Built-in systems and the human factor: preventing aviation safety cyber attacks

While aviation cybercrime is on the rise, its main focus is still financial. But the threat of compromising an aircraft’s systems is out there

Built-in systems and the human factor: preventing aviation safety cyber attacks

BIGSTOCK/Copyright: Syntheticmessiah

“Aviation cybercrime is on the increase as new airline systems and remote working increase the digital surface attack area,” notes a recent publication by the International Air Transport Association (IATA), adding that “Combined with imminent cyber regulations in several jurisdictions, it makes appropriate aviation cybersecurity measures more important than ever.”

In practice, this means that the global aviation industry is as vulnerable to cyber attacks as any other area with massive digitization, connectivity and advanced technologies.

It must always be assumed that there is someone attempting to breach the system. And when it comes to a potential aerial disaster, results are frightening.

Currently, cyber aviation threats focus on economic aspects such as ransom attacks, as well as data theft. But organizations are getting ready and preparing themselves for possible aviation safety attacks.

Tamir Goren is Director of Special Technologies at the Israel National Cyber Directorate (INCD), and leads the national aviation and maritime programs. “Today’s aviation world is highly digitized and interconnected. Airports, operating systems, flight registration, air traffic and flight control – all of these may be subject to cyber threats,” he tells Cybertech Insider.

“Most cyber threats are still financial, and the attack often revolves around passenger data breaches,” says Goren. “Earlier this year, Air India suffered a cyber breach where information about 4.5 million passengers was leaked. In other attacks, frequent flyer details were stolen.

“However, as of yet, we at the Cyber Directorate are unaware of attempts to compromise flight safety. But of course, the potential is there.”

In 2018, the Israeli government ordered the establishment of a steering committee, led by the Civil Aviation Authority and the Cyber Directorate. This committee directs the nation’s aviation cyber management, and also includes representatives from the Ministries of Transportation and Defense, the IDF, Israel Security Authority (Shin Bet), and the National Security Council.

I asked Goren where the potential flight safety cyber threat currently stands. “We are talking about attacks that reduce the safety margins, for example disrupting flight controllers’ aerial images, or providing the aircraft with false flight instructions. These are real risks,” he replies.

“Even worse would be an attempt to carry out a cyber attack against the actual aircraft systems. A modern civilian aircraft is a digital platform. And while it is very difficult to penetrate its systems, it is theoretically possible – with fatal results.”

Tamir Goren, courtesy Israel National Cyber Directorate

But Goren also bears a reassuring message. “The aviation industry is well-aware of these possible threats and is prepared for them. Aircraft manufacturers, airlines, regulators – everyone has a deep focus on this matter.

“An aircraft will not leave the factory without built-in cyber defenses. And the airline purchasing the aircraft must make sure those defenses are operating as they should.”

Aviation cyber defense requires regional and international cooperation. An aircraft taking off from Tel Aviv and landing in London, for example, will appear on the radar of several other countries before arriving at its destination. And all the links share the same interest, of protecting flight safety.  

Goren says that Israel’s Cyber Directorate contributes to the global defense system, and notes the importance of ongoing international discussion and collaboration aimed at improving defense levels.

You might be interested also