Aerospace contractors are responsible for some of the world’s most sensitive information. From intellectual property related to research and development, to critical documents outlining national security and U.S. competitive strategy, the industry is one of hackers’ most sought-after targets.
With high-profile data breaches regularly making national headlines, aerospace companies are becoming more aware of their attractiveness to cyber threats. The good news, however, is that the industry is taking proactive measures to protect itself, and tools are evolving in pace with the growing threat of cyber-attacks. A recent study from the Aerospace Industries Association (http://goo.gl/crb5ck) found that two-thirds of respondents in the sector have increased cybersecurity spending during the last year – almost half of that increase has been by 25% or more. Despite these efforts, almost half of all aerospace companies recognized that their vulnerability to cyber threats has increased during the past year.
Yet once cybersecurity budgets are in place and employees are aware of the threat potential, just how can aerospace companies continue to enhance security of their most valuable and vulnerable assets – mission-critical technical data? The following cybersecurity checklist provides a good start. With these steps, companies can continue the journey to ensure end-to-end security and achieve full compliance mandated by the federal government.
Know, prioritize classified information
It’s a common misconception that aerospace contractors should secure every digital document or snippet of data they handle. Instead, many companies need to take a small, but extremely important step in the right direction. They need to recognize, identify, and protect the most sensitive information and know who, when, where, and how it’s being stored.
Think about what a hacker would want and what must be protected – envision the blueprints outlining future aviation plans, email chains discussing national security, intellectual property that would harm a business’ reputation if stolen, or technical data subject to export controls. These types of files should be prioritized and, most importantly, fully safeguarded.
Be aware of insider threats
More often than not, the majority of data compromises are either malicious or careless inside jobs, most famously demonstrated by Edward Snowden’s last days at the National Security Agency. External stakeholders pose huge risks, but internal stakeholders can cause even more damage, with immediate access to all confidential documents and industry trade secrets.
Be aware of – and be imaginative about – insider threats. Despite the high levels of trust within an aerospace organization, the most significant data breaches often do not come at the hands of careless employees. The malevolent invitee into the corporate network can maximize harm because the most significant information is targeted, and the wrongful dissemination of that information is intended.
Focusing on areas such as access and privacy controls, aberrant behavior screens, and other approaches that guard against security threats – not just at the firewall but granularly throughout the system, including at the folder, file, document, and content levels – are required to achieve the most successful security policies and compliance measures.
Choose the proper technology
The rise in cyber-attacks brings a saturated market of secure technology vendors. It’s important to not fall for the best-bang-for-your-buck offering or the first vendor proposal that lands in your inbox.
Aerospace contractors need to ensure the security basics are in place. These essential features include anti-virus and anti-malware, firewalls, email and web content filtering, encryption, folder and file level permissions, group permissions, document rights management, dual or even multi-factor identify authentication, and security information management systems.
For example, data encryption is pivotal when sharing confidential financial information. Whether in transit, in use, or at rest in an appropriately secured operation, data should be encrypted at rest and certainly before it enters the cloud. Identity and contents should be protected by appropriate operator and administrator shielding. Likewise, passwords should be complex in nature – one of the more basic, yet most overlooked, preventative measures.
Educate employees
Employees within an aerospace company are extremely important to overall security. Once step three has been completed, step back and ask yourself, “Does this technology integrate seamlessly with employee workflow?”
If secure tools and resources are too time-consuming or complex to understand, employees simply won’t use them. Technology must be intuitive and have a recognizable user interface that mimics popular business tools.
In addition to evaluating how secure tools will integrate with employee workflow, hold regular employee training sessions to ensure everyone within an aerospace company is aware of the newest security threats and prevention methods. In addition to in-person sessions, conduct online seminars for those working remotely.
Ensure these training seminars cover the most relevant, popular vulnerabilities in the industry today – such as how to identify a phony email containing malware – and ensure that procedures and tools are followed and become routine within the organization.
Don’t ignore compliance
In the aerospace industry, compliance is key to avoiding large financial and reputational penalties. It often becomes public knowledge once a company violates compliance regulations, which is often more damaging than having to pay a fine. Educate yourself and your employees on the appropriate compliance mandates within the industry. Once identified, don’t ignore these critical mandates.
Each year, several aerospace and defense contractors are charged with fines totaling tens of millions of dollars for not adhering to the International Traffic in Arms Regulations (ITAR). Under ITAR, the U.S. government requires all manufacturers, exporters and brokers of defense articles, defense services, and technical data to follow stringent compliance guidelines to protect certain confidential and technical information related to national defense from non-citizens. While very niche and specific, ITAR is just one of many regulations of which you should be aware.
Revisit security measures
Cybersecurity is a continuous cycle of offensive moves being countered by defense. As threats become more sophisticated, and technological advancements such as bring your own device (BYOD) and wearable technology become the norm within a business, the aerospace industry must continually revisit its security measures to ensure they’re up to par with standards and essentially hack-proof.
Brainloop Inc.
www.brainloopitar.com
About the author: William O’Brien is an attorney and the chief operating officer of Brainloop Inc., a national provider of ITAR-compliant, secure solutions for enterprise-wide collaboration and exchange of confidential information. Brainloop is the official ITAR Technical Data Storage Sponsor for Team Miles, a participant in the NASA CubeQuest Challenge.
Explore the August September 2015 Issue
Check out more from this issue and find your next story to read.
Latest from Aerospace Manufacturing and Design
- Piper Aircraft Inc. achieves AS9100 Certification
- Kyocera SGS' KGZ precision cut-off solutions
- Bridging the Skills Gap: A Solution for Today’s Labor Shortage
- Molex to acquire AirBorn
- Nano Dimension's Exa 250vx digital light processing (DLP) 3D printer
- IMTS 2024 Booth Tour: Fagor Automation Corp.
- How Robotics and Automation are Transforming Manufacturing
- Wichita State’s NIAR delivers fiber metal laminate test panel to FAA