Cybersecurity in aviation: Should we be worried?

Clearly, the aviation industry worldwide is benefitting immensely from new levels of digitization and connectivity. But with this rapid advancement in connectivity comes a new and concerning threat. Hacktivism, cybercrime, even state-sponsored attacks have all become a real risk for airlines. Cybersecurity is at the top of the minds of many aviation professionals right now; here’s a quick rundown of the risks and what’s being done to mitigate them.

Aviation cybersecurity
The increase in connected aircraft brings with it an increased threat of cyberattack. Photo: Unsplash

Aviation cybersecurity: the threats

At the recent IATA Media Days in Geneva, Get Connected heard from IATA SVP Nick Careen regarding the current threats to aviation in the digital environment. He told us how, in the past, cybersecurity had always been an on the ground issue. However, with the rise of the connected aircraft, this is changing. Careen said,

“Connectivity of aircraft systems, through traditional information technologies, aviation specific protocols and RF communications, have extended the attack surface to the aircraft itself, whether on the ground or in flight.”

With the rising size of the digital footprint of aircraft, new concerns have arisen regarding the safety of data communications both on the aircraft, between the aircraft and the ground and security of the networks used to facilitate this. However, as Careen pointed out,

“There is a difference between perceived threat and reality.”

Nick Careen
Nick Careen speaking at IATA’s Global Media Days 2019. Photo: IATA

While recent years have thrown up some notable cyberattacks on airlines (Cathay Pacific in 2018 and British Airways the same year, for example), the consequence of this has always been customer data. While a data breach is unwanted and likely expensive for an airline to deal with, it doesn’t compromise flight safety. Careen continued,

“There have been claims by hackers that they have the ability to hack the passenger domain communications equipment on aircraft and access critical flight systems. This is not the case.

“No systems critical to flight safety have ever been put at risk.”

While that’s good news for now, it’s not to say that all threats can be ruled out for good.

ICAO action to increase aviation cybersecurity

Back in September this year, more than 2,600 ministers and high ranking officials gathered in Montreal for the International Civil Aviation Organisation’s (ICAO’s) 40th Assembly. During the assembly, discussions around all pertinent issues for aviation took place, including, of course, cybersecurity.

The 40th Session went on to adopt the Assembly Resolution A40-10 – Addressing Cybersecurity in Civil Aviation. This resolution brings together a means of tackling the issue in a joined-up manner and calls upon all states to implement the ICAO Cybersecurity Strategy.

Connected aircraft
The Resolution is a step towards a safer connected aircraft environment. Photo: Unsplash

While the details of the resolution are pretty complex, and not something worth getting into here, the overarching message is one of cooperation, governance and policymaking to ensure a cohesive approach to cybersecurity in aviation.

Careen announced that IATA welcomes this establishment of the first Global Aviation Cybersecurity Resolution by ICAO and recognizes that airlines and governments need to work together to understand threats and vulnerabilities. IATA is also undertaking various initiatives targeted at boosting cybersecurity in aviation, including developing standards, developing regulation and reducing technology gaps.

0 Shares:
You May Also Like