From the first flight by the Wright brothers, to more than 45,000 flights today carrying over 2.9 million passengers across more than 29 million square miles of airspace (FAA, 2023), the aviation industry has definitely changed the world for the better. With the ever changing and evolving scope of aviation, maintaining safe, secure, and resilient operations is a top priority for the aviation industry. Technology and digitization are one of the main factors that caused the rapid change of the aviation world. However, this complex environment is a double-edged sword bringing its own share of vulnerabilities. The airline industry has never been more vulnerable to cyber threats and attacks with "a multitude of motivations, ranging from stealing value in data or money to causing disruptions and harm" (IATA, 2023).
The aviation industry hosts one of the most integrated and complex information and communications technology systems, which helps to keep the world interconnected. But with increasing inter-connectivity, cyber threats of various nature from adversaries working in anonymity is ever-increasing as well. Data breaches are one of the most pressing cyber threats affecting the aviation industry today. The aviation industry handles vast quantities of sensitive data such as personal information, payment details, flight data etc. Not only does a data breach lead to financial hardship to the passenger, it also deteriorates trust and reputation of the company. In 2018, British Airways was attacked by cyber attackers through data breach of personal and credit card information of more than 400,000 customers. British Airways was fined $26 million by the Information Commissioner's Office (ICO) for allowing the data breach to occur (BBC, 2020). Ransomware attacks are another form of cyber threats where the adversary will lock a company's digital files and information in return for a ransom to unlock them. This disrupts the company's operations, create financial losses, safety risks, and cause time sensitive operations to fail. A cyber-attack that is unique to the airline industry are jamming attacks. These attacks "injects a ghost flight into the air traffic control system to alter the projection and mapping or airplanes or delete their position from the radar screen" (Virgillito, 2015). Attackers will then be able to manipulate aircraft management and its data by providing false information such as aircraft speed, location and direction of airports and other aircraft. One of the most common cyber threats that remains popular are phishing attacks. These attacks trick employees into revealing sensitive and mission critical information by imitating to be a trustworthy person. Once the attackers gain access to these critical information and data, the damage it can cause to the entire industry can be enormous.
My recommendation to strengthen the cyber security measures in place, would be to develop a common cybersecurity standard. This standard will have to be followed by every organization in the aviation industry. Even if the nature of cyber-attacks are mostly the same, the methods might be unique in every geographical location. The process of creating a cybersecurity standard will help comb through various cyber-attacks anomalies and enable the industry to identify ways to combat them. My other recommendation would be to implement regular and periodic risk assessments. As we mentioned that cyber attackers fine-tune their methods of attack as the industry implements counter-attack measures, regular risk assessments are a necessity for cybersecurity. What worked last month for security, might not work anymore this month. Therefore, there needs to be a program and team in place throughout the aviation industry to consistently monitor these risks, continuously assess them, and implement measures to prioritize resources effectively.
References
British Broadcasting Corporation. (2020, October 16). British Airways fined £20M over Data Breach. BBC News. https://www.bbc.com/news/technology-54568784
Cassetto, O. (2019, July 31). Tech battling tech: How airlines are innovating against cyberattacks, security breaches and failing Tech Systems. Aviation Pros. https://www.aviationpros.com/aviation-security/article/21090440/tech-battling-tech-how-airlines-are-innovating-against-cyberattacks-security-breaches-and-failing-tech-systems
Federal Aviation Administration. (2023, April 10). Air traffic by the numbers. Air Traffic By The Numbers | Federal Aviation Administration. https://www.faa.gov/air_traffic/by_the_numbers
International Air Transport Association. (2023). Aviation cyber security. IATA. https://www.iata.org/en/programs/security/cyber-security/#tab-3
Virgillito, D. (2015, February 26). Cyber threat analysis for the aviation industry. Cyber Threat Analysis for the Aviation Industry. https://resources.infosecinstitute.com/topic/cyber-threat-analysis-aviation-industry/
No comments:
Post a Comment