Why do airlines need to improve cybersecurity?
Across the economy, cyber attacks are becoming more common. Hospitals, banks, social media companies, and gig economy apps are all struggling to manage a new wave of attempted network breaches.
While businesses in all industries have been impacted by the rise of cyberattacks, hackers tend to direct their attention to certain businesses over others.
The targeted sectors have mostly been taken by surprise — leading to a number of successful attacks with serious long-term consequences for the organizations that hackers targeted. Now, cybersecurity professionals think the aviation industry could be the next big target for hackers.
Airlines Facing Wave of Cyber Attacks
A significant number of early attacks on airlines have already occurred. In 2018, for example, Cathay Pacific Airways notified customers of a serious breach — one that ultimately led to a £500,000 penalty from the ICO, the UK’s national data watchdog.
In 2021, Air India suffered a breach that exposed the personal data of more than 4.5 million customers. Details including passport and ticket information, as well as some credit card information, were compromised.
The number of attacks against the industry is also rising fast. EUROCONTROL reported that more than 1,200 aviation cybersecurity incidents and events occurred in 2020, compared to just 200 the year before — despite the serious decline in air travel demand.
This is why it’s critical for airlines to improve their cybersecurity — and soon.
1. An Increase in Networked Airplane Devices
Like passenger cars, flight today is increasingly computerized. Modern flight control systems rely on software controls and flight control systems that can be targeted by hackers.
At the same time, computers are becoming more important to operations on the ground. In airports and in airline offices, computers and IoT devices are helping to streamline work and improve communications. With no cybersecurity strategy in place, however, these devices could also make businesses more vulnerable to attacks.
Each new device and computerized control system, in addition to providing utility for pilots or the airline, can also present another point of entry for hackers: making planes an easier target for cybercriminals.
2. The Rising Value of Customer Data
Customer data is becoming more valuable. Airlines gather and hold on to a significant amount of this data — including customer data that is of particular interest to hackers, like passport information, ticket information, and financial details, like credit card numbers.
This data, in part or as combined with data stolen in other breaches, can be sold on the Dark Web. Even information that wouldn’t seem valuable to hackers — like medical records and flight booking details — can find buyers there.
Sensitive business and engineering information like 8130 forms, which certify that an aircraft component or part is in airworthy condition, could also provide information with value to hackers. It’s important to keep all information safe and to prevent falsified documents.
At the same time, airlines are gathering more information than ever before. Because customer information can be sold to advertisers or used to improve customer experience, many major airlines are collecting transactional and behavioral data they haven’t gathered in the past.
As the amount of data stored on airline networks grows, airlines will become a more valuable target for hackers. The aviation industry is likely to face steadily worsening cyber-threats over the coming years as a result.
3. The Growing Cybersecurity Talent Gap
In 2014, there were almost 1 million unfilled positions in cybersecurity. There’s evidence that this talent gap could grow as large as 3.5 million unfilled positions by the end of 2021. While the tech world is working to build a better talent pipeline for the industry, it’s not clear when the talent gap will begin to close.
The growing number of attacks and the lack of a strong talent pipeline means there are fewer professionals handling more cyber-incidents than ever. As a result, those currently in the industry face long hours and high levels of stress.
Some industry observers have also suggested that there may be a looming “burnout crisis” that could further reduce the number of professionals in the field, putting additional stress on those who remain.
Airlines should consider the availability of talent when deciding how to develop their cybersecurity strategy. Beginning to hire a team sooner rather than later may help ensure that, as competition for cybersecurity professionals becomes more intense, airlines still have workers capable of defending their network or staging a response to attacks.
For businesses interested in more advanced cybersecurity techniques, like those that rely on natural language processing and other AI technology, beginning now will also provide time for experimentation and implementation.
4. No Cohesive Industry Approach
In the aviation industry, there’s currently no industry-standard framework for how to approach cybersecurity. This means that, among the aviation industry businesses that have a cybersecurity strategy, most are flying blind by developing their own practices and sharing little knowledge with other airlines.
In April 2021, a study published by the World Economic Forum called for a unified approach to cybersecurity practices in the industry, including better communication and information-sharing standards that could help individual businesses defend against future cyberattacks.
The current patchwork of disparate approaches when it comes to airline cybersecurity may be dangerous in the long term. A unified approach would ensure information about threats targeting airlines is shared widely between cybersecurity professionals in the aviation industry.
Gaining experience with cybersecurity and sharing information now will help ensure these new frameworks are developed as quickly as possible and with input from stakeholders across the industry.
The Aviation Industry Faces Growing Cybersecurity Threats
The number of cyberattacks targeting the aviation industry is likely to increase in the near future. Airlines, as they gather more data and add additional computer systems to planes, will make themselves more of a target for hackers.
Cybersecurity planning can help ensure these hackers can’t stage effective attacks. If airlines begin now, they can develop strong cybersecurity systems and policies that will help them protect against these new cyber-threats.
