How Important Is Cybersecurity in Aviation?

Guides · 5 min read · Aug 05, 2022
cybersecurity in aviation

Motivation, Common Cyber Threats and Forging Unpredictable Solutions

As the airlines, one of the main stakeholders in the aviation industry, strive to keep safer skies, offer passengers more convenience in service provision, and remain competitive, so do their systems become vulnerable to cyber risks and threats.

Broadly, digitization and technology help in managing complex systems but equally raise their vulnerability to cybersecurity attacks if not well managed. To a large extent, the availability of the different modes of propagating cyber threats is one of the major weaknesses of cybersecurity management. But first, here is what you need to know about cybersecurity in aviation.

Importance of cybersecurity in aviation: potential vulnerabilities

Big-Data Capabilities

Cyber threats are highly propagated where there are big data, some kind of shared connectivity and reliability amongst elements making up the system. The airline industry is a peculiar aviation ecosystem and a semblance of one big network loop of activities, stakeholders, aircraft, tools, and instruments that thrive on a special kind of interdependence to function.

For example, when flying an aircraft, the cabin crew must be in constant communication with the air traffic control center for aircraft navigation assistance. Such information is relayed through communication channels and dedicated frequencies, which when jammed, could lead to fatal consequences. In cases like this, aviation cyber security risk should be evaluated and prevented to the best of all stakeholders’ abilities.

Also, copies of all the records of airline and airport employees are stored in the respective airports’ administration databases. Access to such information, which could include employment contracts and airport pass details, could be a motivating factor for cyber attackers.

Equally, data breaches in airline databases may lead to losses of passengers’ sensitive information, which when claimed, may be worth millions of dollars lost for the airlines as is later shared in this article.

A keyboard representing cybersecurity.

Lack of Autonomy

The aircraft is a conglomeration of many components, hardware, sub-systems, and systems that are coordinated towards one overall objective, enabling safe flights. However, there are different equipment manufacturers, OEMs, for certain components such as the digital flight data recorder, commonly manufactured by Honeywell, the landing gear, and other avionics equipment popularly manufactured by Collins Aerospace and Thales Group respectively.

As such, the different aircraft manufacturers including Boeing, Airbus, and DHC other than manufacturing the airframe, must partner with the OEMs to make a functional unit called an aircraft. Because they may not be predominant in the quality assurance processes of the OEMs, a compromise in form of a cyber threat vulnerability of one of the components may affect the safety of the aircraft.

Access to Sensitive Information

Air transport involves compliance with many regulations and one of those requires air passengers to have passports and other travel documents while traveling abroad. This information is stored in databases, to which the aviation industry may have access. Equally, sensitive personal information and payment records via credit cards can be accessed and retrieved for online fraud.

What are the common types of aviation cybersecurity threats?

Ransomware

In this attack, the victims’ data are encrypted such that he or she doesn’t have access to them. Therefore, the cybercriminal demands a ransom from the victim in order to restore access.

Internal Threat

These are threats from within the organization, for example, from employees. For instance, an ICT officer may negligently lose a USB flash drive with files that contain all the user credentials of the airline. With such information getting into the wrong hands, the airline may become susceptible to cyber threats.

Phishing

This is a form of a socially-engineered cyber threat. It involves the distribution of infected links via emails such as criminals pretending to be someone else like an airline CEO/manager and directing an email to a junior employee of the airline to submit urgent information through the shared link. Consequently, the relevant data is extracted, which could include the payment details of the customers.

Advanced Persistent Attack

It is a stealthy attack on a computer network that normally lasts for longer periods with the aim of installing malware for theft, disruption, or spying purposes.

An airline which was involved in a cybersecurity attack: EasyJet

What are some of the notable incidents in civil aviation?

According to recent research by Eurocontrol, in 2020, over 60% of all the reported cyber-attacks were linked to the airline industry, especially commercial airlines. This makes the aviation industry a great target for most cyber attacks, with the consequences causing significant business disruptions, damage to brand image/reputation as well as aviation customers, and financial losses to the airline.

As a consequence, there have been a few notable and severe incidents, including:

Cathay Pacific

The cyber attack in aviation in form of a data breach took place in 2018 with over 9.4 million passengers’ accounts hacked. Information accessed included those of credit cards, passports, and mobile numbers. The cause has since been attributed to data insecurity such as the lack of passwords for backup files and the use of outdated operating systems.  

EasyJet

The incident took place in January 2020, just around the time when the Covid-19 pandemic was ruthlessly affecting the aviation sector. It is reported that over 9 million people were affected, with some of the data losses including travel data, email addresses, full names, and credit card information. This cyber security incident is one of the largest ever data breaches in the UK.

SITA

SITA is an IT company and in February 2021, their servers that provide various airlines with passenger processing systems were cyber-attacked with a data breach of over 4 million records. Some of those airlines served by SITA include Air New Zealand, Singapore Airlines, and Cathay Pacific.

a cybercriminal performing a cyber security attack on a laptop

Maintaining the status quo or forging new cyber solutions?

Certainly, whereas there could be many approaches to dealing with cyber security threats, maintaining the status quo is definitely not one of the solutions. While we shouldn’t really panic, we undeniably should get more prepared and vigilant to cyber security vulnerabilities than before.

Every stakeholder in the aviation sector must forge newer and innovative solutions for future challenges. Notably, those potential approaches should exhibit high unpredictability so that they are not susceptible to new cyber security threats considering the rapidly growing digital space and networks globally. Remember, these threats are engineered by elites and experts and so is the reason why the world, and more specifically the aviation sector, is having this conversation today.

Again, the cybercriminals are amongst us; as the employees at the workplace or as passengers aboard our aircraft. Yes, that is equally the reason why it is becoming quite expensive to manage all cyber security challenges and new threats because the cyber criminals are sometimes part of our solution-seeking stakeholder meetings.

Unquestionably, this threatens the effectiveness of the sought aviation cyber security remedies and more so, because the cyber criminals are often many steps, if not one, ahead of their victims.

Therefore, just like other industries, the aviation industry cannot afford to tolerate a normal state of affairs. It must learn from experience and seek unpredictable potential solutions, perform regular cyber assessment of their systems, and if that means proceeding with caution and cracking the whip, so be it.

The assumption should always be, “we are vulnerable irrespective of how prepared we may seem to be today.”

Final thoughts

Overall, how prepared is the aviation industry for cyber security challenges?What are the most vulnerable aircraft systems to cyber threats?No doubt that we will be having deep conversations on these and other major topics in the upcoming weeks. Keep it posted on our blog and please share your comments below.

Want to read more like this?

Enter your email and get curated content straight to your inbox!

Thank your for your subscription.

You are already subscribed to this newsletter.

Jaap Brian
A highly passionate aviator, with a solid background in aeronautical engineering. His journey to writing about aviation topics is founded on sharing insights into aviation safety and technical aircraft performance – a journey that is 6+ years and counting.

Leave a comment

Your email address will not be published.

Recent posts

air traffic controller stress

Air Traffic Controller Stress

Guides · 6 min read

Becoming an air traffic controller can be an interesting career path in the aviation industry for several reasons. On one side, it is a challenging yet rewarding career since the air traffic controller is in charge of guiding flights through the most appropriate flight paths in order to ensure their safety.

Aug 05, 2022
cargo security

Cargo Security: Protection of the Global Supply Chain

Guides · 5 min read

Though the world has modernized all ways of living, but the risk of theft still exists as a significant problem in every society. According to an estimate presented by the European Union; cargo theft comprises of approximately 8.2 billion Euros per year which increases the importance of cargo security.

Aug 05, 2022
ow Safe Are Airplanes?

Fact Check: How Safe Are Airplanes?

Guides · 6 min read

Aviation safety is a top priority in air travel and airline industry, and there are many reasons why that is so.

Aug 04, 2022

Start learning from the best minds now

  • Check your knowledge with quizzes
  • Pre-recorded certified courses
  • Study on different devices
  • Virtual classes/Live sessions
  • Pre-recorded Aviation management courses
  • Obtain Aeroclass Certificate
Get Started Today