Discover the cyber technologies that threaten aviation, the risks for civil and military aviation, and strategies for ensuring aviation safety.
Aviation, both civil and military, is today more exposed than ever to cyber threats. These threats vary in complexity and intensity, from targeted attacks aimed at disrupting operations, to sophisticated attempts at data theft, to indirect threats such as ransomware attacks on third-party suppliers. This spectrum of cyber risks underscores the critical importance of robust aviation cybersecurity in maintaining safety, security, and traveler confidence.
Aviation cybersecurity is not just about protecting against financial loss or data breaches, but is also vital to preserving operational safety and national security. Managing cyber risks in this sector is becoming increasingly complex with the adoption of emerging technologies such as machine learning and fifth-generation (5G) telecommunications, as well as the increased use of autonomous aircraft and other technological innovations.
Cyberattacks in the aviation industry have shown a notable increase in recent years, with various incidents reported, ranging from data theft to ransomware attacks, highlighting the growing diversity and sophistication of threats. These attacks are not limited to civil airlines; the military sector is also facing cyber espionage and data theft.
Against this backdrop, it is imperative for aviation to develop and implement robust, scalable cybersecurity strategies to protect its operations, data and assets against constantly evolving cyber threats. This requires a global and collaborative approach, engaging not only airlines and airports, but also suppliers, technology partners, and regulators around the world. The complexity and interconnectivity of aviation systems make cybersecurity a major challenge, but also an inescapable priority for ensuring the continuity and security of flight operations in an increasingly digitized world.
Cyber threats in aviation: a general overview
Aviation, whether civil or military, faces a wide range of cyber threats. These threats are not only diverse, but also constantly evolving, requiring constant vigilance and adaptation on the part of industry players.
Overview of the different forms of cyberthreats
- Data breaches: Airlines handle vast amounts of sensitive data, including personal passenger information and credit card details. Data breaches can result in significant financial losses, erosion of customer confidence, regulatory penalties and severe damage to corporate reputation.
- Ransomware attacks: These involve locking an organization’s digital files and demanding a ransom to unlock them. Aviation, with its critical systems and time-sensitive operations, is a prime target for such attacks, which can cause massive operational disruption and financial loss.
- Supply chain attacks: The aviation supply chain is vast and interconnected, offering multiple points of entry for malicious actors. These attacks can infiltrate an organization’s network via third-party suppliers, causing widespread damage not only to the targeted airline, but also to many other entities in the supply chain.
- Internal threats: Internal threats, where an employee or trusted person abuses his or her access, can be just as damaging. They can be particularly difficult to detect and mitigate because of the inherent trust and access granted to employees.
- Phishing attacks: Phishing remains one of the most common types of cyber threat, including in aviation. These attacks trick employees into revealing sensitive information, such as passwords or credit card numbers, by pretending to be someone they trust.
Impact of cyber attacks on civil and military aviation
The consequences of cyber threats in the aviation sector go far beyond the realm of immediate impact, affecting passengers, airlines and even national security. Cyber attacks can cause major operational disruptions, result in massive, multi-faceted financial losses, expose sensitive information, thereby violating privacy laws, and, in some cases, endanger flight safety.
The critical nature of aviation to national security means that cyber attacks against this sector can have far-reaching implications, disrupting military logistics, hampering emergency response capabilities, or serving as a prelude to physical terrorist attacks.
In the face of these threats, civil and military aviation must prioritize the development and implementation of robust, adaptive and collaborative cybersecurity strategies, encompassing not only the protection of IT systems but also employee awareness and training, supply chain risk management, and the adoption of advanced threat detection and response technologies.
Technologies at risk in civil aviation
Civil aviation relies on a complex and interconnected technological ecosystem, making certain systems particularly vulnerable to cyber attacks. These vulnerabilities represent significant risks for the security of operations, passenger privacy and the continuity of air services.
Ground control systems and their vulnerability
Ground control systems are essential for air traffic management, including take-off and landing operations, flight tracking, and communication between aircraft and control towers. The complexity and interconnectivity of these systems with other components of the aviation infrastructure make them susceptible to a variety of cyber threats, including distributed denial of service (DDoS) attacks, brute force attacks, and phishing campaigns. For example, several major US airports were targeted by DDoS attacks in 2022, although these attacks did not impact critical operations.
Communication between aircraft and control towers
Communication between aircraft and control towers relies on digital systems which, if compromised, can disrupt flight operations. Attacks on these systems could lead to unauthorized intrusions, identity theft and interception of communications, jeopardizing flight safety. Documented examples include malware attacks and sophisticated network attacks targeting critical components of the aviation infrastructure.
Passenger data management and privacy risks
Passenger data management involves the processing and storage of sensitive information, including personal and financial details. These systems are the target of cyber-attacks aimed at stealing personal data, as illustrated by the multiple data breaches affecting airlines and airports in recent years. Cathay Pacific Airways and British Airways, for example, suffered major data breaches, exposing the personal information of millions of customers.
Faced with these risks, civil aviation needs to take a proactive and comprehensive approach to strengthening the cybersecurity of its systems. This includes implementing vulnerability management strategies, training employees, and developing incident response plans. The TSA’s new cybersecurity requirements for airport and aircraft operators emphasize the importance of measures such as network segmentation, access control, continuous monitoring, and vulnerability management. Collaboration and information sharing between aviation stakeholders are also key to improving the sector’s security and resilience in the face of cyber threats.
Challenges specific to military aviation
Military aviation faces unique cybersecurity challenges, exacerbated by the sophistication and constant evolution of cyber threats. These challenges cover several areas, including securing drones and remote control systems, protecting strategic information and communications, and cybersecurity for surveillance and reconnaissance technologies.
Securing drones and remote control systems
Military drones and other remote control systems are increasingly targeted by cyberattacks due to their crucial role in modern operations. The software complexity at the heart of mission-critical systems makes these technologies vulnerable to exploitation, where software flaws can have serious consequences, going beyond the impact on data and equipment, and posing risks to mission-critical systems and, above all, human life.
Protecting strategic information and communications
The protection of strategic communications and information in military aviation is crucial, as their compromise can offer adversaries a strategic advantage. For example, Chinese state-sponsored espionage operations targeted and compromised databases belonging to US and allied defense contractors to steal information on the development of the F-35 Lightning II, which was used by China’s People’s Liberation Army to develop its own stealth fighters such as the J-20.
Cybersecurity for surveillance and reconnaissance technologies
On-board systems in military aviation, including those used for surveillance and reconnaissance, are interconnected with a range of external network systems, from software update processes to secure communications networks. Compromised avionics can affect wider systems linked to the platform, posing problems for integrated air and missile defense (IAMD) systems and other critical technologies.
To counter these threats, armed forces are adopting various strategies, including the establishment of Cyber Squadron-Initiative, which aims to continuously map and document specific mission priorities at each wing, sharing information on evolving threats and lessons learned. In addition, the test community needs to improve the way it tests and evaluates avionics systems in a cyber-challenged environment, recognizing the increased need for resilience.
Responses to the cyber threat
Aviation cybersecurity involves a multi-dimensional strategy, focusing on defense, prevention, international collaboration, and technological innovation. Key organizations, including IATA, ICAO, and the FAA, have developed frameworks and strategies to strengthen security against cyber threats.
Current defense and prevention strategies
IATA has developed cybersecurity guidance materials, offering air operators recommendations on adopting minimum cybersecurity postures for organization and flight operations. These documents cover the organizational culture and risk management aspects of aircraft cybersecurity. The FAA, for its part, has established a certification and monitoring process for all US commercial aircraft, recognizing avionics cybersecurity as a potential safety issue. However, gaps remain in the implementation of key practices needed to successfully carry out a risk-based cybersecurity monitoring program.
The role of international collaboration in enhancing security
ICAO stresses the importance of a global approach to addressing cyber threats and risks to civil aviation, based on cooperation and collaboration between states and all relevant stakeholders. ICAO’s work on cybersecurity is wide-ranging and includes the development of standards and recommended practices (SARPs), raising awareness, and supporting the capacity building and implementation of cybersecurity initiatives for states and the wider aviation community. ICAO’s cybersecurity strategy is built around seven pillars, including international cooperation, governance, and capacity building, among others.
Technological innovations to protect aviation from cyber attacks
Current strategies include developing communities of trust among the various players to tackle the complex challenges of cybersecurity. For example, IATA supports a cybersecurity strategy for the aviation industry, focused on building these communities, improving resilience to cyberattacks, and maintaining safe and secure operations while continuing to innovate and grow. The FAA, while having established collaborations with other federal agencies and industry to address aviation cybersecurity issues, is encouraged to improve its coordination efforts and conduct an avionics cybersecurity risk assessment to prioritize and effectively allocate resources to address these risks.
In summary, defending against cyber threats in aviation requires an integrated approach that encompasses the implementation of robust cybersecurity strategies, global collaboration between different industry players, and the adoption of innovative technologies. The initiatives and strategies developed by key organizations such as IATA, ICAO, and the FAA are crucial to maintaining aviation’s security and resilience in the face of constantly evolving cyber threats.
Case studies: notable attacks and lessons learned
Aviation has experienced several notable cyber attacks, each offering valuable lessons on the need to strengthen information security and preventive measures.
EasyJet – May 2020
EasyJet had to inform 2,208 customers that their credit card information had been stolen by cybercriminals. This breach led to a class action lawsuit by 10,000 customers, claiming up to £18 billion in damages. Crisis management highlighted the importance of rapid and transparent communication with affected customers to minimize damage to reputation and trust.
SITA – March 2021
SITA, a technology provider for airlines, suffered a data breach potentially affecting over 2 million travelers, mainly loyalty program members. The breach illustrated the vulnerability of aviation supply chain providers and the importance of securing systems shared between airlines and their technology partners.
British Airways – September 2018
British Airways suffered a cyber attack resulting in the theft of 429,612 customers’ personal data. An ICO investigation revealed inadequate security measures, resulting in a £20 million fine for the airline. This case highlights the importance of robust IT security to protect customer data.
Air Canada – August 2018
Air Canada revealed that the company’s mobile app had been hacked, exposing the personal information of 20,000 users. This potentially included sensitive data such as loyalty program numbers and passport details. In response, Air Canada locked all accounts until passwords were reset, highlighting the importance of mobile app security and incident responsiveness.
Cathay Pacific – 2018
Cathay Pacific was hit by a cyberattack resulting in a breach of 9.4 million accounts, demonstrating the risks associated with inadequately protected backup files and the use of obsolete operating systems. Following the attack, Cathay Pacific introduced multi-factor authentication to reinforce security.
These case studies reveal several important lessons for the aviation industry:
- The need for rigorous data monitoring and protection, especially for sensitive customer information.
- The importance of collaboration and transparent communication with stakeholders in the event of a data breach.
- The adoption of robust cybersecurity practices, including multi-factor authentication and regular system updates, to guard against future attacks.
These incidents highlight the complexity of the cyber threat landscape and the need for continued vigilance to protect aviation’s critical infrastructures.
Looking ahead: securing aviation against cyber threats
The future of aviation cybersecurity is marked by the need to evolve in the face of growing threats, and to adapt accordingly to maintain the security of flight operations and the protection of sensitive data.
Evolving threats and adapting security strategies
Cyber threats to aviation continue to grow in complexity, particularly with the increase in ransomware attacks in the aviation supply chain, which have risen by 600% in one year. This alarming trend underlines the urgency for the industry to strengthen its defense mechanisms. The ICAO’s cybersecurity strategy proposes an integrated approach based on seven pillars, including international cooperation and the development of a cybersecurity culture, to improve the aviation sector’s resilience in the face of these attacks.
The importance of cybersecurity training and awareness-raising
Training and awareness-raising are crucial to preventing cyber-attacks. The shortage of qualified cybersecurity personnel in aviation is a major problem. The growth of cybersecurity capacity in the aviation sector underlines the urgent need to develop a cybersecurity-aware workforce capable of meeting the challenges specific to this sector.
Cyber threats are constantly evolving, requiring continuous adaptation of security strategies to effectively protect aviation’s critical infrastructure. Emphasis must be placed on strengthening international collaboration and investing in cyber security training and awareness to prepare personnel to identify and respond to cyber attacks effectively.
Efforts must also focus on integrating cybersecurity into aviation’s existing security culture, recognizing that cyber and physical security are now inseparable in today’s interconnected systems environment. By taking a holistic approach to cybersecurity, aviation can continue to innovate while ensuring secure operations and data protection in an ever-changing threat landscape.
War Wings Daily is an independant magazine.