Airline cybersecurity involves the practices, technologies, and policies in place that are designed to protect against cyber threats from the aircraft itself to reservations and ticketing.
From the Ground Up
Starting at ground level, airports and airline offices use a wide range of IT systems to implement air services, from flight planning to baggage handling to air traffic control. On-the-ground threats include ransomware, phishing, insider threats, and system downtime. As an example, flights for LOT Polish Airlines were grounded several years back due to a cyberattack on its flight planning system.
How the Aircraft Itself is Protected
In today’s world, airplanes are equipped with digital avionics and satellite communication systems. It is these systems themselves that can make the aircraft vulnerable to cyberattacks that are not properly secured. As such, there are very strict cybersecurity standards in place for aircraft design and certification.
Protecting the Passenger
From the moment a passenger goes online to search for flights and make a reservation, they become high-value targets for cyber threats. Sensitive passenger information including payment details and travel history become subject to security invasion. Attacks on the reservation system itself can cause massive operational disruptions and financial loss for all. Having cybersecurity protection in place is of utmost importance, and there are privacy laws that systems must comply with as an essential way of doing business.
Ready for Take Off
Airlines rely on third-party vendors for supply chains such as maintenance, IT, and inflight services. With Wi-Fi a commonplace amenity onboard flights, Internet availability increases the risks of cybersecurity breaches. Real-time monitoring must be in place to track the threat of intelligence sharing and the common threats of malware, ransomware, phishing, supply chain attacks, and insider threats.
The Biggest Cyber Threat for Airlines
While Hollywood would make us believe that the biggest concern for people is that someone malicious might be able to seize control of an aircraft in flight and cause an accident or redirect a plane for criminal reasons, in reality, the biggest cybersecurity threat is data breaches.
Between 2019 and 2020, the number of cyberattacks against airlines and airports increased by a whopping 530%. In 2020, easyJet had an exposure of 9 million customers’ personal information including credit card data. British Airways suffered a data breach that affected a half million passengers in 2018 that resulted in a significant fine for the airline.
Most cyberattacks are motivated by stolen identity theft, financial gain, or even political reasons with financial gain the largest impetus. In other cases, malware and ransomware attacks have been conducted simply to cause disruption to business operations for whatever motivation.
Whether by Air or Land or Sea
Whether travel be by planes, trains, cruise ships, or automobiles, in today’s world we are all connected by cyber activity from the Internet to mobile phone calls, to paying for dinner at restaurant with a credit card. In today’s world of investing, it would seem anything involving cyber security would be a good hedge bet.
