The Aviation industry is used to physical threats. Storms, attacks and crash landings are studied and planned for, with rigid contingencies to keep passengers safe. Air travel has recently become safer than ever before, with new technology helping keep Aviation businesses organised and secure, which is good news because the number of airline passengers will double over the next 20 years.
However, there is a new threat to the Aviation industry, one that targets the very technology that has become so crucial to public wellbeing: cyber attacks.
Many Aviation systems are hackable: reservation systems, flight traffic management systems, passport control, cloud storage, hazardous materials transportation management, cargo handling and shipping. Aircraft computers are also vulnerable – flight control, navigation and even aircraft fuel consumption systems.
Hacking costs the global economy half a trillion dollars annually. There are an estimated 300,000 professional hackers worldwide, watching and waiting for a chance to strike.
One recent Aviation cyber attack involved the possible theft of data from 9.4 million customers. Often data is the target of cyber incursions, not causing actual physical harm. Some airlines fend off an average of 1,000 Aviation cyber attacks a month. Both the UN and the EU have cyber security councils and committees specifically for the Aviation sector, designed to set industry standards for Defence.
Luckily the recent passenger data hack had no impact on flight safety as the database was on a different system to flight control systems. Compartmentalisation and maintaining disparate systems may be one way to reduce the effectiveness of Aviation cyber attacks, by increasing the amount of work it would take for Aviation hackers to access multiple different systems instead of just one.
In March Russian hackers were identified to have infiltrated many different US infrastructure systems, one of which was Aviation. No sabotage was detected, but the hackers had access to information about those systems and how to potentially gain control of them.
It’s been argued that one of the most prudent ways of counter Aviation cybercrime is for airline companies to publicly disclose when an attack occurs. This allows other companies to study what happened and to implement their own strategies to protect themselves and their customers.
Prevention and detection are the two main defences against Aviation cyber attacks. The first stops attacks entirely by maintaining solid and secure firewalls. These firewalls will be analysed for any weaknesses, and if any are found, they will be exploited. That’s when the second method of protection springs into action: detection. This deals with detecting an Aviation hack the second it begins, allowing reactive measures to be taken.
Aerospace & Aviation companies are so attractive to hackers because of the supply chain: every business is connected to others, which gives hackers more to work with. Less than 10% of independent MROs have established security protocols, which could enable a weak link and an incredibly important chain. Login credentials to any Aviation network allow potential expansion across multiple connected networks, and so on.
The industry must establish a base level of Aviation security across all organisations to reduce the threat of Aviation cyber attacks. A holistic approach can help make the difference between total Aviation security and a potentially disastrous data breach.