Page 21 - AAA JANUARY - FEBRUARY 2019 Online Magazine
P. 21
[ MAINTENANCE REPAIR OVERHAUL ]
standards for third-party vendors. With digiti- try, such as Lufthansa Technik, AAR, Air France Industries KLM
zation taking roots in the industry, that leaves a Engineering & Maintenance, and SR Technics have started hard-
potentially gaping hole, something that hackers ening their networks and systems to prevent cyber breaches.
might look to exploit. According to Prentice, a shared, holistic approach to cybersecurity
risk management may give companies a huge advantage in tackling
Only 49 percent of those surveyed said that cybersecurity issues. MRO companies should conduct indepen-
their company had an employee cybersecu- dent audits of existing cybersecurity programs in order to arrive
rity program in place while the corresponding at a comprehensive, unified cybersecurity and risk management
figure for companies that had conducted a strategy for the industry. A clear framework for mitigating and man-
cybersecurity assessment was even lower at aging cyber risks is the need of the hour for the industry, he added.
35 percent. Forty percent of those who took
part in the survey said their company had spent “Cybersecurity is a significant focus area for AAR, the aviation
time and money on cybersecurity hardening sector, corporations and government agencies,” said Kevin Larson,
communications networks to ensure cyberse- Chief Information Officer, AAR Corporation. “The various cyber
curity. threat vectors can impact operations, data privacy, and intellectual
Three factors make the MRO industry a prime property rights. Hence, cybersecurity controls and user awareness
candidate for a major cyber-attack, according has become a significant global issue that is likely to be even more
to Brian Prentice, partner at Oliver Wyman, who critical in the years to come.” Aviation operations are attractive to
addressed participants at MRO Americas in hackers because of the large supply chains, WiFi, and numerous
2018. With the industry becoming increasingly interconnected systems, said Larson. effective cybersecurity pro-
digitized, industry players now have access to tection requires layers of controls across the network perimeter,
the networks of airlines and OEMs. The entire endpoints, applications, monitoring, and prevention policies and
supply chain would be affected if any business is procedures, he added.
hacked. Digitization has undoubtedly benefited
the industry, but the inter-connectivity makes “AAR has been addressing cybersecurity controls for a number
the industry more vulnerable to cyber-attacks, of years,” added Larson. “Enterprise cyber protection includes
he added. Another factor that plays right into security awareness training, network monitoring, and technology
the hands of potential hackers is that there as in multi-factor authentication to ensure strong access controls.
are no global cybersecurity standards for the Security awareness training is very critical to ensure users can
industry. With MRO providers having a global identify social engineering with sophisticated phishing attacks that
presence and being connected, hackers could can launch ransomware, malware or denial of service attacks. A
target a company where it is easiest to break key security awareness tool is to run internal phishing campaigns
into the system. which help measure user ability not to click on bogus attachments.
The campaigns can measure enterprise success rate and provide
A New Focus specific training as needed.
Many major companies in the MRO indus- “Another cyber control is to run vulnerability scans and ensure
ASIAN AIRLINES & AEROSPACE January/February 2019 | 21
