Another great event that helped organizations and authorities to exchange and discuss. I was impressed by the active participation and the level of advancement of some organizations in the Part-IS implementation journey. Well done to all!
-
Carlos Sorel posted in Cybersecurity
1 hour ago PublicRegarding IS.I.OR.235, I wonder how we should approach cases in which an airline belongs to a corporation or group of companies, and that this parent company is the one that provides them with information security services. Should we understand that these services are being subcontracted to a third party or, on the contrary, understand that they are being provided as their own by the airline, being part of the same group of companies?
-
-
Lindsay Wilkerson commented on Harshad Mehta's event in Cybersecurity
-
John Straiton posted in Cybersecurity
1 week ago PublicFrom a newsletter I receive, perhaps a good example of the IS Insider Risk.
Pentagon Leaker Sentenced
Jack Teixeira, a former Massachusetts Air National Guard member who was arrested last year for leaking classified US military documents, was sentenced yesterday to 15 years in prison. The incident is considered the most extensive intelligence breach in at least a decade.The sentencing comes after Teixeira, who turns 23 next month, pleaded guilty in March to six federal counts of willfully retaining and transmitting national defense information. In exchange for his plea, officials spared Teixeira from being charged with additional counts under the Espionage Act (see history\.
Teixeira was an information technology specialist who gained top-secret security clearance in 2021, two years after enlisting in the Air National Guard. Outside of worl<, he had been uploading a wide range of classified information, including about the war in Ukraine, to users on a Discord server (a gamer communication app) every week. The defense claimed Teixeira didn't mean to harm the US and was instead keeping his friends apprised of world events.
-
Mike Gahan posted in Cybersecurity
1 week ago PublicHave the really bad guys caused us to forget “internal innocent” cyber threats?
While we focus - importantly - on the malicious and intentionally targeted cyber threats, we should not forget those from internal and innocent sources.
Look back at the recent aviation cyber incidents in the public domain: FAA NOTAM system in early 2023, UK NATS reduced system availability in Mid 2023,
Norway, the October 2023 Optus shutdown in Australia and consider if more comprehensive testing of software changes before being promoted to operational platforms and regression testing might have averted, or at least minimised, the impacts of these events.
MJG
-
Peter Jacobs posted in Cybersecurity
1 week ago PublicExcited to join the EASA Cybersecurity Community!
-
Vasileios PAPAGEORGIOU created a topic in Cybersecurity
-
Comment
Georgios Kipros commented on Vasileios PAPAGEORGIOU's topic in Cybersecurity
Good morning Vasileios,
here in Germany, we have to state that small and medium-sized companies in particular have not yet really realized that they need to do something.
Many companies believe that their activities do not pose any information risks to aviation. To make matters worse, the national authorities have also shown little to no activity so far.
From my experience as a former accountable manager for a small operator (AOC, 145, ATO), I know that many of the requirements of PART-IS have already been implemented, but rather out of common sense and therefore not documented in a proper way.
We are trying to persuade these smaller companies to at least have a risk analysis carried out using a checklist. Even if there are hardly any or no risks for aviation, companies can identify and mitigate general information security risks, as these can, in the worst case, ruin the company, for example through scams.
We are also convinced that potential clients will in future increasingly insist on the introduction of an information security management system, since they usually provide internal information for the execution of the order and must therefore ensure that it is handled carefully. -
Vasileios PAPAGEORGIOU created a topic in Cybersecurity
-
Johannes Goebel created a topic in Cybersecurity
