National Cyber Security Awareness Month

Written by Dr. Jon Haass Embry-Riddle Aeronautical University

October 20, 2014

National Cyber Security Awareness Month

For 10 years now the US has attempted to raise awareness of the general public about the importance of each person’s involvement in creating a safe internet environment. Yet in a recent poll at a technical university among prospective students applying for college less than 10% had even heard of this awareness campaign! For many the news of Target, JP Morgan and others produces some momentary concern that quickly passes with “this won’t happen to me, I have nothing of value or importance”. This is part of the change in thinking that is required to move from unaware and unwary to having a proactive stance when using smartphone, laptop, or desktop to access email, social media or websites.
Start with learning about your own “cyber hygiene”. Just as we have learned to wash our hands during flu season and brush teeth to reduce disease, some small actions can greatly improve your chance to enjoy the benefits of the world wide network without the “viruses” or malware.

  1. Create passwords for all of your devices. More than 1/3 of US devices attached to the net are open with no password leaving them easy target for someone to control remotely by installing unwanted software on those devices.
  2. Choose different passwords for your different devices and services that are not among the simple ones like password, 123456 or iloveyou that can be easily guessed by adversaries.
  3.  Keep your systems updated to enjoy the protection of recent fixes by the vendors such as Microsoft, Apple, Google, Adobe and others.
  4. Ask for help from someone that is knowledgeable if you are uncertain, or give assistance to your aging friends and relatives.

These are just a few steps and more information is available on-line by following this web link Be safe on-line and enjoy the marvels of connecting with people and information and services around the globe.

Posted in Uncategorized | Leave a comment Is (And Always Was) Unaffected By The Heartbleed Bug

The below is based on an e-mail that the DOT received from the National Academies Press and wanted to post ….

You may have heard a lot of worrying things about the Heartbleed web security vulnerability, and to be sure, it’s worrying. But is totally unaffected by Heartbleed and was never in danger, so you can rest assured that your login and payment information on NAP are and always have been completely secure with us. You don’t have to change your MyNAP password, though it’s generally a good practice to change out all of your passwords regularly and make sure that you have a unique password for each website you log onto.
While we’re on the subject, we thought you might like to take a break from hearing about Heartbleed to read more about cybersecurity from some of the expert research that the Academies have done on the topic. We have a collection of books on cybersecurity to look through and share.

Posted in Attacks & Breaches, Education, Threats | Leave a comment

Malaysian Plane and Cyber Security

This was written by Dr. Jon Haass Embry-Riddle Aeronautical University

Most industries understand that cyber threats can impact business, their reputation, the confidence of their customers.  The airlines and transportation industry we are reminded can cost lives when a threat occurs.  Although we still don’t know the details, pieces are becoming public regarding tracking mechanisms that are part of the engines on the airplane that is missing. 

For a number of days there was a lot of interest around two passengers with fake passports, then we learned that some travelers did not fly and their baggage removed.  Both of these discoveries point to the information systems used within airports to monitor passengers and the materials brought on board with them.
As time passes and little new information is forth coming, questions arise concerning the true ability of governments, industry to cooperate and share critical data.  Information is gathered and used in silos.  Ticketing systems are not readily connected to information regarding identification.  Passenger lists raise privacy concerns if released for efforts to determine criminal or fraudulent activities.
Remarkably our communication and surveillance systems as sophisticated as they are do not allow the tracking of a plane once it leaves the primary aviation radar systems.  Will this change as the industry embraces Automatic dependent surveillance-broadcast (ADS-B)?  Does this suggest that the system must be protected from pilot, crew and perhaps even maintenance crew modification?
Airports like any other organization today rely on computers, networks, and associated data as part of its real time operations.  The tools available to cyber threats do not care about the industry and yet the aviation business has been focused so heavily on physical security that it is time to re-evaluate the cyber stance.
What is your airport doing about cyber security?  Is there a plan in place?  Who is in charge, the IT department is often too overwhelmed by help desk activity to be able to respond to the different needs of detection and mitigation of threats.
Posted in Attacks & Breaches, Education, Threats, Vulnerabilities | Leave a comment