Cyber Security: A New Challenge For Aviation Industry
- April 27, 2020
- Hiba Sulaiman
Airports are at the forefront of technological innovation, due to the fact that the number of air passengers increases every year. As a result, airports are required to improve their infrastructure and evolve by offering smart facilities for a better traveling experience. There are new challenges posed to aviation with respect to security, due to the adaptation of IoT at airport facilities and the increasing use of smart devices by travelers and employees. Cybersecurity is paramount in the aviation sector. Smart airports strive to provide services in a reliable manner, by ensuring safety and security. They also hire security testing services to ensure their networks, systems, and applications are safe and sound.
The aviation industry is focusing its attention on preventing attacks on airplanes and at the airport, whereas the biggest dangers may be posed to computer systems. Cyber attacks are a great threat to the aviation industry. These attacks can cause millions of pounds in damages, and can even enable devastating impacts on the public. Security vulnerabilities also allow terrorists to achieve their goals without having to hijack a plane physically. In the last few years, the aviation industry has seen a number of devastating attacks.
The Bristol Airport Attack
Majority of these attacks were low key. In 2018, there was a ransomware attack on the electronic flight information screens at Bristol Airport. The screens were immediately replaced with whiteboard information and airport security deployed more staff members to deal with the situation. Although flights were not affected, the airport officials advised passengers to arrive earlier than normal to cover for any delays in their flights. The IT systems were taken down, and criminals claimed the restoration of these systems only once the ransom was paid. Instead, officials at Bristol Airport decided to build their own system from the ground.
British Airways Data Breach
In 2018, British Airways announced that their system was hacked and the credit card information of roughly 380,000 passengers had been stolen. According to GDPR guidelines, the penalty for a company hit with a breach would pay either £17 million or 4% of global turnover, whichever is greater. So, British Airways had to pay a fine of $230 million for this breach.
This instance was just a single attack but the aviation industry is up against something much more serious. The aviation industry faces a number of attacks on a daily basis and is one of the favorite targets for cyber-attackers. Thus, it becomes important for airlines to hire security testing services. The most serious threat actors include hostile attacks to crucial information that calls for aviation safety or cause significant disruption to national and international transport networks. Airlines and airports are a part of a nation’s critical national infrastructure, providing essential transport services that can be targeted for cyber-attackers. The nature of these attacks depends on threat actors and their capabilities to attack. Some cyber-criminals also seek financial gains while others may only aim to cause temporary disruption to the victims.
Gaining Access to Critical Information
The increasing sophistication of cyber threats is one of the major concerns for the aviation industry as airports are not immune to the latest cyber threats and attacks. By breaching an airport system passengers could expose personal data, impact security checks, affect back-office systems, and much more. This could impact the entire airport operation. All these changes are due to the reliance of airports on technologies to remain connected including the cloud, integrated systems, and IoT devices to increase efficiencies. It has also opened new doors to vulnerabilities including security breaches, malware, phishing attacks, and social engineering tactics, identity theft, and much more.
Impact on Customer Confidence and Brand Reputation
These attacks can have ripple effects beyond the fines, they impact customer confidence and brand reputation. This is why security testing services are important to protect critical customer information including credit cards, identification numbers, and bank accounts, etc. to keep all aspects of traveling more secure. Besides the credit card data, there is a black market for frequent flyer data. It is now possible to access hundreds and thousands of airline miles available at a fraction of the cost they would be willing to pay to the airlines or credit card companies. These miles can be used to redeem gift vouchers or point-based rewards. Additionally, these miles can also be resold and put toward bonus offers.
This resale market has created a demand for threat actors to crack the frequent flyer accounts. They can use software to spot behavior-based anomalies such as repeated password reset requests for the same account, or login attempts from an unknown location, etc. Customers can be alerted before the threat actors can access their critical information. This process begins with the collection of data and tracking every incident, whether it is threatening to a cyber attack. By using machine learning and analytics, testers can learn the behaviors that are beside the norm and they can take corrective actions to stop the activity or prevent any loss due to data theft. Thus, airlines and airports should rely on security testing services to improve their security stature.