Aviation traffic management (ATM) systems were relatively secure due to the bespoke nature of their design, isolation from other systems, and little in the way of communication protocols. But ATM is no longer isolated, and ground services and supply chains are becoming fully integrated into an interconnected world, warns a report on aviation cybersecurity from the Atlantic Council.
According to the report, aviation operates within a naturally hazardous environment; it has statistically become one of the safest modes of transportation is a credit to all who work within the industry. But the aviation industry is en route to becoming fully digital, and ‘will likely experience cybersecurity challenges similar to other industries that have embraced the ‘digital revolution”. “Aircraft are now complex data networks, yet the ability to monitor them arguably lags behind comparable ground-based networks — as does the ability to avoid and respond to potential cybersecurity incidents.” Digitization and innovation go hand in hand as airlines and aircraft manufacturers seek greater efficiency. According to the report, ‘vulnerabilities will be found where they were not anticipated, adversaries will attack that which was not predicted, and systems which ‘cannot fail’ — can fail’.
The margin for error is small; the report notes that in June 2017 British Airways suffered an IT failure, caused by the misoperation of an uninterruptable power supply, it resulted in 726 flight cancellations, some 75,000 stranded passengers, and total costs of around £80m.
As the domains of aviation and cybersecurity increasingly overlap, the common goals of safety, resilience, and trust can be achieved sooner by working together. Preserving aviation’s strengths relies on clear definition of governance and accountability and recognition of shared responsibility across the supply chain. There will be a key role for the International Civil Aviation Organization (ICAO).
For the full 80-page report click here. It drew on some UK expertise such as from the regulator the Civil Aviation Authority (CAA). Aviation Cybersecurity – Finding Lift, Minimizing Drag, was authored by Pete Cooper and underwritten by the defence product manufacturer Thales Group.
Separately, Israel-based cyber security firm Naval Dome has signed a Memorandum of Understanding (MoU) with Lloyd’s Register (LR), which offers engineering and professional services. The MoU is aimed at establishing standards and guidelines for maritime cyber defence. LR will carry out a series of tests using the company’s cyber security software onboard a LR-classed vessel.
Ran Merkazy, Vice President – Product & Services Innovation (CTO Group), LR, said: “The objective is to establish standards around cyber defence in the maritime space, utilising Naval Dome’s expertise. We will then test the system with our customers to make sure that it provides the requisite level of security without disruption to their systems and operations. The company has the right credentials and an excellent understanding of the maritime intelligence sector to be able to provide the advice we need to develop concise and effective guidelines for preventing system and data security breaches at sea.”
And Itai Sela, Chief Executive Officer, Naval Dome, said: “The lack of guidelines and standards for creating a more secure maritime environment is the shipping industry’s Achilles’ heel. With human operator error the cause of a significant number of security breaches, the MoU we have signed with Lloyd’s Register will help create a more effective end-to-end solution for cyber defence.”
