Passenger Travel Cybersecurity Solutions
The COVID-19 pandemic greatly affected the travel industry, but recovery continues to improve. “At the end of last year, we saw we’re about 71% recovery of US Government bookings—which is ahead of corporate travel. Corporate travel is only about 59% [recovered]. But, what’s really leading the way is our personal travel,” said GovTravels Keynote Mr. Scott Moser, Senior Vice President and Chief Information Security Officer, Sabre Corporation.
Threats targeting the travel industry in the cyber domain include cyber warfare, which targets infrastructure, communications, or governments; cyber espionage, which includes nation-state activities that target the public and private sectors; cyber crime, such as ransomware or extortion; and hacktivism, which are groups attacking others who do not agree with their ideologies.
Russia used cyber warfare to prepare the battlefield long before it began its invasion of Ukraine, with hacktivists and cyber crime groups joining in on behalf of both sides.
In 2023, Moser expects there will be some splintering of these groups. As groups break apart, they continue to operate and are better able to specialize in specific attack methods, thereby increasing the overall effectiveness of cyber crime. He also expects new cyber warfare tools will continue to come out.
New attacks are defeating current security tools. With many people mixing their professional and personal accounts on their cell phones, things such as text messages are being exploited as attack vectors. In addition, security flaws in widely-used open source software source code and email fishing will continue to offer avenues for attack.
The current environment necessitates vigilance and responses that extend across our professional and personal lives. Moser shared a series of six broadly adopted methods for responding to cyber threats.
“The first is this idea of threat intelligence, and threat intelligence is no different from military intelligence. The idea is that you want to understand what the attacker is going to do before they do it, and if you can understand what they are going to do then you can either prevent it or you can be better prepared to defend against it,” said Moser.
“The second is this idea of threat hunting. So, historically we would build our computer networks and just kind of let them sit there and operate. But today, this idea of threat hunting is let’s look at our own networks for potential weaknesses before an attacker ever finds them,” he said. “If we can find and fix the problem before an attacker does, we’ve prevented a major security incident.”
The third response method is adopting cloud security best practices. Moser explained that many organizations have moved away from private cloud in favor of utilizing public cloud services such as Google Cloud, Microsoft Azure, or Amazon Web Services. Adopting best practices helps to set up this environment to ensure its protection.
Fourth is having effective DevSecOps and application security programs to deliver secure applications to the customer. This entails training software developers to develop and design code that is secure—throughout the product’s lifecycle. End users should support this method by performing software updates and patches as they are provided.
The fifth recommendation has to do with security monitoring. While companies constantly monitor their assets for attack, there has been a more recent focus on behavioral anomalies. This involves understanding what the normal user behavior is and identifying anomalies in that behavior. Examples would be suddenly uploading every file on your computer, logging in from a foreign country, or logins are highly unusual times. These are very effective methods for detecting potential attacks.
The sixth and final response method is the idea of automation. Attackers utilize automation by creating software to perform attacks for them. Likewise, automation is key to being able to respond effectively to these attacks.
Across the cyber environment, risk management and compliance programs, secure software development and operations, continuous cyber threat management, and identity management are foundational pillars of cyber security.
Moving forward the cyber threat environment will continue to challenge the government and private industry. Information sharing programs and strong security partnerships will enable our collective success, with public cloud strategies providing an effective means to manage the cyber risk environment.
The GovTravels Symposium is co-sponsored each year by the National Defense Transportation Association (NDTA) and Defense Travel Management Office (DTMO), in association with the General Services Administration (GSA). The three-day event brings together experts from across the federal government and the commercial travel industry to examine a wide range of issues that impact the government’s multi-billion-dollar travel enterprise. For a video of this presentation and many others, visit www.ndtahq.com/multimedia-archive/videos/.