Cybersecurity threats in aviation

Cybersecurity threats can result in many negative outcomes for airlines and airports if they are not dealt with effectively.  

Jake Moore, global cybersecurity advisor at digital security company eset, says: “Ransomware threats, which are apparent in all businesses, are a serious headache for airlines as flights could be grounded, which would hugely damage finances with the small profit margins the airlines work on.  

“Airlines have previously gone bust as a result and they do not have much of a contingency. They do lots of simulations and training, but many companies do not.  

“It was only recently I was going through an airport, and I realised how much is now automated, unmanned systems. The more unmanned devices or systems there are, for example ticketing and baggage operations, the more threats are attracted.”

There have been large-scale cybersecurity threats that have impacted airports and airlines, affecting many of their customers as a result.  

“Airports cause international disruption and I think that increases them as a target, they create big news,” adds Moore.  

“This is not just about the money there are so many motivations, financial motivators, political motivators. They are full of personal identifiable information, they are a hub of information including payment details.”

In 2018, a data breach impacted 380,000-500,000 customers of British flag carrier British Airways. The data breach involved login details, payment card details, and travel booking details being compromised. This data breach went undetected for over two months.  

As credit card details were being entered, this data was being stolen. It is clear that there was a difficulty in the system which was not checking a particular area in the network.  

“These payment system attacks create multiple victims who are not a part of the airport. The airports are open, and the planes are flying but there are thousands of people’s details flying around the dark web,” adds Moore 

“I believe that there was an oversight from a human, someone made a judgment error. Does that fall down on one person? I don’t think so. This is an oversight that happened because we’re humans.  

“We have an immense amount of work going on behind the scenes and they are doing their best to keep people’s lives, data, and money protected.”

When people use airlines, it is likely that they only use it twice a year on average and for this reason are more likely to use the same password which they use for other things as opposed to creating a new one. This increases the likelihood of a data breach being successful.   

Moore notes that there is a huge physical security presence in airports, which includes taking shoes off and belts off as passengers go through security checks. This is to manage physical threats, but it can also be linked to digital threats if there is an insider threat.  

There are tens of thousands of people working in the aviation industry who could be manipulated or ignore their duties in terms of security checks.  

Ultimately, cybersecurity threats do occur and while some are more preventable than others there are staff members who work to make sure these issues do not go unnoticed. Training costs airports and airlines time and money but once training is completed it needs to be revisited again. Airports and airlines are increasingly aware that these processes should not be overlooked.