With over 60 million passengers passing through Dubai International Airport last year, the increase in the number of customers bring additional IT security risks. The culture of BYOD – and general user ignorance – pose great problems for IT decision makers, and these were topics that featured at the top of the agenda at the roundtable.
Saeed Agha represented Palo Alto at the roundtable and put security at the top of the priority list for decision makers as well. “Both safety and security are paramount for businesses in the transportation sector. They need to ensure the continuity of service 24 hours 7 days 24 and 7 and the highest possible quality of service.”
Arun Tewary, Vice President, Information Security and Chief Information Officer, Emirates Flight Catering, framed the issue of security as a global one, which required a drastic change of culture to improve measures, “IT security must be seen at a global level, international level,” he said. “It is not merely an organisational issue. Until that is appreciated, threats cannot be correctly tackled. IT security should become a social responsibility, so the approach towards it is no longer merely reactive. Strategic planning and punishment for security breaches have to be taken to higher level, and offences must be treated for what they are: a crime.”
Rajendra Satam, Technical Manager, IT Security Technology, Emirates Airline, drew on the importance of a strong security culture at user level, and how awareness and good practice are key drivers of security, “Security to customers is our biggest challenge,” he said. “We’re driving internal awareness campaigns, but on the whole communication about security needs to improve.” Satam went on to say that airlines should be quicker to share information with each other about attacks, “Generally speaking, it is not publicised if an airline is hacked,” he said. “The cloud provider will be the focus of attention, and a gradual shift is needed here.”
Vaibhav U. Bhatt, Infrastructure Service Manager, DHL Express, discussed how the UAE’s increasing prosperity has placed an additional burden on airline IT departments, “With Dubai now one of the busiest airports in the world, the increasing amount of passengers puts additional pressure on the aviation industry’s IT departments in terms of security,” he said. “Furthermore, with Expo 2020 on the horizon, this will only further increase. Security awareness is paramount.” Tewary supported this view, “With Dubai gaining ever-increasing attention, I see an increasing threat profile in this region. Big events attract miscreants, and this causes huge problems for us as CIOs.” In the same vein, Satam acknowledged the region’s growth as having damaging side effects in the context of IT security, “Being an emerging market undoubtedly puts additional strain on the region,” he said. “The growth of Emirates is linked to the growth of Dubai, and this has necessitated that we move into a proactive approach to security.”
Eng. Nouri Safwan Othman Agha, Network Security Engineer, aeCERT, stressed how his company was seeking to support aviation companies – as well as other sectors – to achieve stronger security cultures, “We are currently working very hard to collaborate with UAE-based aviation companies,” he said. “Emirates is currently supporting us, and we are working hard to get Etihad on board. In my experience internal security issues are harder to solve than external ones, and this is something that has to be worked on.”
Ahmer Khan, Network and Security Engineer, GCAA, discussed IT departments have a huge responsibility to educate others within an organisation, “Most organisations don’t practice threat prevention; business users don’t know what’s going on,” he said. “When dealing with critical data, everything depends on IT, and it is IT’s responsibility to inform others of best practices.”
Agha agreed that the user needs to take responsibility for their company’s devices as well, but that ultimately the organization needs to ensure the devices security, “That’s why it’s necessary to check if devices are compliant with policy before allowing them access to corporate networks and resources. It’s also necessary to take further steps to protect other devices from becoming infected. Organizations also need to go one step further than just protecting the device, they also need to protect the data that the device can access, which brings yet another dimension to the security requirements.”
The participants of the round table agreed that the aviation industry presents some unique challenges when it comes to IT security, and that those challenges will only become more complex in the future. However, the outlooks isn’t so grim. With solid security measures in place and IT departments that keep a keen eye out, the aviation industry is sure to have a pleasant journey.