Cybersecurity threats plague every industry. While some industries have been on high alert longer than others, there isn’t any industry that is untouched by security vulnerabilities, including aviation. Today’s aircraft are increasingly connected to ensure optimal performance and maintenance, achieve greater fuel efficiency, and deliver a better passenger experience. Yet all of these systems potentially open the door to new security vulnerabilities and require an effective risk assessment of the airline industry and the entire aviation ecosystem.
The aviation industry is unique, because of its broad ecosystem, which encompasses the aircraft manufacturer, communication systems, supply chain, maintenance and operations. It also expands into the airports and each of the elements with which a passenger interacts, from check-in to security to baggage handling, boarding, and the flight itself. Each and every connection point along the way is an opportunity for a bad actor.
“Aircraft today communicate via radio link, data link, or satellite link to deliver data for optimal performance and to improve the overall safety of the aircraft. Yet all of the data flowing is completely unmanaged communication,” said Tom Goodman, director of international cyber business for Raytheon.
Within the aviation ecosystem, Goodman points out that the closer the system sits to the aircraft, the more inherently trusted the data becomes. “All of those data connections are inherently trusted, but are not protected. It is easy to insert malware into a data stream that isn’t protected. That damage can have long-term effects,” Goodman said.
While these threats in aviation are not clearly visible, they are evolving, and attackers are becoming more sophisticated. The aviation industry is starting to take cybersecurity threats seriously. To that end, organizations, such as ICAO and IATA, have created workgroups to develop cybersecurity guidance.
Goodman recommends the following checklist for airlines to assess their risk profile and take steps to hardening their ecosystem against threats:
1. Define the landscape of the ecosystem. Mapping out what this looks like will help airlines understand the connectivity issue of their data, where it flows, how it impacts the safety of flight, and how far it goes into the ecosystem. Start from the perimeter of your ecosystem and work your way toward the aircraft. Threats typically occur at the furthest point out, where you have the least control. Yet, the closer you get to the aircraft, the more dangerous the threat becomes.
2. Focus on core assets. The safety of the aircraft and passengers are of upmost importance. While you develop perimeter-level security to stop threats before they get closer to your core asset, you must focus your efforts on hardening the systems closest to the aircraft. Protecting the safety of the aircraft and the passengers are top priorities.
3. Begin threat hunting. Have you had attacks or attempts? While no system is bulletproof, it is important to evaluate the effectiveness of your security systems and policies on an ongoing basis.
4. Mitigate and remediate. Once you know where your vulnerabilities are and what attacks may have occurred, it’s time to start addressing issues and fix any problems. The next priority is to put systems in place that will help you mitigate attacks in the future.
5. Training and human capital development. Training is one of the most critical elements of any cybersecurity program. Each and every individual throughout the ecosystem needs to understand the importance of cybersecurity and the security policies that are in place. Once they know the policies and procedures, they should be empowered to enforce them.
Even after implementing risk assessments for airlines, Goodman stresses that cybersecurity incidents and attacks will occur. However, completing a risk assessment gives airlines the ability to endure a cyberattack, learn how to operate in a cyber-degraded environment, remediate the threat, and come out on the other side with minimal impact on aviation safety.