Motivation, Common Cyber Threats and Forging Unpredictable Solutions
As the airlines, one of the main stakeholders in the aviation industry, strive to keep safer skies, offer passengers more convenience in service provision, and remain competitive, so do their systems become vulnerable to cyber risks and threats.
Broadly, digitization and technology help in managing complex systems but equally raise their vulnerability to cybersecurity attacks if not well managed. To a large extent, the availability of the different modes of propagating cyber threats is one of the major weaknesses of cybersecurity management. But first, here is what you need to know about cybersecurity in aviation.
Importance of cybersecurity in aviation: potential vulnerabilities
Cyber threats are highly propagated where there are big data, some kind of shared connectivity and reliability amongst elements making up the system. The airline industry is a peculiar aviation ecosystem and a semblance of one big network loop of activities, stakeholders, aircraft, tools, and instruments that thrive on a special kind of interdependence to function.
For example, when flying an aircraft, the cabin crew must be in constant communication with the air traffic control center for aircraft navigation assistance. Such information is relayed through communication channels and dedicated frequencies, which when jammed, could lead to fatal consequences. In cases like this, aviation cyber security risk should be evaluated and prevented to the best of all stakeholders’ abilities.
Also, copies of all the records of airline and airport employees are stored in the respective airports’ administration databases. Access to such information, which could include employment contracts and airport pass details, could be a motivating factor for cyber attackers.
Equally, data breaches in airline databases may lead to losses of passengers’ sensitive information, which when claimed, may be worth millions of dollars lost for the airlines as is later shared in this article.
Lack of Autonomy
The aircraft is a conglomeration of many components, hardware, sub-systems, and systems that are coordinated towards one overall objective, enabling safe flights. However, there are different equipment manufacturers, OEMs, for certain components such as the digital flight data recorder, commonly manufactured by Honeywell, the landing gear, and other avionics equipment popularly manufactured by Collins Aerospace and Thales Group respectively.
As such, the different aircraft manufacturers including Boeing, Airbus, and DHC other than manufacturing the airframe, must partner with the OEMs to make a functional unit called an aircraft. Because they may not be predominant in the quality assurance processes of the OEMs, a compromise in form of a cyber threat vulnerability of one of the components may affect the safety of the aircraft.
Access to Sensitive Information
Air transport involves compliance with many regulations and one of those requires air passengers to have passports and other travel documents while traveling abroad. This information is stored in databases, to which the aviation industry may have access. Equally, sensitive personal information and payment records via credit cards can be accessed and retrieved for online fraud.
What are the common types of aviation cybersecurity threats?
In this attack, the victims’ data are encrypted such that he or she doesn’t have access to them. Therefore, the cybercriminal demands a ransom from the victim in order to restore access.
These are threats from within the organization, for example, from employees. For instance, an ICT officer may negligently lose a USB flash drive with files that contain all the user credentials of the airline. With such information getting into the wrong hands, the airline may become susceptible to cyber threats.
This is a form of a socially-engineered cyber threat. It involves the distribution of infected links via emails such as criminals pretending to be someone else like an airline CEO/manager and directing an email to a junior employee of the airline to submit urgent information through the shared link. Consequently, the relevant data is extracted, which could include the payment details of the customers.
Advanced Persistent Attack
It is a stealthy attack on a computer network that normally lasts for longer periods with the aim of installing malware for theft, disruption, or spying purposes.
What are some of the notable incidents in civil aviation?
According to recent research by Eurocontrol, in 2020, over 60% of all the reported cyber-attacks were linked to the airline industry, especially commercial airlines. This makes the aviation industry a great target for most cyber attacks, with the consequences causing significant business disruptions, damage to brand image/reputation as well as aviation customers, and financial losses to the airline.
As a consequence, there have been a few notable and severe incidents, including:
The cyber attack in aviation in form of a data breach took place in 2018 with over 9.4 million passengers’ accounts hacked. Information accessed included those of credit cards, passports, and mobile numbers. The cause has since been attributed to data insecurity such as the lack of passwords for backup files and the use of outdated operating systems.
The incident took place in January 2020, just around the time when the Covid-19 pandemic was ruthlessly affecting the aviation sector. It is reported that over 9 million people were affected, with some of the data losses including travel data, email addresses, full names, and credit card information. This cyber security incident is one of the largest ever data breaches in the UK.
SITA is an IT company and in February 2021, their servers that provide various airlines with passenger processing systems were cyber-attacked with a data breach of over 4 million records. Some of those airlines served by SITA include Air New Zealand, Singapore Airlines, and Cathay Pacific.
Maintaining the status quo or forging new cyber solutions?
Certainly, whereas there could be many approaches to dealing with cyber security threats, maintaining the status quo is definitely not one of the solutions. While we shouldn’t really panic, we undeniably should get more prepared and vigilant to cyber security vulnerabilities than before.
Every stakeholder in the aviation sector must forge newer and innovative solutions for future challenges. Notably, those potential approaches should exhibit high unpredictability so that they are not susceptible to new cyber security threats considering the rapidly growing digital space and networks globally. Remember, these threats are engineered by elites and experts and so is the reason why the world, and more specifically the aviation sector, is having this conversation today.
Again, the cybercriminals are amongst us; as the employees at the workplace or as passengers aboard our aircraft. Yes, that is equally the reason why it is becoming quite expensive to manage all cyber security challenges and new threats because the cyber criminals are sometimes part of our solution-seeking stakeholder meetings.
Unquestionably, this threatens the effectiveness of the sought aviation cyber security remedies and more so, because the cyber criminals are often many steps, if not one, ahead of their victims.
Therefore, just like other industries, the aviation industry cannot afford to tolerate a normal state of affairs. It must learn from experience and seek unpredictable potential solutions, perform regular cyber assessment of their systems, and if that means proceeding with caution and cracking the whip, so be it.
The assumption should always be, “we are vulnerable irrespective of how prepared we may seem to be today.”
Overall, how prepared is the aviation industry for cyber security challenges?What are the most vulnerable aircraft systems to cyber threats?No doubt that we will be having deep conversations on these and other major topics in the upcoming weeks. Keep it posted on our blog and please share your comments below.
Want to read more like this?
Enter your email and get curated content straight to your inbox!
Thank your for your subscription.
You are already subscribed to this newsletter.
A highly passionate aviator, with a solid background in aeronautical engineering. His journey to writing about aviation topics is founded on sharing insights into aviation safety and technical aircraft performance – a journey that is 6+ years and counting.
Avelo New Haven: 1st Birthday and $49 Flights
Airlines · 4 min read
Avelo Airlines, an airline serving seven states in the country, celebrated its first anniversary since the airline launched flights from Tweed New Haven Airport on November 3, 2021.
Nov 25, 2022
How Would the Airline Industry Use Business Intelligence?
Airlines · 8 min read
Rapidly developing technologies are making major changes to the ways companies in the airline industry communicate and understand customer behavior, make strategic decisions, and develop workflows. Moreover, customer satisfaction is at the top of the priority list for the airline industry as well as safety for the whole aviation industry. Therefore, collecting and analyzing customer […]
Nov 14, 2022
What Is the True Meaning of Commercial Flights?
Airlines · 5 min read
In the aviation industry since the 1920s, the phrase "commercial flights" is used to describe a flight that is carrying paying passengers. This is in contrast to private flights, which are typically only used by a private jet owner or their invited guests.