Even though it’s always the goal to prevent cyberattacks on aviation systems, the reality is that connected aircraft, while making things more efficient and robust, also opens the window for systems to be compromised. So, cybersecurity professionals and IT experts understand it’s not a matter of if aviation companies will experience a breach, it’s when – and how resilient they are to minimize damage and keep systems operational. Due to the safety-critical nature of aviation, cybersecurity measures are imperative. This ever-growing need for aircraft manufacturers, integrators, and operators to secure their on-board systems has created a cybersecurity market boom.
Current Needs and Gaps in Cybersecurity for the Aviation Sector
While there are many enhancements for operators and passengers from connected aircraft, digitization, and emerging technologies such as the cloud, artificial intelligence (AI), and the Internet of Things (IoT), this interaction with a larger network, unfortunately, makes airline operations and aircraft more prone to cyberattacks.
Without a shared digital ecosystem and cybersecurity protocols, including third-party vendors, aviation companies remain vulnerable. For instance, United has more than 30,000 suppliers, and the company executed some of those contracts before considering cybersecurity measures. Boeing stated at Aviation Week’s MRO Americas Conference, ransomware incidents in the aviation supply chain were up 600% in a year.
In a recent interview, Lisa Plaggemier, executive director at the National Cybersecurity Alliance (NCA), warned that cyber-criminals are targeting aviation and other areas where they can secure a high-impact attack.
Additionally, cybersecurity intelligence nonprofit Aviation ISAC’s CEO Jeffrey Troy said there are geopolitical causes of attacks and “hacktivists” motivated to attack the aviation industry in support of a political agenda.
Finally, the U.S. government’s official designation of aviation and aerospace technology as critical infrastructure, significantly increases the risk of attack.
Government Issues New Strategies and Requirements for Aviators
In recognizing these shifts and threats, the Biden-Harris administration issued the National Cybersecurity Strategy in March 2023. This strategy shifts the burden of cybersecurity to organizations best positioned to reduce risks for all, and outlines how to make our digital ecosystem defensible, resilient, and values-aligned. Central to the National Cybersecurity Strategy is defending critical infrastructure, which now includes aviation and aerospace. Minimum cybersecurity requirements in critical sectors, harmonizing regulations to reduce the compliance burden, enabling public-private collaboration, defending and modernizing Federal networks, and updating Federal incident response policy are all key objectives.
Also, in March 2023, the Transportation Security Administration (TSA) issued a cybersecurity amendment for security programs of TSA-regulated airport and aircraft operators, extending similar performance-based requirements also applied to other transportation systems. The amendment requires TSA-regulated entities to:
- Develop network controls and segmentation policies to ensure continuous operation if the information technology system is compromised.
- Create access control measures to prevent unauthorized access.
- Adopt continuous monitoring and detection procedures.
- Apply security patches and updates for all technology systems, including applications, drivers, and more, in a timely manner.
Cybersecurity Market Boom in the Aviation Sector
The need for the cybersecurity market to safeguard operations naturally grew as the aviation industry increasingly became reliant on internet-connected systems for ground and flight operations.
In 2022, the global aviation cybersecurity market reached $4.3 billion. Analysts expect that by 2028, it will reach $6.5 billion for a 7.13% growth from 2023-2028. As aviation companies grapple with increased passenger traffic, new mandates for cybersecurity policies and strategies, and heightened susceptibility of interconnected systems and networks, they seek to manage cyber vulnerabilities to reduce the number of attacks.
Solutions include:
- Threat Intelligence and Response
- Identity and Access Management
- Data Loss Prevention
- Security and Vulnerability Management
- Managed Security
Performance Prioritizes Cybersecurity
At Performance, we understand the importance of cybersecurity. Over the last 25 years, we have worked closely with leading aerospace, space, and defense companies developing secure and certifiable solutions for nearly every part of the aircraft. Our highly skilled engineers work diligently to develop solutions using the highest security standards, ensuring safety, security, and reliability. Connect with us today to learn more about our cyber-resilient hardware and software development as well as our vulnerability assessments for safety-critical solutions.
