We have seen many cyber attacks on established corporations, governments, and other businesses in recent years. As we might expect, the aviation industry is also vulnerable because it heavily relies on different kinds of software and information systems.
Digitalization and technology improve airline operations and make the aviation industry more efficient. At the same time, modern advancements create new challenges.
Any minor cyber attack, such as a ticket system cyber attack, can result in unflattering coverage by the media and greatly affect airline’s business. More severe cyber attacks can lead to a disaster and cause loss of lives.
Experts agree that ensuring cyber security is one of the main challenges in the aviation industry today.
Cyber security is not only about preventing intentional cyber attacks, but also unintentional actions caused by human error or negligence.
Did you know?
British Airways: Engineer Wrongly Disconnected Data Center Power Supply
On Saturday the 27th of May 2017, IT engineer at British Airways failed to follow proper procedures when conducting maintenance work at the airline’s data center at London Heathrow airport.
When the IT engineer rebooted the servers following the maintenance work, he switched the power on for the servers too quickly, causing an unintentional power surge.
Unfortunately, the power surge caused major damage to the servers that contained data for British Airways flights, including passenger data and operational flight plans for the pilots.
The consequences were severe. With crippled systems and passengers unable to check-in, the incident affected at least 3000 flights.
According to the Federal Aviation Administration, human error is the leading cause of both commercial airline crashes and general aviation accidents. As cyber security plays a significant role in the aviation industry, all personnel must be aware of cyber security threats and comply with the company’s procedures to prevent them from happening.
Aviation cyber security training is relevant throughout the entire infrastructure in the aviation industry – aircraft and equipment manufacturers, air-traffic control, airports and airlines.
Aviation cyber security
Cyber security is the practice of defending information, operational systems, and data from malicious attacks. It takes place in cyberspace – an environment where communication over computer networks occurs.
As it is part of IATA’s Aviation Cyber Security Roundtable, everybody in the aviation industry should promote a positive cyber security culture and raise awareness of potential cyber threats.
Aviation authorities, including ICAO, EASA, IATA, EUROCONTROL and UK CAA, provide different training guidelines to help airlines and airports improve aviation cyber security training.
The main focus is protecting flight traffic management systems – primary and secondary radars, Global Navigation Satellite System (GNSS), and GPS. These systems navigate flight paths and their disruption can have hazardous effects.
For the same reason, airplane information management systems, including flight management systems and data communication management, are also at the center of attention.
Aviation Cyber Security Course
Online course for airline crew and other personnel.
Essential theory and practical tips included.
Threats in aviation cyber security
The aviation ecosystem is highly interdependent, and cyber security must protect the information of digital data and linked networks, services, and web portals against cyber security threats.
👉 Cyber attack – a single attack, via cyberspace, to disrupt, disable or destroy controlling infrastructure, or to steal controlled information
👉 Cyber crime – continuous cyber attacks to maliciously control a computing environment or destroy the integrity of data
👉 Cyber terrorism – politically motivated use of information technology to cause severe harmful disruptions
These sound serious, but many cyber security threats can be avoided by following simple rules such as protecting usernames and using strong passwords, being vigilant when you see something suspicious and reporting when others are too relaxed about complying with the company procedures.
To prevent cyber attacks and cyber crime, the entire aviation industry needs to get informed about aviation cyber security training and should apply strong efforts to prevent cyber crime.
How to ensure cyber security?
Security is often under threat because the airline’s staff is not sufficiently informed and instructed on how to act in certain situations.
You, as a part of the training department, should take several actions to increase awareness about cyber security and provide your crew with procedures they can easily follow.
1. As humans ensure cyber security, proper crew training is the first step.
Make sure your crew can access information on cyber security. Make a cyber security course a part of your training program. This will increase the awareness of cyber security in aviation and prepare your crew for efficient response mechanisms.
Aviation Cyber Security Course
Online course for airline crew and other personnel. Essential theory and practical tips included.
✅ Short-and-to-the-point
✅ Easy implementation
✅ Accessible on all devices
✅ Flexible pricing
2. You should conduct independent audits of existing cyber security action plans.
Take a careful look into who has access to a company’s computer network, if real-time detection process and response mechanisms work systematically and which managers are responsible for executing cyber security protocol.
3. Be aware of an efficient cyber risk management system.
To build it, you should maintain sufficient infrastructure for detection and monitoring and ensure that proper procedures are being followed correctly. Don’t forget to identify roles and responsibilities with clarity. Document all strategy phases, and ensure checkpoints to prevent procedures from falling through the cracks.
4. Continuously promote a safety culture within your organization.
Encourage your crew to keep the safety procedures in mind and to stay vigilant at all times, even if they are off duty. Create a safe environment where crew members feel protected to report when someone does not comply with the company’s procedures.
Why is aviation cyber security more important now?
In 2020 there were 775 cyber attacks on airlines and 150 at airports.
Eurocontrol reports that there was an increase of 530% in cyber attacks between 2019 and 2020 and this number is rapidly increasing.
MRO (maintenance, repair and operations) industry is an attractive target for cyber attacks. For that reason, airlines should establish security standards for third-party vendors to prevent cyber crime.
Proper training, general awareness about cyber security and a strong company’s safety culture are critical factors in maintaining a high level of safety in aviation.
References:
- www.iata.org. (2022). Aviation Cyber Security. [online] Available at: https://www.iata.org/en/programs/security/cyber-security/.
- Thales Aerospace Blog. (2020). Cybersecurity in aviation: the big picture. [online] Available at: https://onboard.thalesgroup.com/cybersecurity-in-aviation-the-big-picture/.
- www.icao.int. (n.d.). CIVIL AVIATION CYBERSECURITY. [online] Available at: https://www.icao.int/cybersecurity/Pages/default.aspx.
- The First Global Cyber Security Observatory. (2022). Aviation Cyber Security – Major Challenges. [online] Available at: https://cyberstartupobservatory.com/aviation-cyber-security-major-challenges/.
- www.egis-group.com. (n.d.). Future of aviation cybersecurity. [online] Available at: https://www.egis-group.com/all-insights/future-of-aviation-cybersecurity [Accessed 24 Mar. 2022].
- World Economic Forum. (n.d.). Cybersecurity in aviation: Building a resilient future. [online] Available at: https://www.weforum.org/impact/we-are-building-a-cyber-resilient-future-for-the-aviation-sector.
- The Loadstar. (2021). Sharp increase in aviation cyber attacks leaves air cargo vulnerable. [online] Available at: https://theloadstar.com/sharp-increase-in-aviation-cyber-attacks-leaves-air-cargo-vulnerable/.