The aviation sector plays a critical role in allowing people to travel domestically and globally. Millions of people rely on the safety, security and resilience of airlines, airports and the systems that support them.
The combination of digital transformation and the exponential growth of the aviation industry has resulted in an increased threat surface that must be urgently addressed. Therefore, because there are strong dependencies between cyber, physical and personnel security, a cyber security strategy advocates for a collaborative approach between government, regulators and industry to combat current and future cyberattacks or system compromises.
Why are Cyberattacks one of the biggest concerns for Aviation?
Aviation is a vital industry that contributes substantially to economic development and standards of living. The aviation industry's role in commerce, trade, and transportation infrastructure makes it indispensable to the global economy. Any major technological or organizational failure has direct implications and costs for public safety and national security.
Cyber threats are increasing in number and complexity, becoming more dynamic and unpredictable. Cyberspace can be exploited by a variety of threat actors, including criminals, state actors, terrorists and hacktivists, to exploit vulnerabilities and cause significant harm.
The severity of cyber attacks and compromise of systems can range from website attacks to compromise or failure of safety-critical systems. The primary concern is to prevent any attack or compromise that poses a threat to national security or jeopardizes the secure and safe operation of the aviation sector.
The risk of cyber attacks or compromises disrupting aviation services will continue to increase. While the human and long-term economic consequences of such incidents may be less severe, the operational, commercial, and reputational repercussions could still be extremely damaging.
Steps should also be in place to mitigate against a variety of attacks, including unsophisticated, low-level attacks or compromises that have no operational or financial impact, depending upon the sophistication of the attack.
For a cyber risk to materialize, there must be both an existing threat and a vulnerability to exploit. It is impossible to mitigate those vulnerabilities without first understanding what they are, and therefore, understanding these vulnerabilities are critical to different types of organizations, and what the impact of a loss of confidentiality, integrity, or availability would be.
The Aviation Ecosystem
The aviation ecosystem is defined by a significant level of interconnectivity and interdependence. Each actor, whether direct or indirect, plays an important role in providing products, operating and integrating them, and maintaining the system as a whole, including its subsystems. As a result, the aviation industry is frequently referred to as a "system of systems" (SoS).
In many cases, the industry's various sub-systems were designed, integrated, operated, and managed independently of one another, and evolved at their own pace without a clear understanding of the overall architecture.
To maintain efficient operation and overall cyber resilience, different systems must be capable of operating autonomously while also ensuring interoperability and integration with all interconnected systems.
As a result, accountability can at times be unclear. As supply and value chains become more complex, security measures must progress beyond securing individual systems. A one-size-fits-all approach will not suffice; industry participants must address both their individual and shared responsibilities in order to secure the ecosystem.
A proactive approach
To address challenges to cyber security, decisive and collective action is necessary and is required on three levels: international, national and organizational. These requirements are;
- Align regulations globally
- Establish a cyber resilience baseline
- Encourage continuous assessments and industry benchmarking
- Develop information-sharing frameworks and standards
- Enable build up of personal skills
- Reward open communication on incidents
- Share real-time information
- Organizational cyber resilience principles
- Ecosystem-wide cyber resilience principles
The Aviation Information Sharing & Analysis Center (A-ISAC)
The A-ISAC is the global consortium for cybersecurity information sharing across the aviation sector. Founded in 2014 by seven global aviation companies, the A-ISAC has established itself as the trusted point of coordination around cyber threats for the global aviation community.
The A-ISAC facilitates collaboration across global aviation to build resiliency against cyber threats. Their threat intelligence is a result of collaborative input from hundreds of analysts across the aviation sector.
Joining an ISAC requires an annual membership as well as human resources from within an organization. The driving forces behind joining should be;
- Joining forces to form a shared analysis threat-intelligence resource without the organization having to deploy these capabilities on their own
- Sharing knowledge and being prepared to contribute about incidents and threats
- Increasing the organizations maturity level- sharing experiences can improve a security level more quickly- validating experiences and other ideas with trusted peers and resources
- Developing contacts and expanding a network
The aviation cybersecurity industry must strengthen its capacity in order to build a strong, safe, secure, and resilient aviation sector capable of dealing with new vulnerabilities introduced by the next generation of technologies. Building cyber resilience across the global aviation ecosystem involves all domains of the aviation sector and requires coordinated effort.
By creating a united front, collaborating and sharing information within the A-ISAC environment; the cyber security of the aviation sector can be more agile, become more aware of weaknesses and prepared to overcome cyber threats when they arrive.
Talk to the SkyRadar team to discuss solutions that help your organization to withstand the increasing threat of cyberattacks on the aviation sector.
This article was written in cooperation with VMRAY. VMRAY empowers security teams to enrich threat intelligence with a steady stream of high-quality, auto-generated indicators of compromise that can be automatically fed into existing threat intelligence repositories, with minimal effort.
Find out more: Delivering Actionable Threat Intelligence for Security Teams
A first version of this article was published on July 21, 2022