Aviation ground school teaches the importance of monitoring one's attitudes to maintain safety. Similarly, in the realm of aviation cybersecurity, these same attitudes—macho, invincibility, anti-authority, resignation, and impulsivity—can significantly impact one's approach to digital threats. Understanding and adjusting these attitudes are crucial for cultivating a personal cybersecurity culture that extends to all interactions with and around aircraft.
No incident illustrated the importance of this culture more clearly than the security breach involving Target back in 2012. In this incident, Target did not have a healthy cybersecurity culture and neither did its suppliers, which resulted in a vendor introducing a malicious application that stole customer’s credit cards.
How does this translate into aviation? Think about anyone who might service or use your aircraft. If everyone except one person has good practices, this weak link could lead to your privacy or safety being compromised. Let’s explore the five attitudes and how they apply to cyber hygiene in the cockpit and around aircraft:
1. Macho: "I Can Handle It"
In aviation, a macho attitude might compel a pilot to take unnecessary risks to prove they can handle challenging situations. When it comes to cybersecurity, this attitude can lead to underestimating the necessity of following established security protocols, such as regular updates and the use of strong passwords, thinking one can handle security threats on their own. It's crucial to replace this overconfidence with a respect for the complexities of cyber threats and recognition of the robust security practices required to mitigate them.
2. Invincibility: "It Won't Happen to Me"
Many pilots feel that accidents happen to other people, not to them. This sense of invincibility can be particularly dangerous in cybersecurity. This attitude leads to a complacency in security practices, like skipping multi-factor authentication or connecting to potentially unsafe public Wi-Fi without protective measures. Regular training and real-world examples of cyber incidents can help combat this attitude by showing that cyber threats are real and impactful.
3. Anti-Authority: "Don't Tell Me What to Do"
Pilots who disregard rules and regulations risk safety, and the same goes for those who ignore cybersecurity best practices. This anti-authority stance can result in ignoring software updates, bypassing network firewalls, or not adhering to data protection practices. Pilots can counter this by fostering a culture around the use and maintenance of their aircraft where best practices are explained and rationalized, showing how cybersecurity measures protect everyone's interests. Don’t hesitate to also ask your mechanics and facilities that service your aircraft and its avionics to explain to you their cybersecurity protocols. As learned from the Target breach, holding vendors accountable for cybersecurity is a measure that will prevent breaches.
4. Resignation: "What's the Use?"
Feeling that one's actions won't make a difference can lead to resignation, where individuals fail to take proactive steps because they feel powerless. In cybersecurity, this might manifest as failing to report security breaches or not maintaining one's own devices because they believe their efforts are too small to matter. Counteracting this requires continuous education about how every small action contributes to a larger defense against cyber threats.
5. Impulsivity: "Do Something Quickly"
Impulsive actions in aviation can lead to accidents, just as hasty decisions in cybersecurity can lead to breaches. For instance, quickly clicking on an email link without verifying its source or hastily connecting to a network without proper security settings can lead to vulnerabilities. Training on incident response protocols can help mitigate this by providing a clear, step-by-step plan that ensures thoughtful and effective actions in the face of potential cyber threats.
Conclusion
The connected cockpit is here and, just as pilots are taught to recognize and control hazardous attitudes for safety, individuals in aviation must be aware of how these attitudes can affect cybersecurity. By adopting a vigilant and disciplined approach to cybersecurity, akin to the meticulousness of flying, aviation professionals can protect not only themselves but also the larger infrastructure. This shift in personal culture is vital in ensuring that the skies remain a domain of safety, both physically and digitally.
"Cybersecurity" image by Nick Youngson CC BY-SA 3.0 Pix4free
