The aviation industry largely depends on the reliable functioning of critical information technology infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
Currently available cyber security systems are relatively well equipped to deal with cyber attacks which are one dimensional. These involve one type of attack vector, such as malware, executed on one company's system to extract data from that system. However, complex cyber threats involve several simultaneous attack vectors, and often compromise loosely related systems to deliver the intended damage to one of them (the real target). For instance, a money theft schema could involve phishing to gain access to a bank analyst, exfiltration software to gain access to ATM cash order processes within the bank, spyware to capture keyboard strokes inside a different ATM cash authorizing entity, and access to physical ATM cash delivery machines on a different continent. Thus, complex attack vectors can consist of two or more means and two or more paths all executing at the same time across different companies, geographies and types of assets.
Existing cyber security systems are generally designed in one of two manners: (1) threats are identified and available cyber security tools (“COTS”) are purchased and deployed with an expectation to mitigate the identified threats; or (2) a selection of best current COTS is purchased and deployed with an expectation to do the best job possible in protecting the enterprise. A significant limitation of such existing cyber security tools is that they have visibility and specialize only in the types of domains, events and threats they monitor and report on. As a consequence, the architectures for these tools are necessarily contained within the domain monitored and consequently only detect and report on attack vectors within that specific company or type of asset or threat. Complex attack vectors, which have cross-domain, cross-industry and cross-asset attack vector paths are not part of such cyber security detection methods cyber security tools.
Thus, it is desirable to have an improved system and method for detecting and dealing with complex cyber attacks.