INDRA Reinforces Cybersecurity in Air Traffic Management

Minsait, the Indra business unit set up to address the challenges posed by digital transformation, has positioned itself as the company specialized in providing Cybersecurity services in the air traffic management sector.

The company's experts on cybersecurity protect the systems of different air control centers in several countries.
The cybersecurity experts of this Indra unit are protecting the air traffic control systems in several countries. Furthermore, their monitoring of threats enables the early detection of vulnerabilities in these centers' systems, reducing the likelihood of an attack's occurrence, and defining plans for the necessary measures of protection, mitigation and correction.

In addition, Indra, through its Minsait unit, has integrated Cybersecurity as a key factor that accompanies the design, development, implementation, commissioning and operation of air traffic management systems. Indra's digital transformation unit thereby supports the company's activities as a leader in the development of air traffic management systems, with projects in 160 countries.

Indra’s experts have performed penetration tests (pentests), as a control prior to the market launch of next-generation air traffic management system.
In this regard, Minsait has implemented pentests, simulating cyber attacks on state-of-the-art air traffic management systems and monitoring these from its i-CSOC cybersecurity center to verify these technologies' security. This way, Minsait guarantees that systems are secure before their deployment in air traffic control centers and airports.

Indra incorporates cybersecurity as a key element that accompanies the design, development, implementation, commissioning and operation of air traffic management systems.
Likewise, this unit has equipped different air traffic management systems with its cybersecurity technologies, including in these, for example, identity management systems based on biometrics that add an additional level of security in the control of third-party access to the systems. It has also implemented network security solutions in air traffic control centers in several countries.

Minsait counts with a global network of Advanced Cybersecurity Operations Centers (i-CSOC) prepared to render cybersecurity services to its clients 24x7x365 days a year. From its installations, the company protects critical infrastructures in the economy's different key sectors.

HALO, Minsait cybersecurity for critical services
Minsait has designed a proprietary concept of cybersecurity with the objective of protecting critical facilities and services, key for society, that it refers to as the HALO Framework. Through its series of HALO services, the cybersecurity unit proposes its own work methodology in the most complex projects for the most demanding environments, such as Defense, Space or Traffic and Transport, that offer an efficient and comprehensive response to protection-related requirements of air traffic managers. 

HALO includes Minsait services, grouped in four phases: Persistent Assessment, which analyzes the threats to air traffic management systems and identifies all vulnerabilities; Protection, which deploys the Cybersecurity solutions that reduce attack surfaces; Tracking & Deception, from which operation, administration and monitoring of the deployed systems; and, last of all, Response, by a team of Cybersecurity experts who take action if a threat is materialized.

Cyber Training
In addition to its focus on protecting systems, Minsait considers awareness-raising and training on cybersecurity within the companies themselves as a necessary protective measure. For this reason, it has developed the Minsait Cyber Range solution for comprehensive training on Cybersecurity, for training and practice of the navigation services providers' own cybersecurity teams.

Minsait Cyber Range allows for replicating, in a real setting, the systems and networks of the organization itself, and for generating real attacks in a secure way, challenging the entity's own cybersecurity experts to detect and counteract these attacks within the same setting in which they carry out their tasks each day.

The rate of registered cyber attacks grows exponentially worldwide. To date, all companies and organizations have been victims of cybersecurity incidents at some time. This increase is especially relevant in critical infrastructures. The majority of these companies take an average of 200 days in detecting these attacks, a period to which we must add another average of 40 days required to neutralize the threat. Altogether, this materializes in losses quantified in millions, estimated at $400 billion worldwide. In addition to directly affecting a company's income statement, these security failures erode customer trust in the company, damage its prestige and harm its relationships with suppliers. To confront this situation, Minsait responds with a 360º methodology that combines prevention, detection and response unto cyber attacks.