With several types of cyber threats and a wide array of methods for unauthorized persons to access sensitive data, the ATC industry standards for cybersecurity have a long way to go to catch up with the potential risk.
This article is part 6 of the 6-section Technical Whitepaper: Crucial elements to consider when choosing your ATC recording solution
System providers may not invest enough in cybersecurity, putting you at risk of experiencing critical data loss, accidental deletion of incident data, and being unable to protect OTAs and controllers from public exposure.
Cyber threats – categories and methods
Outdated security design and features, insufficient access management, weak password policies, poor encryption, and a lack of traceability are common areas being exploited by cybercriminals.
Cyber threats are generally divided into three categories:
- Threats to confidentiality:
Attacks designed to steal personal information (such as bank account information, credit card information, social security information, etc.) - Threats to integrity:
Attacks by cybercriminals that access and release sensitive information to the public - Threats to availability:
Attacks on availability aim to deny access to systems and data. There are two distinct sub-groups: Ransomware and Denial of Service (DoS)
Common methods used by cybercriminals include:
- Social engineering
- Phishing
- Advanced Persistent Threats (APT)
- Malware
- Man-in-the-middle attack
- DoS: Denial of Service
Choose a vendor with a strong focus on cybersecurity
While no one can guarantee 100% protection, a strong focus on cybersecurity measures should weigh heavily in your choice of recording and replay solution vendor.
Your vendor should offer:
- Strong password policies and other cybersecurity initiatives
- Customized levels of password policy, including multi-factor authentication, a lockout policy, block policy, and password requirements
- Support for encryption of stored data (AES256) and user access management
- A solution that includes extensive traceability capabilities, such as alarms, audit trails, and logging
A strong password policy is particularly important, as your system is only as strong as its weakest link and in cybersecurity. And more often than not, the weakest link is the end-user.
Want to learn more about choosing the right recording and replay solution for you?