In many ways, the aviation industry is healthy: the number of passengers is increasing, jet fuel continues to hover around historic lows and technology is transforming airline efficiency as well as passenger experience. But this same technology also increases the risk of cyberattacks, according to an report released today.
"Aviation Cybersecurity—Finding Lift, Minimizing Drag," published by think tank Atlantic Council with underwriting from Thales Group, examines the intersection of cybersecurity and the aviation industry. The report portrays an industry transitioning from using secure, isolated systems to embracing digital connectivity. In embracing the “digital revolution,” the aviation industry will likely experience cybersecurity challenges.
“Previously, aviation systems were relatively secure due to the bespoke nature of their design, isolation from other systems and little in the way of communication protocols,” says Atlantic Council senior fellow and study author Pete Cooper. “But [Air Traffic Management] is no longer isolated, and ground services and supply chains are becoming fully integrated into an interconnected digital world.”
The report says that increasing interconnectivity in the aviation industry makes both aircraft and airports potential targets for cyberattacks.
“Aircraft are now complex data networks, yet the ability to monitor them arguably lags behind comparable ground-based networks — as does the ability to avoid and respond to potential cybersecurity incidents,” Cooper says.
As airports embrace digital transformation, they essentially become federated management systems using many interdependent service providers. Cybersecurity weaknesses could therefore eventually result in breaches in physical security. And while attacks on public-facing systems may pose little actual risk to passenger safety, they could damage public trust in an already embattled industry.
“Cyber attacks on the aviation sector have so far been low-level and caused limited impact, but the consequences of a successful malicious cyber-attack on civil aviation operations could potentially be catastrophic,” Cooper says. “The aviation industry has decades of experience in preventing safety and security issues, but the cybersecurity and cyber safety challenge is comparatively novel.”
The report lays out a series of recommendations to the industry for strengthening cybersecurity:
- Systems thinking, governance and accountability
- Data systems that are resilient as well as secure
- Resilient stakeholder trust
- Protecting data integrity to ensure optimal human decision-making
- Share industry perspective and cultural collaboration
To read the full report, click here.