July 10, 2019
Stronger and Safer Together: Aviation Leaders Talk Cyber Resilience at Annual Summit
With the ever-increasing reliance on electronic systems and cyber networks, cyber security is a growing focus – especially in a risk-adverse industry like civil aviation. To-that-end, the 5th Annual Cyber Summit was a unique and important opportunity for leaders and security practitioners in this sector to share best practices and strengthen their unified posture.
Hosted in Ottawa by NAV CANADA, Air Canada and the Ottawa International Airport, the Cyber Summit was a two-and-a-half-day event beginning June 11, 2019. Present at the event were representatives from Canadian and international airlines, airports, government agencies and air navigation services.
The theme “Stronger and Safer Together” was the connecting thread throughout the various keynote presentations on the agenda. This theme expands on the notion that we are all connected — not just in the air navigation business, but throughout the related sectors and enterprises that make up the aviation industry. Leaders must work in harmony towards cyber resilience, protecting critical infrastructure, information and communication technology systems and data against threats.
During the opening remarks, NAV CANADA’s CIO, Claudio Silvestri reaffirmed that, “in our industry, the aviation industry, safety is paramount — the first consideration in virtually every decision we make. And today, I don’t think it is possible to over-state the importance of cyber security to assuring safety.”
#CyberSecurity is top-of-mind for all IT leaders, especially in aviation. Our Vice President and CIO Claudio Silvestri offers some sound business advice on “talking to your board about cybersecurity” in this @itbusinessca article. https://t.co/NZKjmsMAfo#infosec
— NAV CANADA (@navcanada) July 3, 2019
Silvestri further stressed that, “because of our interconnectedness, a vulnerability or a door left open in one area can potentially admit unwanted guests to another. Improving the efficiency and effectiveness of our organizations means growing the connections between information technology and operational technology.”
In his welcome message, NAV CANADA CEO Neil Wilson re-emphasised this. “Cyber threats are changing the way we all do business,” he said. “The disruption of services from a cyber event could have far reaching consequences for aviation. Sharing information and intelligence is an important step in reducing the risk of such a debilitating attack, as well as increasing the effectiveness of the response when one occurs.”
The event proceeded with presentations from various notable leaders in this space. Kicking off the keynote presentations was retired Major General and Cyber Force Commander Greg Loos, who is now an executive partner with Gartner Group. Drawing from his own experiences and from the latest industry trends and research, Loos drew parallels between preparedness in cyber security and his military experience, saying, “cyber security is a team sport. Share amongst the team members, prepare team responses for the inevitable, and practice.”
The first day also included Paul Hanley, the National Lead Partner for Cyber Innovation for Deloitte. He provided an up-date on new methods of cyber disruption in aviation. Hanley underscored an important point: with the growing challenges of cyber risks, the way in which the aviation sector protects against and responds to technology related issues, as well as other impactful cyber events, is critical to the trust people have in the sector. In other words, the aviation sector should be preparing now for the future of cyber risk and the impact of new technology.
To prepare for such risk, a tabletop exercise was a new addition to this year’s summit. The exercise was uniquely designed and facilitated by Good Harbor Security Risk Management, an advisory firm led by former White House national security coordinator Richard Clarke. Custom tailored, with the Canadian aviation industry in mind, the cyber security exercise provided a realistic cyber threat scenario developed to put the attendees’ crisis management skills to the test. It included realistic scenarios that evaluated existing plans and capabilities, in hopes that it would heighten executive awareness and strengthen the ability to respond to a real cyber security crisis.
Other notable presentations tackled topics related to long-term strategic planning, such as international collaboration, industry regulation and cyber insurance. As well, presentations covered actions that should be implemented in the short term, like security best practices, imminent changes to regulations, case studies and tactical approaches.
What was the major take-away from this year’s summit? Silvestri said it best, “there is no question that we are, as the theme of this year’s summit says, stronger and safer together. By sharing knowledge, experience, strategies — and maintaining and growing that kind of collaboration on an ongoing basis — we can be stronger together.”