Cyber-attacks represent one of the most serious threats to the aviation industry. At the very least they can exact millions of pounds in damages, but at worst they could be devastating and allow terrorists to achieve their goals without having to set foot on a single flight. What’s more, the last few years have seen an explosion in the number of attacks.
The sector faces a barrage of attacks every day and is one of the favourite targets of cyber criminals. For example, Israeli airports are said to be fending off three million cyber-attacks daily. They are drawn to it because a combination of digital transformation, connectivity, segmentation and complexity, make the aviation industry both highly reliant on IT and vulnerable to attack. What’s more both the authorities and aviation companies have been slow to act.
Why has airlines become a prime target for hackers?
The answer requires only one word: data.
Airlines collect enormous volumes of passenger data, including credit card information and passport numbers, from their reservation and scheduling systems and frequent flyer programs. According to Sheridan, “for attackers hoping to cash in on sensitive data, the aviation industry is a gold mine.” And as the risk of suffering a data breach rise, so does the risk of failure to comply with PII/PCI regulations and tougher data protection laws such as GDPR.
Deploying technologies increases the attack surface by expanding the number of targets attackers can use to gain access to systems and the data stored on them.
A U.S. Department of Transportation (DOT) report cites the rollout of wireless technologies to give passengers access to wireless networks and the internet, and the growing adoption of IoT devices to perform functions such as increasing fuel efficiency and automating repairs, as two key avenues that create new vulnerabilities.
Further complicating matters is the challenge of securing remote infrastructure such as airplanes can be cost prohibitive, or impossible, to patch even after discovering a vulnerability.
Airlines also face the cybersecurity talent shortage that plagues so many industries, which makes it difficult to hire the cybersecurity experts they need. According to the (ISC) 2018 Cybersecurity Workforce Study, the global shortage of cybersecurity experts has reached 2.93 million, posing a growing risk to businesses worldwide struggling to find, hire and retain skilled employees.
Outdated IT issues and fragmentation are complicating things. Much of the IT infrastructure in use today is outdated and not designed to address today’s cybercrime challenges. This security flaw is inherently problematic as security teams try to build layers of cybersecurity on top of systems that were not designed for them.
Fragmentation within organizations and the wider sector makes it difficult to adopt uniform approaches. Each airport consists of a huge number of different departments, many of which operate within their own divisions and through their own closed IT systems. More broadly, aviation is global and interconnected, but remains fragmented.
Communication between governments and various organizations is difficult. Many cyberattacks go unnoticed. In many cases, companies may be concerned about the reputational damage that posting a cyber attack could cause, but by not providing information, aviators are missing out on an opportunity to gain insight into possible threats.
What are cyberattacks?
“A cyber-attack has the potential to wreak large-scale havoc on major transport hubs worldwide and lead to huge numbers of delays, flight cancellations and heightened security alerts,” says Michael Schellenberg, Director of Integration and Services at SITA.
Such an attack could have an enormous impact not just on aviation sector but also on the wider economy. Problems with air security tend to impact the public consciousness more profoundly than other sectors. A loss of trust or passenger confidence could have a major impact on the industry.
The real nightmare scenario comes if terrorists manage to hack into air traffic control instantly putting thousands of lives in the air and on the ground at risk. On a more mundane note, though, criminals are targeting the network for extortion. One of the most common approaches has been distributed denial of service (DDOS) attacks or ransomware which attempt to lock operators out of their systems.
Aviation is incredibly time sensitive. Even a relatively small outage can have knock on effects throughout the system. In many cases it may not be a particularly widespread attack. It can often focus on one single function, such as the processing of payment information. If this data is slowed, or a number of transactions fail, delays will mount up and passengers will become frustrated.
The hope, with all these attacks, is that the airport will decide that their cheapest option is to simply pay the ransom, and they are often correct. Ransomware has become a multibillion-dollar industry. In 2017 the number of ransomware payments topped the $2bn mark. Operators have become extremely professional in their outlook. They often present themselves as the solution rather than the perpetrators offering targets a link or a phone number which puts them through to a call centre.
It’s a cheap and easy attack to put into effect. A common approach is to use a phishing email containing an infected link. All it needs is one person to make the mistake of clicking on it and an entire network can be compromised creating havoc. Attacks come from many different areas from criminals trying to extort money to activists and terrorists aiming to either compromise the system or endanger life.
TOP 3 cyber attacks in recent months
In August, Air Canada reported a mobile app hack that affected 20,000 people.
In September, British Airways also exposed a violation that affected 380,000 passengers, and just a month later, in October, it learned that another 185,000 were affected by a second attack.
Also in October, Cathay Pacific Airways revealed that a hacker gained access to 9.4 million customers’ personal information, the latest airline data breach to date.
What to do to counter cyberattacks
Sita’s Air Transport Trends reports says that 11% of organisations say it could take them as long as four months to detect a cyber-attack. By that time the damage will have already been done. Intelligent led detection can ensure a prompt response to issues and create new insights into the origin and nature of attacks.
Defence must also be organisational as well as technical. Even the best defences can be compromised by errors by internal employees. Every time an employee receives a password to internal IT systems, they are effectively receiving keys to part of the kingdom. They have a responsibility to ensure those keys are kept safe, but if anyone in the organisation fails to accept their share ownership of cyber security strategies, they represent a threat. All it takes is for one person to click one link carrying a malicious program and the defences come tumbling down.
Cyber security, therefore, has to take on much more importance within an organisation. It starts at the executive team and moves on down throughout the organisation. Employees will need to be trained in best practice procedures as part of their induction and the strategy will need to be continually monitored and updated as the threat landscape evolves.
This has to be an all-encompassing approach using experts both within and outside of the organisation to identify risks and develop a multi-layered strategy. Munich Airport, for example, has implemented an information security hub which delivers a competency centre in which IT experts within the organisation work with experts from the European aviation industry to develop new approaches to fighting cybercrime.
It is an enormous undertaking and something which can intimidate many organisations, especially if those at the top are uncomfortable dealing with advanced technologies. However, it will be crucial to the future of the aviation sector. All the evidence suggests that cyber criminals have firmly set their eyes on aviators. They seem them as being valuable targets bristling with vulnerabilities and the more important digitisation becomes to the sector, the more vulnerable it will be.
The cyber criminals, then, are hammering at the gates of the aviation industry, but in many cases the fortifications are not quite up to standard. Only now is the sector really beginning to wake up to the threat but already it is playing catch up. Cyber crime is evolving rapidly and has become extremely sophisticated. As soon as one form of attack is countered, they will be looking for another. In the digital world, this will be a war without end. The only solution is for operators to ensure their defences are as strong as possible and that they have good detection and response measures in place for when an attack occurs.
Based on materials from Cybersecurity Insiders and Cyberrisk International