It is high-time to address aviation cyber security as its own unique faction, in hopes of preventing critical systems from being used to carry out catastrophic events.
Cyber attacks around the world are increasing at an alarming rate and have become a growing concern for both public and private organizations. According to a report published by Symantec, an American cybersecurity company, more than 75% of businesses worldwide have been affected by cyber attacks in the past twelve (12) months, with an average cost estimated to be around $2 million. Perhaps more alarming than this is is the notion that many of these attacks are leveled against our airways, forming a need for protective countermeasures in a sector known as Aviation Cyber Security.
In essence, this is nothing new. Hackers have always preyed on vulnerable and unsuspecting targets. The past few months, for example, have seen attacks on the likes of banks, hospitals and municipal authorities, costing billions of dollars and even jeopardizing the operational structures of entire cities. For Atlanta, Georgia, calamity struck in the form of ransomware which ultimately paralyzed the Wi-Fi system of its international airport.
This might be what you’d describe as “too close for comfort,” given that many Delta and Southwest planes are equipped with Wi-Fi even at 30,000 feet. What threat this poses can be debated, but the idea of malware being as catastrophic as any terrorist group is enough to give pause to any team of officials. The intangibility of software may be a weakness in the marketplace, but its ability to avert Homeland Security and the Transportation Security Administration (TSA) could be seen as a strength among those eager to abuse it.
The latest to voice concerns about aviation cyber security and its seemingly uncontrollable threat are aviation experts themselves. They claim that the quest to provide passengers with superior technologies has inadvertently led to the exposing of critical data. While passengers enjoy fast and easy access to online digital services, hackers are fully aware that the implementation of hyper connected models used by airports has made sensitive aviation systems more vulnerable to their attacks.
Logically, agencies and engineers of the aviation industry fear that the digitalization of services at such a rapid pace will lead to the widening of exploitable components, leaving the entire infrastructure of airports exposed to imminent danger.
A report published by PA Consulting Group, a British consultancy firm, speaks about a silent threat and reveals that the automation of airport controls also gives way to a grave threat against the overall security of airport infrastructure. The report also claims that the advent of smart airport technologies such as smart boarding gates and bio-metric immigration controls could sabotage the very concept of aviation cyber security and expose airports to new risks and unknown threats.
And then there’s the European Aviation Safety Agency (EASA), which has reported an increase in cyber attacks on aviation systems—more than 1,000 per month to be exact. Such attacks carry serious consequences, as hackers who gain access to sensitive flight systems can manipulate controls designated for airliners and use them for nefarious designs and purposes.
Luc Tytgat, EASA’s Director of Strategy and Safety Management, cautions a “serious approach” while reiterating the need for cooperation among aviation cyber security experts. Only then can models be developed to better facilitate an understanding of the threat landscape and minimize its effects. David Oliver, PA Consulting Group’s Global Transport Security Lead, says there is a need to reassess the aviation industry’s cybersecurity measures in order to fend off the potential attacks of cyber criminals.
Oliver also emphasizes the high time for the aviation industry to act, and to prevent the dire consequences of cyber attacks and risk-increased vulnerabilities. Indeed, the damage caused by these threats has confirmed the need to address aviation cyber security as its own unique faction, in hopes of preventing critical systems from being used to carry out catastrophic events.