Data Breaches in Aviation
Cyberattacks are ubiquitous across many industries. Now that the aviation industry has embraced the benefits generated by a digitally connected world, it is now increasingly susceptible to the same cyber threats that have breached banking, retail, healthcare, and online businesses. The business impacts of those breaches are severe—the average cost of a data breach in North America is $1.3 million—and they are occurring at a record pace.
The stakes are high in aviation as data breaches can impact the safety of the 400 million passengers each year. By opening their operations and aircraft up to the benefits of a digitally connected world, it also creates the window for data breaches to occur. Where once aviation systems were relatively insulated from other systems and custom designed for aviation, today they interact and rely on a network that makes aircraft more vulnerable to attack. This situation has led 85% of airline executives to view cybersecurity as a significant risk, according to a PwC survey.
Aviation Cybersecurity Challenges
There are several reasons why improving cybersecurity is a challenge for the aviation industry.
First, aviation is an industry that crosses international boundaries and there is no consensus about the priority of the threat and the current risk level. To effectively secure systems, a minimum standard that all countries, airlines, and governments adhere to is required. The International Air Transport Association (IATA) proposes the development of a global security system with “an end-to-end risk-based approach” in collaboration with regulators and airlines.
The aircraft has become one node in a more complex network that includes everything from airport ground services networks to in-flight entertainment systems to a passenger’s smartphone. So, while aviation’s digitization has been lauded for its benefits, there’s no doubt this has enabled significant cybersecurity threats.
Finally, the attack surface in the avionics industry is unique compared to other industries. Aircraft as an endpoint have complex and heterogeneous “signatures.” Multiple systems comprise an aircraft, including flight management systems, flight control systems, onboard entertainment systems, and more. These systems are developed by multiple OEMs against varying standards including evolving cyber-threat standards.
Not If, But When Cyberattacks Will Occur
Although the goal remains to create secure systems, aviation IT specialists and cybersecurity experts agree that breaches are ultimately inevitable. That’s why it’s paramount to create a cyber strategy that minimizes the impact of an attack, improves detection methods and expedites recovery from these breaches.
In the next blog in our Cybersecurity and Aviation series, we will look at preventative measures to deter cyber attacks from occurring in the aviation industry.
You can see more on our work in this field in this recent article from Aviation Weekly.
Looking for more insight? Learn how you can protect your aviation systems from cyberattack by contacting Performance Software today.