Improving security measures is key in a progressively digital age. Source: Shutterstock

Improving security measures is key in a progressively digital age. Source: Shutterstock

Calls for aviation resilience as industry cyber attacks see sharp climb

Digitization has profoundly benefitted the aviation sector through automated processes, bridged system siloes, real-time flight tracking, efficient asset maintenance, quick response time, and advanced analytics.

Going digital has enabled players to create a highly-connected ecosystem that allows greater management over digital and physical assets, and improved delivery of services.

Although connected, the ecosystem remains complex and fragile. Previously weak systems that were never secured as separate units are now being connected to unsecured networks, further increasing the vulnerability of the entire ecosystem.

Essentially, even when stakeholders invest in advanced cybersecurity solutions, the implementation is far from being holistic — much like putting a bandaid on a bullet wound.

A call for cyber resilience

An industry analysis by the World Economic Forum (WEF) can validate that the general outlook of cybersecurity strength within the aviation sector is rather weak. In fact, through a survey conducted by WEF, participating players in the aviation industry have reported an 80 percent increase in phishing attack frequency last year.

Ransomware occurred over 35 percent of the time throughout 2019 while malware attacks were recorded at approximately 28-percent in frequency.

Hacking incidents were terrifyingly frequent, too. Distributed Denial of Service attacks (30 percent), Network infrastructure attacks (30 percent), attacks via supply chain software and hardware (20 percent), and web application attacks (20 percent) were all common throughout the year.

Undoubtedly, these figures are shocking as they reflect how vulnerable and at-risk the industry is, and how cyber threats are a growing risk. The severity of these incidents can never be undermined. In some instances, these attacks can negatively disrupt business operations and decrease market value, reputation and consumer trust. British Airways is no stranger to this, having suffered a breach that saw the details of 380,000 of its passengers leaked.

Of course, at the back of people’s minds are the threats of hackers using cyberterrorism — that aircraft systems themselves could be compromised by an attack.

In a risk analysis index, WEF also pointed out that players like those in airlines are, on the whole, less attuned to the growing severity of cyber threats. Interestingly, they are more worried about market competition, changing demands, and extreme, unpredictable weather conditions.

The unfortunate thing about cyberthreats being the least of their concerns is, unlike the weather or changing market demands, the fact that security and building resilience is something players have complete control and management over.

One thing seems clear; both players and stakeholders within the aviation space tend to view cybersecurity as just another digital component to add in their transformation. While there are some measures being implemented to a certain extent to protect the ecosystems, cyber resilience is far from up to scratch.

In truth, cybersecurity is a cultural practice that must be ingrained in every stage of aviation operations and something that every member of the company is aware of, whether in the air or on the ground.

According to the analysis, “Cyber resilience involves more than security. It requires a focus on protecting critical functions, not only assets.” There is an urgent need for the industry to gather intelligence, enhance operational strategies, and amplify security measures to gain resilience.

Players and stakeholders must also be aware of the long-term, permanent damage that cyberthreats and cyberattacks can cause. Actions must be taken now and changes must incur from within. After all, resilience is only achievable when players lead operations with a cybersecurity-first mentality.