Data Privacy and Cybersecurity

Data Privacy and Security Header
Data Privacy and Security Header


Data Privacy and Cybersecurity

Atlas Air Worldwide is committed to applying a strong governance and control environment for all aspects of our business, and nowhere is that more important than in business resiliency, data privacy and cybersecurity. We utilize best-in-class technologies, procedures and training to ensure the safety and security of our systems and assets, and to protect our data and the data entrusted to us by our customers and partners.

Our Approach to Data Management and Security

Given the sophistication of today’s modern aircraft, Atlas’ planes are essentially flying data centers, generating large amounts of data that we capture, analyze and use to improve business operations. Our business overall is becoming increasingly digital – with pilots carrying charts and manuals on tablet computers instead of paper, ground operations personnel being able to log every event required to prepare a plane for takeoff, and real-time access to performance dashboards for our teams and our customers. Efficient management and use of this data require strong data governance and management practices, supported by well-secured information systems.

In the air and on the ground, the operational integrity of our information systems is critical to the continuity and reliability of our business. We configure our information systems to be redundant and resilient, and we support them with an equally fault-tolerant data center and network environment with the objective of maintaining a nonstop operation. We conduct drills to practice maintaining operations if systems become unavailable and conduct internal and third-party audits on a regular basis to ensure that we are maintaining our systems at a high level of integrity. Atlas has been acknowledged by the U.S. Department of Defense and airline industry associations as a leader in preparing for and maintaining operational continuity in the event of a disruption.

Threat Detection and Response

In cybersecurity specifically, we know that new potential threats emerge every day. With strong support from the Board and our executives, Atlas seeks out and responds to vulnerabilities on a continuous basis. We maintain compliance with the NIST 800-171 cybersecurity framework standard, which requires robust maintenance processes to ensure systems and networks remain at the highest level of known protection. In fact, we were the first member of the Civil Reserve Air Fleet to declare compliance with the NIST standard, which is required of defense contractors.

Our many programs of threat awareness feed into responsive processes designed to remediate exposures before they become an issue, or to respond in a programmatic and professional manner if they do. This includes ensuring that sensitive data are subject to additional management requirements to guard against tampering or exfiltration. We also maintain a multiyear roadmap of projects designed to continuously evolve and strengthen the security around sensitive data and cyber resiliency.

Delivering Best-in-Class Service, Reliability and Insight

From origin to destination, Atlas takes in data from many sources and securely provides it to customers to help them make more informed decisions. Using RFID, integrated dashboards and other technologies, we continue to improve the way in which we deliver data to our customers to better support their operations. For example, a customer can track the arrival of deliveries, use historical averages to determine unloading times and more accurately schedule when ground transportation arrives at the destination warehouse, and even in what order to line up the trucks. This reduces wait times at handling facilities and emissions from idled trucks.

Providing Leadership and Support for the Industry

Across the air cargo industry, Atlas is a recognized leader and innovator in cybersecurity and data privacy. Examples include:

  • Participating in leadership roles in a number of global cybersecurity organizations, including the Aviation Information Sharing & Analysis Center (A-ISAC), which serves as a focal point for security information sharing across the aviation sector and the Defense Industrial Base of the Department of Defense (DOD).
  • Chairing the Air Transport cybersecurity committee (by our senior vice president of information technology) of the National Defense Transportation Association (NDTA), a collaboration between transportation carriers and the U.S. Transportation Command, one of 11 unified commands under the DOD.
  • Working with the U.S. Department of Homeland Security (DHS) to deliver training for other organizations on preventing and responding to cyberattacks. We also recently reached a cooperative R&D agreement for threat information systems with DHS.
  • Working with partners such as Boeing and the Federal Aviation Administration on software management and system security for the Boeing 747-8, one of the most advanced and successful commercial and passenger aircraft in the world.
Leading the Way with Training and Drills

For information security to be effective, we believe it must be a team effort involving the participation and support of every employee. Cybersecurity training and awareness are part of our new-employee orientation program, and we regularly conduct fake “phishing” campaigns to ensure that employees maintain a high level of vigilance. On occasion, we have contracted with independent “white hat” hackers to further validate the security of our systems.

In addition to the employee training, Atlas conducts tabletop exercises and drills throughout the year. In 2018, more than 20 departments participated in exercises to practice and refine their operating procedures. We share the insights from our training and drills with our partners in the private sector and the FAA and DOD and have been asked to help lead sector-based exercises for the airline industry.