The State of Cybersecurity in Commercial Aviation
Cybersecurity Trends
In an era where planes are essentially flying data centers, the need for robust cybersecurity is more pressing than ever.
The aviation industry is undergoing a digital revolution, but with the promise of improved efficiency, enhanced passenger experiences, and more precise air traffic management comes a wave of new cybersecurity challenges.
In this article we will explore the key aspects of cybersecurity in commercial aviation, focusing on digital transformation, the protection of critical systems, and the importance of incident response and disaster recovery.
1. The Digital Transformation of Aviation: New Opportunities, New Risks
Over the past decade, commercial aviation has embraced digitalization on all fronts. Airlines now rely on digital ticketing systems, cloud-based operations, and in-flight Wi-Fi to enhance customer experiences and streamline internal processes. Aircraft like the Boeing 787 Dreamliner and Airbus A350 are equipped with advanced avionics and data systems that allow airlines to monitor performance in real-time, manage fuel efficiency, and even predict maintenance needs.
However, the very technologies that make flying more efficient also introduce new risks. The CEO of Emirates, Sir Tim Clark, recently warned that, "as aircraft become more connected, the risk of system manipulation grows. This is something we must address urgently, as the consequences of a successful attack on an aircraft's control systems could be catastrophic."
A report by Eurocontrol found a 530% increase in cyberattacks on airlines and aviation systems from 2020 to 2021, with the trend continuing upwards. Most attacks target airline databases, ticketing systems, and supply chains.
One of the most notable incidents occurred in 2015, when LOT Polish Airlines was hit by a cyberattack that took down its flight plan system, grounding more than 1,400 passengers at Warsaw Chopin Airport. Hackers targeted the airline's ground operations, preventing flight dispatchers from communicating flight plans to aircraft. While no safety-critical systems were breached, this incident underscores how a cyberattack on ground systems can severely disrupt airline operations and cause massive financial and reputational damage.
Legacy systems are also a significant hurdle. Many airlines still rely on decades-old IT infrastructures that were not designed with modern cyber threats in mind. In-flight systems, such as avionics and communication networks, are particularly difficult to patch or update in real-time, especially when aircraft are airborne. This creates an ongoing challenge for airlines that must balance innovation with the security of older systems. For example, Southwest Airlines has faced issues modernizing its outdated IT infrastructure, which has resulted in system outages in recent years, raising concerns about cybersecurity vulnerabilities.
In a joint report by the U.S. DHS and CISA, they identified that 30% of vulnerabilities in aviation's OT systems remain unpatched, which includes radar, navigation, and communication systems used for flight safety.
2. Protecting Critical Systems: Safeguarding the Backbone of Aviation
While aviation is certainly not the only industry undergoing digital transformation, very few others need to safely transport millions of people through the sky on a daily basis. In the US alone, the TSA screens about 2 to 2.5 million passengers daily. Needless to say, commercial airlines must be extremely careful when introducing new technologies, especially when it comes to protecting their critical systems.
At the heart of aviation are systems such as flight control networks, avionics, and ground-based air traffic control systems. These systems, essential for aircraft operation and passenger safety, are prime targets for sophisticated cyberattacks. One alarming case is the 2018 penetration test which discovered vulnerabilities in the in-flight entertainment systems of a Boeing 737. The researcher found that it was theoretically possible to gain access to the aircraft's control systems through its entertainment network, raising concerns about the potential for hackers to compromise more critical systems.
One of the primary methods of protecting these systems is encryption. Modern encryption protocols ensure that sensitive data, such as flight control communications and passenger information, remain secure in transit. For example, airlines like Delta have implemented end-to-end encryption to protect their digital ticketing and customer data platforms. However, as the aviation industry becomes more connected, traditional encryption methods may not be enough. The rise of quantum computing poses a serious threat to today's encryption algorithms, which is why new standards like FIPS 203, FIPS 204, and FIPS 205 are being developed to withstand the power of quantum attacks. These standards will be critical in securing flight data, especially as aviation systems rely increasingly on data-intensive technologies. As of the time of writing, no major commercial airline has implemented comprehensive post-quantum encryption.
Human factors also play a significant role in aviation cybersecurity. In 2018, British Airways was hit by a massive data breach in which hackers stole the personal and financial information of 380,000 passengers. The breach occurred due to a vulnerability in the airline's online booking system, but the real issue was an insider threat—an employee with elevated privileges was targeted through a phishing attack, allowing hackers to infiltrate sensitive systems. This example highlights the importance of employee training and implementing strict access control measures. Airlines must focus on reducing insider threats through continuous education and by limiting access to critical systems based on job function.
3. Incident Response and Disaster Recovery: Preparing for the Inevitable
Despite the best preventive measures, cyberattacks on aviation systems are inevitable, and airlines must be prepared to respond swiftly and effectively.
A case in point is the 2017 ransomware attack on Ukraine's Boryspil International Airport, part of the larger NotPetya cyberattack that crippled systems worldwide. Although the primary targets were in the shipping industry, the ransomware also spread to airport systems, completely paralyzing Boryspil airport's IT systems. Airport staff had to switch to manual operations, requiring a high degree of training and a well-orchestrated incident response plan.
Incident response strategies in aviation should be tailored to the specific risks posed by digital transformation. For example, Delta Air Lines has implemented a 24/7 Cyber Security Operations Center (CSOC) that monitors and responds to cyber threats in real-time. This center is designed to detect anomalies in airline systems, respond to potential breaches, and coordinate with other departments, including legal, to ensure compliance with industry regulations such as those from the FAA and EASA.
Disaster recovery is another critical aspect of aviation cybersecurity. In 2018, Cathay Pacific suffered a major data breach that compromised the personal data of 9.4 million passengers. While the breach did not affect flight operations, it exposed the airline's insufficient disaster recovery protocols. Cathay Pacific was criticized for its delayed response and inadequate communication with passengers regarding the breach, resulting in heavy fines and reputational damage. Airlines need to ensure that, in the event of a cyberattack, they can quickly recover and restore their systems. Secure backup systems, tested regularly for functionality, are essential for maintaining operational continuity.
Unfortunately, airlines seeking to develop a world-class SOC can face an uphill battle. According to a 2022 Aviation Cybersecurity Survey, 64% of aviation organizations reported difficulty in recruiting skilled cybersecurity professionals. The survey also revealed that retaining talent was an issue, as the demand for cybersecurity skills often leads to high turnover rates.
Conclusion
The digital transformation of the aviation industry has opened the door to significant advancements but has also made the sector a prime target for cyberattacks. As Alexandre de Juniac, Former CEO of the International Air Transport Association (IATA) succinctly put it, "Cybersecurity is one of the greatest threats to aviation today." Period.
From ground systems to in-flight avionics, the growing complexity of aviation technology has increased the attack surface that cybercriminals can exploit. Airlines, government agencies, and the wider tech industry must be proactive in addressing these challenges by securing critical systems, adopting new encryption standards, and preparing for inevitable cyber incidents. Otherwise, a bottle of water smuggled past TSA might just be the least of our worries.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
Silent Breach in the press
Silent Breach Breaches Department of Defense (DoD) Network
Similar Reads