SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

Point of View: Delta flight and airline cybersecurity

pov-heroThis is always the tradeoff…   How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates?  What makes this especially hard is that while the benefits are often immediate and concrete, the risks are often highly technical, theoretical, or will happen sometime in the future.  As the saying goes, users will choose dancing pigs over security every time.

Many security “experts” will just say “no” when confronted with a request that creates additional risk.  Poor lawyers will do the same thing.  But we need to steer clear of these absolutists. A strong security expert will ask questions like “what are you really trying to do.”  There’s almost always a way to find a solution — often a “third way” — that will achieve the goal without taking on unreasonable risk.  In this case, nobody is saying that you have to connect the plane’s controls directly to the Internet.  The goal is to get some better weather data to the pilots.  The information could come through ATC, or could be on a separate system inside the cockpit.  In fact, pilots can already get wireless on some airlines — even Southwest’s new Row 44 satellite-based broadband is planned for the cockpit.

Personally I don’t think pilots need full Internet access any more than you do when you’re driving your car.  There’s no place for Facebook, Twitter, and Netflix in the cockpit.  But there is some information that would be great for pilots that probably can’t be sent to the plane over traditional channels.   Like real time weather data and the details of terrorist attacks.  And let’s not forget that the Internet is bidirectional — we can monitor activity on the plane and respond appropriately.  Full audio and video monitoring of airplanes could allow much faster response and minimize the chances of a successful 9/11 repeat.  And that’s a deterrent to anyone even trying.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

SUBSCRIBE TO THE BLOG