Cybersecurity in aviation: Should we be worried?
Clearly, the aviation industry worldwide is benefitting immensely from new levels of digitization and connectivity. But with this rapid advancement in connectivity comes a new and concerning threat. Hacktivism, cybercrime, even state-sponsored attacks have all become a real risk for airlines. Cybersecurity is at the top of the minds of many aviation professionals right now; here’s a quick rundown of the risks and what’s being done to mitigate them.
Aviation cybersecurity: the threats
At the recent IATA Media Days in Geneva, Get Connected heard from IATA SVP Nick Careen regarding the current threats to aviation in the digital environment. He told us how, in the past, cybersecurity had always been an on the ground issue. However, with the rise of the connected aircraft, this is changing. Careen said,
“Connectivity of aircraft systems, through traditional information technologies, aviation specific protocols and RF communications, have extended the attack surface to the aircraft itself, whether on the ground or in flight.”
With the rising size of the digital footprint of aircraft, new concerns have arisen regarding the safety of data communications both on the aircraft, between the aircraft and the ground and security of the networks used to facilitate this. However, as Careen pointed out,
“There is a difference between perceived threat and reality.”
While recent years have thrown up some notable cyberattacks on airlines (Cathay Pacific in 2018 and British Airways the same year, for example), the consequence of this has always been customer data. While a data breach is unwanted and likely expensive for an airline to deal with, it doesn’t compromise flight safety. Careen continued,
“There have been claims by hackers that they have the ability to hack the passenger domain communications equipment on aircraft and access critical flight systems. This is not the case.
“No systems critical to flight safety have ever been put at risk.”
While that’s good news for now, it’s not to say that all threats can be ruled out for good.
ICAO action to increase aviation cybersecurity
Back in September this year, more than 2,600 ministers and high ranking officials gathered in Montreal for the International Civil Aviation Organisation’s (ICAO’s) 40th Assembly. During the assembly, discussions around all pertinent issues for aviation took place, including, of course, cybersecurity.
The 40th Session went on to adopt the Assembly Resolution A40-10 – Addressing Cybersecurity in Civil Aviation. This resolution brings together a means of tackling the issue in a joined-up manner and calls upon all states to implement the ICAO Cybersecurity Strategy.
While the details of the resolution are pretty complex, and not something worth getting into here, the overarching message is one of cooperation, governance and policymaking to ensure a cohesive approach to cybersecurity in aviation.
Careen announced that IATA welcomes this establishment of the first Global Aviation Cybersecurity Resolution by ICAO and recognizes that airlines and governments need to work together to understand threats and vulnerabilities. IATA is also undertaking various initiatives targeted at boosting cybersecurity in aviation, including developing standards, developing regulation and reducing technology gaps.