Information security is one of the most important aspects of management in the contemporary business landscape. Companies in the aviation industry are expected to apply the confidentiality, integrity, and availability (CIA) triad to realize the goal of information security. The Federal Aviation Administration (FAA) collaborates with security sector agencies such as the Transport and Security Administration (TSA) and the Department of Homeland Security to ensure the availability of secure and safe information management environments in the aviation sector.
This paper finds it crucial to review the FAA Aircraft Systems Information Security Protection (ASISP) by presenting a business case that relates to information safety in the aviation sector. Moreover, it will address various existing and emerging threats that undermine the application of the CIA triad in this industry.
The Need for Information Security in the Aviation Sector: A Business Case
The enhancement of information security goes a long way in mitigating issues such as data breaches, thus alleviating losses associated with the poor management of information. According to Skaves (2015), the FAA, through the ASISP, fosters aviation safety (AVS) by providing solutions that focus on securing data and the environment. The ASISP contributes to the reinforcement of the AVS.
Particularly, it constitutes a workgroup tasked with providing recommendations for rulemaking, policies, and best practices for airplanes and rotorcraft. It achieves this goal by focusing on certification and airworthiness. Overall, the FAA ASISP underlines the need for information security by encouraging the adoption of NextGen systems and aircraft networks that reduce risks associated with the security of information (Skaves, 2015). The ASISP further facilitates the sustainability of the operating environment by ensuring the safety of information, thereby enhancing the growth of the aviation sector.
In August 2016, Delta Air Lines experienced a computer outage that led to not only the cancellation of over 700 flights but also delays in service provision. The management of this airline company identified power outage as the reason for the aircraft system malfunction. Airport screens displayed incorrect information regarding the timing of flights (CBC News, 2016). Nonetheless, the IT systems outage that interrupted flight schedules is believed to have emanated from cyberattacks, which jeopardized Delta’s airplane systems. In January 2017, this organization experienced yet another IT systems disruption that prompted the cancellation of at least 150 flights.
Before this incident, the FAA issued a ground stop for all Delta flights to domestic destinations due to computerization issues. This IT systems interruption also triggered delays upon landing, especially at Delta’s hub airports (Ribeiro, 2017).
The above two instances of computer systems interferences at Delta Air Lines raised concerns regarding the security of customers’ information and the safety of flights. The move by the FAA to issue a ground stop to Delta’s domestic flights also suggested that this company’s computer systems were vulnerable to information security threats. As such, Delta needed to consider applying effective security measures to mitigate risks posed to aircraft systems and networks.
Existing and Emerging Threats Affecting the Information Security Triad
Several existing and emerging threats have been perceived to influence aspects of confidentiality, integrity, and availability in the information security triad. The confidentiality feature focuses on controlling the accessibility of information. The integrity category of the information security triad emphasizes the modification of data assets only by authorized individuals or agencies. Moreover, the availability aspect relates to the accessibility of reliable information by approved stakeholders (Schell, 2016). Nevertheless, the aviation sector is exposed to threats that undermine the ability of airplane companies to effectively secure their information systems and networks using the CIA triad.
Tuna et al. (2017) identify the poor administration of information systems, insecure networks, social engineering, intrusion, and malware injection as major threats to the confidentiality aspect of the information security triad. Additionally, perceived and emerging threats that destabilize the integrity aspect of information security entail network and software vulnerabilities as well as intrusion attacks (Schell, 2016).
Network susceptibility may include Denial of Service (DoS) attacks, worms, viruses, zero-day interferences, and spyware. Software vulnerabilities emerge from weaknesses associated with applications and operating systems. Furthermore, the availability of hacking tools has been identified as a major risk to the integrity aspect of the information security triad (Tuna et al., 2017). Threats such as DoS attacks, natural and manmade disasters, poor passwords, improper security architecture, and outdated software and applications undermine the availability facet of information security (Schell, 2016).
Other risks include poor configuration management, insufficient storage and backup, and cloud computing vulnerabilities. The establishment of proper AVS measures, especially by adopting solutions provided by the FAA, is crucial in mitigating issues that interrupt the security of information in the aviation environment.
The aviation sector is prone to information security threats that have the potential of destabilizing the normal operation of airplane systems and networks. The FAA through the ASISP provides a collection of solutions that address threats that compromise the safety aspect of the AVS. Nonetheless, it is vital for airline companies and agencies such as the FAA, TSA, and the Department of Homeland Security to continually collaborate in developing appropriate measures for reducing current and emerging threats posed to the CIA information security triad.
CBC News. (2016). Delta says 740 flights canceled after worldwide system outage. Web.
Ribeiro, J. (2017). About 150 Delta flights in the US canceled after systems outage. Web.
Schell, R. R. (2016). Cyber defense triad for where security matters. Communications of the ACM, 59(11), 20-23. Web.
Skaves, P. (2015). FAA aircraft systems information security protection overview. Herdon, VA: IEEE. Web.
Tuna, G., Kogias, D. G., Gungor, V. C., Gezer, C., Taşkın, E., & Ayday, E. (2017). A survey on information security threats and solutions for machine to machine (M2M) communications. Journal of Parallel and Distributed Computing, 109, 142-154. Web.