Aircraft Solutions Security Vulnerability in Software and Policy

  • Uncategorized

AIRCRAFT SOLUTIONS SECURITY VULNERABILITY 8

AircraftSolutions Security Vulnerability in Software and PolicyRecommendations

AircraftSolutions Security Vulnerability in Software and PolicyRecommendations

Definitionof the solution

Softwaresolutions: Combination Host and Network-based Intrusion DetectionSystem (IDS)

Airlinesnetwork traffic requires monitoring as a security measure. Both thenetwork-basedintrusion detection system (NIDS) and host-based intrusion detectionsystem (HIDS) screen and scrutinize ongoing and incoming traffic withthe purpose of protecting the system from software-basedvulnerabilities.Aircraft Masters should have both HIDS and NIDS since they havedifferent features that allow them to detect network-based threats.HIDS is able to detect activities that are only an administrator’sresponsibility and monitor changes to key files or an attempt tooverwrite them. NIDS on the other hand is offers real-time detectionenabling quick response to software threats. Having only HIDSprevents the Aircraft Masters from benefiting from real-timesolutions important in preventing threats.

Increasingcomplexities in the aircraft technology is its worst enemy (Wolf,Minzlaf, &amp Moser, n.d.). These complexities, according to Wolf,Minzlaf, &amp Moser, n.d., arise because of the following reasons.One, more codes attract more bugs posing a security threat. Two,increasing modular is increasing interactions which risk security.Three, the systems presents major constraints when testing, analyzingor evaluating.Four, the systems are harder to design, implement and configuresecurely. Five, the systems become harder to understand fordevelopers and users. AlienVault USM provides intrusion detectionsystems, which are unified, havesynchronized security screening, continuous threat intelligencemechanism, simple security event management, and reporting mechanism,fast deployment capabilities, and multiple security functions withoutmultiple consoles.Aviation infrastructure must be totally integrated to ensure thatfailures due to human and computer errors are eliminated (Neumann,1997). AlienVault USM systems have integrated SIEM correlation withover 2,000 correlation directives which alerts the administrator onpotential threats. It offers a free 30-day trial which will enablethe Aircraft Masters decide on its effectiveness. The company alsoprovides installation, training and regular maintenance upgrades.This ensures that the software they install will be efficient and runover time.

Policysolutions: Chief Information Officer reporting to Aircraft Masters’administrator

Inthe IT infrastructure, compromised information pose a security threatto an aircraft. Aircrafts rely on a lot of internal and externalcommunications. Incorrect information passed on to an aircraft putsit under security threat. Sealing holes of information leakage orcompromise is important to aircrafts. A Chief Information Officer(CIO) is responsible developing, implementing and enforcing securitypolicies. This management structure is in line with the Clinger-CohenAct requirements (Dillingham, 2000). Lack of a CIO who directlyreports to the Aircraft Masters’ administrator, means that computersecurity policy is not well enforced. Having systems in place withoutqualified individuals to interpret them will waste the company’sresources. The CIO will also ensure that the IT equipment purchasedis of good quality and in line with Aircraft Masters’ standards.

Justification

Inthe modern digitized aircrafts, network-based threats are everincreasing. These threats range from malicious infections,terrorists, hackers, intelligence services to competitors. A safe,secure and reliable system is important in ensuring that thesethreats do not jeopardize aircrafts. Having both the HIDS and NIDSwill ensure that all threats are detected and responded to inreal-time. AlienVault USM maintains a close relationship with theirclients by providing support for their products. In addition toinstallation, they provide training and regular maintenance upgrades.This will ensure that the systems secure from tampering by outsidersor maintainers who might cause them harm. The system will include anetwork sensor and console software. A network sensor at AlienVaultUSM goes for $8,000 while console software goes for $38,000.

Dueto internal threat posed to aircrafts, the security systems need tobe monitored restrictively. People, even well meaning ones, arealways a potential threat to security and need both computer literacyand restriction to sensitive information (Neumann,1997).Terrorists and hackers utilize the weak links to access sensitiveinformation on aircrafts. Having a CIO will ensure that employees,who could cause potential security threats, are restricted fromaccessing sensitive information. Any employee other than the CIO willhave to undergo thorough background investigations before beingallowed to access sensitive information. In addition, the CIO willensure that the security policies are developed, implemented andenforced. He will coordinate all security matters and ensure thatpotential threats are reported with immediate effect to theadministrator. The CIO will ensure that there is accountability ofsecurity details within Aircraft Masters. An experienced CIO willrequire a salary of $ 200,000 per year.

Impacton business processes

Thesafety of an aircraft is of great importance due to the network-basedthreats earlier mentioned. With the ever increasing security breachesin aircrafts, travelers are becoming more wary of using threat-proneairlines. Installing NIDS is crucial to ensuring travelers that theirsecurity is guaranteed. This will maintain and expand the customerbase of Aircraft Masters to a great extent. According the pastcustomers of AlienVault USM, their businesses registered a growth ofbetween 40-60 percent due to mitigated risks. This proves that thesystem will ensure return on investment as well as add profits to thebusiness. Aviation masters will have recovered the cost of installingthe systems within one year and register growth due to customerconfidence and reliable systems.

Therole of CIOs is constantly evolving such that they are becoming a keyfactor in the success of organizations. A qualified CIO is able tointegrate the business aspect of an organization into the ITdepartment. A skilled CIO can increase the business turnover by 40-50percent due to having the right IT facilities and decreasing threats.

Conclusion

Aircraftsare increasingly facing threats due to technological advancements.Companies must therefore invest in proper facilities and policiesthat will enable them measure up to the threats. Currently, AircraftMasters only has HIDS. It should have both HIDS and NIDS since theyhave different features that allow them to detect network-basedthreats. HIDS is able to detect activities that are only anadministrator’s responsibility and also monitor changes to keyfiles or an attempt to overwrite them. NIDS on the other hand isoffers real-time detection enabling quick response to softwarethreats. A safe, secure and reliable system is important in ensuringthat these threats do not jeopardize aircrafts. AlienVault USMprovides intrusion detection systems, which are unified,have synchronized security screening, continuous threat intelligencemechanism, simple security event management, and reporting mechanism,fast deployment capabilities, and multiple security functions withoutmultiple consoles. Thismeans that their systems are easy to use and lack unnecessarycomplexities which are likely to pose security threats. The companyalso maintains a close relationship with their clients by providingsupport to their products. In addition to installation, they providetraining and regular maintenance upgrades. According the pastcustomers of AlienVault USM, their businesses registered a growth ofbetween 40-60 percent due to mitigated risks. This proves that thesystem will ensure return on investment as well as add profits to thebusiness. Aviation masters will have recovered the cost of installingthe systems within one year and register growth due to customerconfidence and reliable systems.

Threatsto aircraft security range from malicious infections, terrorists,hackers, intelligence services, competitors to employees. Aircraftsrely on a lot of internal and external communications. Incorrectinformation passed on to aircraft puts it under security threat.Sealing holes of information leakage or compromise is important tosecurity. A central security enforcer is therefore important inensuring that the security department is well coordinated. A ChiefInformation Officer (CIO) is responsible developing, implementing andenforcing security policies. This management structure is in linewith the Clinger-Cohen Act requirements (Dillingham, 2000). Lack of aCIO who directly reports to the Aircraft Masters’ administrator,means that computer security policy is not well enforced. Having aCIO will ensure that employees, who could cause potential securitythreats, are restricted from accessing sensitive information. Anyemployee other than the CIO will have to undergo thorough backgroundinvestigations before being allowed to access sensitive information.He will coordinate all security matters and ensure that potentialthreats are reported with immediate effect to the administrator. Aqualified CIO is able to integrate the business aspect of anorganization into the IT department. A skilled CIO can increase thebusiness turnover by 40-50 percent due to having the right ITfacilities and decreasing threats.

References

Dillingham,G. (2000, April 06).&nbspAVIATIONSECURITY: Vulnerabilities Still Exist in the Aviation SecuritySystem.Retrieved August 18, 2016, from http://www.gao.gov/,http://www.gao.gov/assets/110/108370.pdf

Neumann,P. (1997, January 15).&nbspComputersecurity in aviation: Vulnerabilities, threats, and risks.Retrieved August 18, 2016, from http://www.csl.sri.com/,http://www.csl.sri.com/users/neumann/air.html

Wolf,M., Minzlaf, M., &amp Moser, M.&nbspInformationTechnology Security Threats to Modern e-Enabled Aircraft: ACautionary Note.Retrieved August 18, 2016, from http://www.marko-wolf.de/,http://www.marko-wolf.de/files/WoMiMo14_Aircraft_IT_Security.pdf

Close Menu