveness of the people, processes, and technology to identify, protect, detect, respond to, and recover from a cyber-attack. Red Canari’s Red Teams train and improve an organization’s overall security capabilities by sharpening its response to threats in real time. The assessment should be a critical tool for IATA members to measure their incident response capabilities and identify critical gaps in their cyber security programmes.
Thirstan Falconer
Director, Marketing & Partnerships
Red Canari
