5 actions to protect your aircraft from cyberattacks

29 October, 2020

Cyberattacks across all industries and countries regularly hit the headlines with record financial impacts, unquantifiable reputational damages and serious operational disruptions. Just last year, the World Economic Forum stated that cyberattacks are one of the top ten global risks of highest concern in the next decade.

The aerospace sector is a prime target for cybercriminals worldwide. In the last few years, a number of aerospace actors have been affected by cyberattacks ranging from theft of personal data, to operations disruption and even supply chain corruption.

Aviation Faces Surge in Cyber Threats: 64% of 2023 Attacks Targeted Airports; FAA Enforces New Cybersecurity Regulations

In 2023, the aviation industry experienced a significant increase in cyberattacks, with airports being the primary targets. Out of 764 documented incidents, 486 attacks—accounting for 64%—were directed at airport facilities.

In response to these escalating threats, the Federal Aviation Administration (FAA) introduced new cybersecurity regulations in August 2023. These rules mandate that airplane manufacturers and operators implement stringent measures to safeguard against hacking and other cyber threats that could compromise flight safety. 

Only as strong as its weakest link

This surge of regulation updates is impacting not only the obvious areas of the aircraft ecosystem but also the whole value chain around aircraft operations. Theft or leak of passenger personal data are probably the most common attacks airlines have been facing in recent years. Although the number of attacks are high and extremely damaging for the airlines’ reputation, they are also the most critical to resolve, with many airlines currently investing heavily in the security of their IT systems.

Many other areas of the aircraft ecosystem can be compromised by a cyberattack and need to be managed accordingly. For several years now, the rise of a more connected, digital aircraft has increased risks of cyberattacks. Even though statistically less common, cyberattacks on the connectivity items of the aircraft are regarded as the most critical and impactful threats, prompting the need to mitigate the risk of a cybersecurity breach in this area.

The entire aviation value chain is therefore a potential target for cybercriminals, driving the need for a holistic approach to cybersecurity in aviation.

Impacting all areas of the business

The drive for new regulations around cybersecurity in aviation not only originates from the impact a cyberattack can have on companies and their employees but also society at large.

When we hear of a cyberattack the first thing that comes to mind is the financial impact on an organisation, for example, 1 hour operations disruption at a large airport at peak time has an estimated cost of $1m. In general, the cost of a cyberattack is estimated around $1m.

Aside from financial impacts, aviation actors also face serious credibility issues, which can negatively impact their reputation and brand image and lead to unquantifiable secondary financial impacts.

Raising pressure from international regulators and from the intensity of cyberthreats are driving airlines and other aviation actors alike to invest in cybersecurity measures.

In 2019, it is estimated the training of employees and the compliance with security and safety regulations represent the two main cybersecurity expenses for airlines. It is anticipated that the investments in these areas will significantly increase with the setup of a stronger regulatory framework.

Nonetheless, although this shift in mindset is occurring in the aviation industry, all actors are facing issues in effectively securing their operations. One of the main concerns raised is the need for more proactivity amidst the rising security threats.

Increasing employee awareness of cyberattacks and how to prevent them has become a rising challenge for airlines. Employees are often considered as the potential weakest link in the value chain. Giving them a key role to play in securing the entire ecosystem and reinforcing safety behaviours have become critical for aerospace actors.

Most threats result from a human error or behaviour

System complexity is also making it increasingly harder for aviation companies to globally manage security risks. Digitalisation, connectivity and automation all contribute to the difficulty of ensuring all areas of the ecosystem are protected from cyberthreats.

Another pain point is understanding and mastering the current and coming cybersecurity measures. The rapid evolution of regulations and standards require aerospace companies to constantly monitor and act on these regulatory shifts. The sheer amount of them is enough to create complexity that even the biggest structures struggle to master.

Additionally, National Airworthiness Authorities (NAA) can request evidence from airlines that Instructions and Assumptions from the Airbus Security Handbook are properly applied.

Non-exhaustive list of standards and regulations

• Airbus Security Handbook
• ICAO referential
• ISO 2700X
• NIS Directives
• GDPR
• Export Control
• ANSP (FAA AC119-1A) 
• Part IS (EASA)

Recent examples of cyberattacks

Financial

In mid July 2024, Delta Air Lines, a major U.S. carrier and the largest airline in the world by revenue, assets, and market capitalization experienced an operational disruption following the 2024 CrowdStrike incident including the cancellation of over 1,200 flights.

Operations

In 2024 a significant cybersecurity event led to a widespread disruption across the aviation sector. This incident resulted in the cancellation of approximately 2,691 flights. 

Reputation

In 2023-2024, we observed several data breaches within airlines leading to personal data theft. These cyberattacks were carried out against major airlines all across the world.

#01 Train your team

Employee awareness is the single most important element in your defense against cyberthreats. With rising numbers of cyberattacks across the aviation industry, making your employees aware of security threats and helping them understand how to effectively protect your company is paramount. A variety of training is available on the market today to help you prepare your team and compensate for their lack of expertise.

#02 Audit your security processes

Although it’s difficult to foresee how constraining future frameworks will be, regulatory entities such as EASA and FAA are planning to implement new regulations in the coming years. Mitigating the risk of non-compliance can be challenging. Today, many options are available to assess or audit your security implementations and ensure you have everything in place to avoid a possible attack or fine.

#03 Secure your network

Protect your entire company’s IT infrastructure by setting up a layered approach to your defence. Typically, companies look into installing firewalls, antimalware, antivirus, identity and access control, etc. A holistic approach should be preferred when bringing in these different types of IT security solutions to avoid creating hidden back doors, which could still compromise your entire IT network.

#04 Create a Security Operations Centre

A Security Operations Centre (SOC) allows you to control, monitor and detect any incoming threats to your system and respond to them in the most appropriate way. The SOC goes hand in hand with a defined set of rules and response measures for each type of incident. These need to be defined upfront and revised regularly to keep up with the evolving threats.

#05 Set up a security framework

Documenting policies, procedures and processes that revolve around the airline’s cybersecurity organisation is key to ensure consistency and structure. This framework becomes the guiding principle all airline stakeholders need to follow and comply with. Anticipate future changes from regulatory enforcement bodies and set up your base framework that you will be able to build upon over time. If you’re not sure how to get started, different solutions are available to you to help you design the framework most adapted to your organisation.