Aerospace and defense companies are particularly vulnerable to cyberthreats given the sensitive nature of the industry. Hackers in this space are often more sophisticated than those in other industries, and breaches in this sector can have significant security consequences on a national level.
However, a strong cyber defense plan can help companies stay ahead of threats. Here’s what aerospace and defense companies need to know.
Attacker Profiles
Hackers in the sector are often foreign nations, targeting intellectual property to advance their own defense technology. They’re typically part of advanced persistent threat (APT) groups, which are highly sophisticated, well-funded, and strategic in their pursuit of sensitive information.
They’re able to carry out attacks that are larger in scope and more devastating than those of the average corporate hacker, who is usually just looking for personal information to resell on the dark web.
APTs seek to:
- Gather classified information to advance their technology
- Collect intelligence to infiltrate or subvert the defense measures of other nations
- Develop countermeasures for the technology of other nations
- Produce technology to sell on the global arms market
- Compromise defense contractor networks by targeting third-party partners in supply chains
- Gain economic advantages
Major Breaches
Breaches in the clandestine aerospace and defense sector don’t receive as much news coverage as attacks on commercial businesses. Nevertheless, there have been major breaches in the defense industry and US government. Here are a few organizations that have suffered a breach of their classified information due to an attack.
- Airbus in 2019. Airbus’ jetliner business was hit by a data breach that gave intruders access to some employee’s personal information. There was no impact on aircraft production, and the hackers’ intention remains unknown.
- US defense agencies from 1990s to 2016. A former government contractor pleaded guilty to stealing classified and secret material from the US National Security Agency, the CIA, the US Cyber Command, and other defense agencies. It was speculated some materials were used in developing WannaCry, a widespread, malicious ransomware attack that took place in 2017.
- RSA in 2011. The cryptosystem company was breached and their SecureID token seed values, which authenticate remote access, were stolen. This led to a cascade of additional breaches at companies, including Lockheed Martin, General Dynamics, and Boeing.
- Boeing in 2018. The aerospace giant suffered a ransomware attack on some manufacturing equipment, which slowed production of its 787 Dreamliner and 777 wide-body jets.
Types of Attacks
APT groups continue to explore different ways to breach their targets. Here are four of the most common attacks.
Phishing
Phishing is a common and easily perpetrated type of attack whereby an attacker poses as a trustworthy individual or group to as deceive a target. Phishing typically takes the form of an email or phone attack and aims to lure a target to click a link in an email that leads them to malware or divulge sensitive information. Although less common, phishing can also take the form of a physical attack, such as an attacker posing as an employee to sneak past security and gain access to a facility.
Thanks to social media and other publicly available information such as websites, it’s often easy to find the personal information, company information, and logos needed to make an email look authentic.
Once an employee clicks a link within an email or divulges sensitive information, such as a password, invisible malware can be downloaded onto his or her machine or legitimate passwords could be used by the hacker to log into sensitive systems. The hacker can then defeat or bypass the company’s security and controls to gain access to their system’s classified information.
Passwords
Password guessing is another common technique for attackers, who can easily uncover simple and weak ones using automated tools. Companies can increase their protection by enforcing the use of complex passwords that are less likely to be guessed by an automated program.
Third Parties
Regardless of a company’s level of cybersecurity, its interactions and connections with third parties can expose it to major risks. To combat this, companies should evaluate all third-party suppliers and vendors before they’re granted access to company information or backend websites.
Rogue Employees
Employees themselves can pose a threat in the aerospace and defense industries. Sophisticated threat actors recruit agents to steal data—both before and after they join a company with sensitive data. Monitoring and alerting on anomalies in employee activity can help reduce the likelihood or severity of a breach.
Security Strategies
Here are steps a company can take to help enhance its security and controls.
Password Protections
Companies should use complex passwords. A complex password is one that includes the following:
- Capital and lowercase letters
- Numbers
- Special characters
- At least eight to 10 characters
Other steps companies should consider include the following:
- Discontinuing use of software systems that don’t allow for this level of password complexity
- Requiring passwords for sensitive systems be changed periodically
- Discouraging password sharing and use of system default passwords
Security Awareness Training
Cybersecurity requires careful planning and motivated staff to succeed. Hiring an experienced director or C-suite executive to manage and drive security initiatives can be help lead and direct participation across all aspects of the organization.
Employee awareness training is also critical. For most security frameworks, such as National Institute of Standards and Technology (NIST) 800-53, annual training on detecting and handling suspicious emails is required to reduce the likelihood of a compromise.
Technology Upgrades and Updates
Combined with careful planning and organizational awareness, there are many technology safeguards that can help with cybersecurity. To list a few common ones:
Multifactor Authentication
Two-factor authentication adds complexity to the authentication process by requiring an additional code or token from a smartphone application or key fob.
Companies that need more stringent security requirements may require three-factor authentication. This method goes beyond the traditional two-factor authentication by requiring a biological verification, such as a thumbprint or retinal scan.
To strengthen these measures further, companies should also require users to change their passwords at least every 90 days.
Patch Management Programs
As developers introduce software updates, they often introduce unintended bugs that can lead to system vulnerabilities. In many cases, these vulnerabilities are well known, so threat actors will try to exploit them. It’s therefore critical that companies find and fix these vulnerabilities quickly.
In addition to staying abreast of technical bulletins, teams can leverage scanners and other tools can be leveraged to help companies identify vulnerabilities. After a vulnerability is identified, patches should be assessed and deployed from a centralized patch management system and team to ensure a systematic and automated program is in place to patch any exploitable vulnerabilities in a timely manner.
Antiphishing Software
Even highly trained employees can be deceived by the convincing tactics used in email phishing scams. Antiphishing software can help identify malicious emails through algorithms that scan emails and attachments. When a suspicious email is identified, the program can remove it from the recipient’s mailbox, and flag it for IT to investigate.
We’re Here to Help
Aerospace and defense businesses have complex cybersecurity needs and risks. For more information on strengthening your company’s cybersecurity, contact your Moss Adams professional.