About
EL AL, often regarded as more than an airline, symbolizes national pride for Israel. From its inception, the airline served as a bridge connecting Israel to the world and stood as an emblem of the nation’s existence and triumph. This deep-seated connection between EL AL’s journey and the history of Israel is reflected in its operations, ethos, and aspirations. Despite its economic privatization, EL AL’s commitment to the nation remains unwavering. Guided by values of productivity, efficiency, punctuality, and professionalism, EL AL offers world-class services, making it a preferred choice for travelers to and from Israel. Moreover, its vast network of 77 international sales offices and warm Israeli hospitality positions EL AL as a global ambassador of Israel’s spirit. With a robust team of over 4500 employees and contractors, it is no surprise that IATA has ranked EL AL as one of the most efficient airlines globally.
The Challenge
El Al Israel Airlines, the national carrier of Israel, is one of the leading airlines in the world. However, with technological advancements, airlines now face more complicated and complex cybersecurity challenges. The vast amount of sensitive passenger data, real-time communication between aircraft and ground controls, and numerous onboard systems make it imperative to have comprehensive protection. In this ever-evolving digital age, El Al recognized the pressing need to ensure its defenses were solid and responsive.
Clear Skies Ahead?
El Al’s digital infrastructure consists of intricate systems, ranging from ticketing platforms that contain sensitive financial information to in-flight entertainment units that connect to passengers’ devices. Each touchpoint represents a potential vulnerability. Even introducing smart baggage tags or creating a new mobile app for flight check-ins can bring about convenience but also introduce potential backdoors for cyber threats. With digital transformation endeavors, significant risks are involved, and El Al recognized the need to safeguard its ever-expanding digital estate.
Cybecs’ Comprehensive Approach
In evaluating El Al’s cybersecurity, Cybecs incorporated three distinct testing methodologies. With black-box testing, they tackled El Al’s systems as external attackers would, using just the provided URL, revealing vulnerabilities an outsider might exploit. Meanwhile, white-box testing granted them full system access, uncovering more profound internal weaknesses. The gray-box approach, a middle-ground, offered Cybec’s limited internal knowledge, simulating an insider with limited system privileges. Combining these strategies, Cybecs ensured a thorough assessment of El Al’s defenses, highlighting overt threats and subtle internal flaws.
To navigate this intricate and complex web, El Al partnered with Cybecs to provide a comprehensive cybersecurity solution. The two companies embarked on a journey to ensure that the airline’s vast digital systems, both customer-facing and internal, were fortified against cyber threats.
Cybecs employed RedRok to conduct white-box testing, which offered testers a panoramic view of the airline’s digital landscape. Every asset, be it external platforms, internal databases, or lines of code, was scrutinized. By understanding the complete system intricacies, vulnerabilities were meticulously identified and rectified.
Recognizing the human element in cybersecurity, El Al utilized Rokware to train its workforce. The aviation sector is prone to specific threats, from targeted phishing campaigns impersonating airline communications to attempts at breaching in-flight communication systems. The airline’s staff underwent specialized training tailored to address and preempt these industry-specific threats.
Feedback-driven improvements are the hallmark of a robust system. With this in mind, Cybecs introduced employee security surveys to gauge the efficacy of the training sessions. The surveys were not generic questionnaires; they were tailored to extract actionable insights. This approach, coupled with the analytic capabilities of Insight and Exsight, allowed El Al to gain a clear view of the system’s vulnerabilities and an understanding of where improvements were most needed. This combination of feedback and analysis transformed raw data into a roadmap for fortifying El Al’s digital defenses.
To complement their deep dive via white-box testing, Cybecs adopted a gray-box testing approach. In this method, the testers had partial knowledge of El Al’s systems, blending outsider and insider perspectives. Testers could simulate real-world attacks, ensuring a comprehensive examination of potential weaknesses, from glaring system vulnerabilities to subtle, internal weak points.