Atlas Air Worldwide is committed to applying a strong governance and control environment for all aspects of our business, and nowhere is that more important than in business resiliency, data privacy and cybersecurity. We utilize best-in-class technologies, procedures and training to ensure the safety and security of our systems and assets, and to protect our data and the data entrusted to us by our customers and partners.
Given the sophistication of today’s modern aircraft, Atlas’ planes are essentially flying data centers, generating large amounts of data that we capture, analyze and use to improve business operations. Our business overall is becoming increasingly digital – with pilots carrying charts and manuals on tablet computers instead of paper, ground operations personnel being able to log every event required to prepare a plane for takeoff, and real-time access to performance dashboards for our teams and our customers. Efficient management and use of this data require strong data governance and management practices, supported by well-secured information systems.
In the air and on the ground, the operational integrity of our information systems is critical to the continuity and reliability of our business. We configure our information systems to be redundant and resilient, and we support them with an equally fault-tolerant data center and network environment with the objective of maintaining a nonstop operation. We conduct drills to practice maintaining operations if systems become unavailable and conduct internal and third-party audits on a regular basis to ensure that we are maintaining our systems at a high level of integrity. Atlas has been acknowledged by the U.S. Department of Defense and airline industry associations as a leader in preparing for and maintaining operational continuity in the event of a disruption.
In cybersecurity specifically, we know that new potential threats emerge every day. With strong support from the Board and our executives, Atlas seeks out and responds to vulnerabilities on a continuous basis. We maintain compliance with the NIST 800-171 cybersecurity framework standard, which requires robust maintenance processes to ensure systems and networks remain at the highest level of known protection. In fact, we were the first member of the Civil Reserve Air Fleet to declare compliance with the NIST standard, which is required of defense contractors.
Our many programs of threat awareness feed into responsive processes designed to remediate exposures before they become an issue, or to respond in a programmatic and professional manner if they do. This includes ensuring that sensitive data are subject to additional management requirements to guard against tampering or exfiltration. We also maintain a multiyear roadmap of projects designed to continuously evolve and strengthen the security around sensitive data and cyber resiliency.
From origin to destination, Atlas takes in data from many sources and securely provides it to customers to help them make more informed decisions. Using RFID, integrated dashboards and other technologies, we continue to improve the way in which we deliver data to our customers to better support their operations. For example, a customer can track the arrival of deliveries, use historical averages to determine unloading times and more accurately schedule when ground transportation arrives at the destination warehouse, and even in what order to line up the trucks. This reduces wait times at handling facilities and emissions from idled trucks.
Across the air cargo industry, Atlas is a recognized leader and innovator in cybersecurity and data privacy. Examples include:
For information security to be effective, we believe it must be a team effort involving the participation and support of every employee. Cybersecurity training and awareness are part of our new-employee orientation program, and we regularly conduct fake “phishing” campaigns to ensure that employees maintain a high level of vigilance. On occasion, we have contracted with independent “white hat” hackers to further validate the security of our systems.
In addition to the employee training, Atlas conducts tabletop exercises and drills throughout the year. In 2018, more than 20 departments participated in exercises to practice and refine their operating procedures. We share the insights from our training and drills with our partners in the private sector and the FAA and DOD and have been asked to help lead sector-based exercises for the airline industry.