According to ICAO, the first half of 2023 saw a 24% surge in aviation cyber attacks worldwide. In addition, the rate of unique malware attacks increased by 50% between October 2022 – January 2023. This reflects the overall trend across industries, as IT systems become more interconnected and new technologies such as the Internet of Things (IoT) present new risks.
This article explores the threats to aviation and aerospace cybersecurity, the impacts of cyber attacks, and a few tips on how organisations can protect themselves.
What Are the Threats to Aviation Cyber Security?
Network and System Vulnerabilities
In the aviation industry, network and system vulnerabilities pose significant risks that can be exploited by malicious actors. These weaknesses may be found in critical communication systems, air traffic control networks, or even within the aircraft themselves. When attackers take advantage of these vulnerabilities, the consequences can be severe, leading to data breaches, operational disruptions, and potential safety threats.
Most Common Types of Attacks
According to a systematic literature review on aviation cyber security challenges, the most common types of attacks are malware and ransomware, DDoS attacks, and those resulting from phishing.
Malware and Ransomware
These malicious programs can infiltrate essential systems, bringing aviation operations to a standstill until a ransom is paid. A specific type of malware that was involved in 4% of the attacks studies is a worm attack.
Worm Attacks
A worm is a type of malware designed to self-replicate and spread across networks without requiring human intervention. Unlike viruses, which need to attach themselves to existing files or programs, worms exploit vulnerabilities in operating systems or applications to propagate.
Worms can spread through various methods, including email attachments and malicious websites. Once a worm infects a system, it can consume bandwidth and resources, leading to network slowdowns or crashes. Other consequences include data loss, unauthorised access to sensitive information, and the deployment of additional malware.
A notable example was the ILOVEYOU worm which, in 2000, affected organisations worldwide and caused over USD 10 billion in damages.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks present another serious challenge, overwhelming systems with excessive internet traffic and rendering them inaccessible to users. For aviation organisations, a successful DDoS attack can disrupt critical online services, from booking platforms to check-in kiosks to flight information displays and beyond, leading to significant operational setbacks and frustrated passengers.
Phishing and Social Engineering
Cybercriminals often exploit human vulnerabilities through phishing and social engineering tactics. Deceptive emails, phone calls, or messages are used to trick employees into giving out sensitive information or inadvertently granting unauthorised access to systems.
Insider Threats
A related challenge is the risk of insider threats, which arise from employees or contractors who have authorised access to systems. Whether intentional or accidental, misuse of this access can compromise sensitive passenger data, operational plans, and even flight safety.
Bot Attacks
Also accounting for 4% of the attacks studied, bot attacks involve the use of compromised computers, known as bots or zombies, that are controlled by an attacker. These bots are typically part of a larger network known as a botnet, which can be used to execute various malicious activities.
Botnets can be used for a range of purposes, including launching DDoS attacks, sending spam emails, and stealing personal information. Attackers can remotely control the bots to perform coordinated actions across many infected devices.
The scale of bot attacks can lead to significant disruptions, such as overwhelming a target’s servers with traffic during a DDoS attack or compromising a large number of accounts for data theft. The anonymity provided by botnets makes it challenging to trace the source of the attack.
Aerospace Cyber Security Threats
Can Aircraft be Hacked?
In 2017, a team of researchers hacked into a legacy Boeing 757 commercial aircraft. The team accessed its systems through radio frequency communications. WiFi, IoT, and GPS are other technologies that attackers can leverage, and passengers’ own devices increase the attack surface.
The Security of Embedded Systems
Avionics systems provide control of flight functions, navigation, weather and positioning data, communications, and so on. As such, the consequences of such attacks can be severe.
Increasing integration between software and hardware in avionics systems increases the risk of attacks. With embedded systems, attacks may initially target the operating system and other low layers. Wired communications are more secure that the Avionics Wireless Network (AWN).
What Are the Main Motivations for Aviation Cyber Attacks?
The review suggests that the theft of intellectual property and intelligence may be the most common motivation. Of all the attacks studied in the review we mentioned earlier, 71% were focused on stealing login details and hacking to gain unauthorised access to the IT infrastructure. DDoS attacks accounted for 25% of those studies, and 4% sought to corrupt the integrity of files by intercepting them at-rest or in-transit.
Other Motivations
Financial gain is another common motive. Cybercriminals may target airlines and airports to steal sensitive data like credit card information, passport details, and loyalty program credentials that can be sold on the dark web or used for fraudulent activities.
Ideological and political motivations also occur, whereby hacktivists and cyber terrorists attack airlines and airports to further their agendas. They may target specific countries or companies to inflict reputational damage, protest policies, or sow fear and chaos.
What Are the Potential Impacts of Aviation Cyber Attacks?
To reiterate, here are the potential consequences of cyber attacks.
Operational Disruptions
Cyber attacks can cause severe operational disruptions. For example, a compromised flight management system can lead to flight delays or cancellations, affecting thousands of passengers. Ground operations, such as baggage handling and maintenance scheduling, can also be disrupted, creating a domino effect of delays and inefficiencies.
A DDoS attack affecting LOT Polish airlines’ systems at Warsaw Chopin airport prevented flight plans from being sent to aircraft. This led to the grounding of more than 10 flights, with around 1,400 passengers stranded.
Safety Risks
In the worst-case scenario, cyber attacks can pose direct safety risks. If attackers gain control of flight management systems, communication networks or avionics systems, they could potentially interfere with flight operations, endangering the safety of passengers and crew.
Financial Losses
The financial impact of cyber attacks on aviation can be enormous. Direct costs include ransom payments, regulatory fines, and legal fees, while indirect costs encompass lost revenue from disrupted services, increased insurance premiums, and the cost of restoring and securing systems. Additionally, airlines may face compensation claims from passengers affected by the disruptions.
Reputational Damage
Cyber attacks that compromise passenger data or disrupt services can significantly damage an airline’s reputation, eroding customer trust and loyalty. This can take years to repair and can have long-term financial implications.
How Can Aviation Organisations Protect Themselves from Cyber Threats?
Aviation organisations must implement comprehensive cyber security measures to protect themselves. This includes performing regular security audits and penetration testing to identify and address vulnerabilities and using strong encryption to protect sensitive data. Developing incident response plans is necessary for ensuring swift action in the event of a cyber attack, and these plans should be frequently reviewed and updated.
Develop a Cyber Security Culture
Creating a cyber security culture is crucial for preventing attacks resulting from the likes of phishing. This can include conducting regular training to educate employees about cyber threats and safe practices, as well as broader awareness campaigns to reinforce the importance of cyber security.
Collaborate with Industry Stakeholders
Collaboration with industry stakeholders is essential for a robust cyber security posture. This includes working with other aviation organisations and cyber security experts to share threat intelligence and best practices, as well as government agencies and regulatory bodies to ensure compliance with standards.
Use Secure Aviation Management Software
Ensuring the security of aviation management software is vital. This includes:
- Regular updates and patching: Keeping software up-to-date with the latest security patches to protect against known vulnerabilities.
- Access controls: Implementing strict access controls to limit who can access and modify sensitive data.
- Data integrity checks: Regularly checking the integrity of data to detect any unauthorised changes.
- Secure software development practices: Following secure development practices ensures that software is free from vulnerabilities from the outset.
At Zafire, our aviation management software always employs the most up-to-date security protocols as per industry standards.
Conclusion
There are many cyber attackers out there with different motivations for targeting aviation organisations. Everyone must be proactive in raising awareness on the latest risks and best practices for mitigating them.
Implementing comprehensive protection strategies helps organisations to safeguard their operations, maintain passenger trust, protect their profits, and most importantly, ensure passenger safety.
To learn more about how our aviation software can enhance operational efficiency – in the most secure manner – contact us today.
