A Delta A350 departs DTW, the DL A350 hub. - Photo: Andrew Poure

A Delta A350 departs DTW – Photo: Andrew Poure

“Delta Air Lines was recently bombarded with 20,000 phishing emails over just a few hours. Two bad actors had directly targeted airline employees with malicious content in a brazen attempt to circumvent the airline’s security infrastructure.” Shocking, right?

Don McCoy, Cyber Security Manager for Delta openly shared this with a room of over 200 security professionals. To those not in the industry (that’s me) this sounds sensational. Interestingly, fellow attendees of Exabeam‘s #Spotlight19 conference largely didn’t react. It turns out, such attacks are commonplace for high-visibility organizations.

In retrospect, airlines make for an incredibly attractive target. All of the U.S. “big four” airlines now earn revenue well into the double-digit billions each year. They have data on millions of customers. And of course, airline employees have access to restricted virtual and physical assets. For these reasons, it is no wonder airlines are subject to the nonstop barrage of attempts to gain access to and exploit their data.

Preventing, identifying, and responding to phishing attacks is just the tip of the iceberg. Click through to read about how airlines use big data and analytics to identify fraud and even predict maintenance events.

Setting the stage with some basics

If you aren’t a cybersecurity expert but find the topic interesting, there are a few basics we should cover. Exabeam is a SIEM company. SIEM is an acronym for security information [and] event management, and is pronounced “SIM.”

Exabeam is one of a number of players in the SIEM field, others include Splunk, IBM QRadar, ArcSight, and LogRythmn. Exabeam interfaces with large datasets (often referred to as data lakes) from across an organization. A baseline is established through machine learning, behavioral analytics, and other advanced technology processing. In other words, Exabeam’s Advanced Analytics determines what is “normal” for users, and organizations. Exabeam then alerts on items deemed abnormal, which may require further investigation.

This is an oversimplification of a complex concept. (And yet, I still had to read it twice, but I am jiggy with it -Editor)

Spotlight19 Airline Panel

Exabeam’s Spotlight19 Airline Panel participants

Exabeam’s Spotlight19 Airline Security Panel Participants

Exabeam invited AirlineReporter to attend #Spotlight19, their annual conference. This year one of the panels included discussion of cybersecurity from the perspective of airlines. Security operations leaders from Delta Air Lines and United Airlines shared how they use Exabeam technology to push the envelope on SIEM.

Delta sent Don McCoy, Cybersecurity Manager. McCoy is a former U.S. Marine with over 20 years of security work, including time at Lockheed Martin. United sent Anthony Lauderdale, Director of Threat Detection and Monitoring. Lauderdale holds multiple security certifications and joined United from Motorola. Prior to his time with Motorola, Lauderdale worked for the Federal Bureau of Investigation (you probably already know their acronym).

A United Dreamliner and its reflection – Photo: United Airlines

Airline Security Panel- Big Data Applications

Earlier we noted airlines are frequently targeted for phishing attacks and that this is commonplace. Additional use-cases and anecdotes explored by airline security panel participants included:

  • Smuggling activity: Delta shared that they uncovered anomalous activity in their baggage handling operations. Exabeam alerted on bags checked late in the process, even during passenger boarding. Bad actors checked bags under customer reservations, for interception by accomplices at the destination.
  • Improbable logins: United shared one of their “best practices” of monitoring login activity for improbable logins. As an example, it is improbable that a call center agent would log in to airline applications on their day off, at 10 AM in New York, and then 11 AM in San Francisco. Exabeam alerts in these scenarios, which could indicate compromised accounts or credentials. Security analysts may then take action such as freezing an account or forcing a password reset.
  • Privilege abuse: Both airlines shared anecdotes in which they use Exabeam to discover fraud or abuse of privileges. Examples include abnormally high numbers (compared to peer group averages) of upgrades, waivers of fees, and advanced strategies to convert standby seats to confirmed travel.
  • Aircraft Data: Delta noted that aircraft generate incredible amounts of data. The airline is now embarking on a project to regularly pull that data and expose it to Exabeam. In doing so, Delta Tech Ops expects to identify anomalous readings. This early identification can indicate the need for maintenance before an issue is otherwise obvious, thus increasing safety and reliability.

Let us hope that collecting aircraft data isn’t as involved as Hollywood suggests. Chasing a plane in a Ferrari as the copilot dangles a networking cable from the landing gear just doesn’t seem practical. 

Airline Big Data Conclusion

For years we have heard about how big data, machine learning, artificial intelligence, and behavioral analytics can fundamentally change how business works. It is easy to be skeptical of new technology and the various buzz words used to describe it. After all, most of the general public’s perception of business technology tends to focus on apps, websites, automated phone systems, and chatbots. And everyone has their anecdotes on how those fail.

But here we see an advanced technology firm offering interesting products that its customers not only find value in, but are experimenting with in new and innovative ways. A healthy dose of skepticism is always warranted, but any company willing to invite media to their conferences, where they witness customers raving about outcomes is one that seems well-positioned for future results. And in a reality where every week we hear of new fraud schemes and data breaches, any technology that allows companies to better understand, manage, and protect their data should be viewed as a net positive.

DISCLOSURE: AirlineReporter attended the Spotlight19 conference as a guest of Exabeam. Our thoughts and opinions remain our own.  

Managing Correspondent - Lee's Summit, MO. JL joined AirlineReporter in 2012 and has since become one of our most tenured and prolific writers. He enjoys catalyzing AvGeek excitement in others, and semi-frequent travel. While he's always looking for the next big adventure, home is with his growing AvGeek family in Lee's Summit, MO, a suburb of Kansas City. Find JL on MastodonEmail: jl@airlinereporter.com

https://vmst.io/@User47
Flying the Embraer E195-E2 Tech Lion to Lunch with an Astronaut!

Leave a Reply

Your email address will not be published. Required fields are marked *