The aviation industry may have gotten a break from cyberattacks during the COVID-19 pandemic, but threat actors are turning their attention to the industry now that travelers are returning to airports. The widespread adoption of digital technologies has increased the attack surface of aviation companies, and political upheavals have made airlines a prime target. In this article, we’ll share some of the recent cyberattacks that have occurred on airlines, how the aviation industry is responding, and the major threats still facing the industry.
Recent Cyberattacks Against the Aviation Industry
Like other industries, aviation is equally vulnerable to cyberattacks of the 21st century. Eurocontrol, a European organization focusing on European aviation, publishes the EATM-CERT Aviation Cyber Event Map annually.
The map reports that 52 attacks occurred in 2020 and 48 in 2021 against the aviation industry. Until the end of August this year, there have been 50 attacks. This means that cyberattacks in 2022 have reached the average of 2020 and 2021 within three-quarters of the time.
The most common types of attacks over the past three years have been:
- Ransomware attacks (22%)
- Data breaches (18.6%)
- Phishing attacks (15.3%)
- DDoS, aka Distributed Denial of Service attacks (7.3%)
One of the most alarming trends in recent months has been the increase in state actors attacking both civilian and military aviation targets. According to the Chicago Department of Aviation, FlyChicago.com and other websites associated with O’Hare International Airport and Midway International Airport were taken offline by what is believed to be a Russian-based attack. Although no airport operations were affected, the attack underscores the deep vulnerabilities that exist in the aviation industry.
Chicago airports were not the only airports affected - in total, 14 airport websites were impacted, including Atlanta and Los Angeles international airports. The hacking group Killnet claimed responsibility for the coordinated attacks and posted on the dark web app Telegram a list of state websites it was working to target. Killnet also claimed responsibility for another set of cyberattacks against Estonia and Lithuania.
However, these types of attacks are not the only concern of the aviation industry. In late September, American Airlines confirmed a data breach that impacted a “small number” of customers and employees. The attack occurred because of a phishing campaign that allowed attackers to gain access to employees’ mailboxes. As part of its response, American Airlines committed to providing affected customers with identity theft protection services. Unfortunately, these types of data breaches are becoming commonplace both in the aviation industry and more broadly.
Attack Surface for Aviation Industry and Vulnerabilities
One of the major factors contributing to aviation threats is the large attack surface of the aviation industry. Historically, aviation technology was difficult to target by cybercriminals because detailed knowledge was required to penetrate aviation-specific hardware and software. However, as the aviation industry has modernized, digital technologies have brought sweeping changes and new challenges to the industry.
Free Wi-Fi on planes, in-flight entertainment systems, and digital boarding passes are just some new technologies that are reshaping the industry. Besides these comforts for air passengers, airlines and airports increasingly utilize software to manage their supply chain. Also, airplanes increasingly rely on digital controls to operate effectively, and aviation companies utilize IoT devices and cloud services to enhance their services further.
More and more Americans are also flying now that pandemic restrictions have eased up. Although more than 70% of Canadians and 25% of Americans are considering an electric car for their next vehicle purchase, air travel is still a cornerstone of international infrastructure. The result is an industry adapted for 21st-century air travel demands, increased safety, and performance.
Unfortunately, the result is also a large, sophisticated ecosystem where data has to be shared by multiple groups with different systems. In sum, the total attack surface of the airline industry has increased drastically. Though some of these systems are more vulnerable than others to attack.
For example, remote systems like biometric readers, robotics, IoT sensors and actuators, and cloud systems are major contributors to attack surface area because they inherently require web connectivity to function. Cell phones and bring your own device (BYOD) policies also represent a threat. Nearly 70% of children in the United States now have a smartphone, and 82% of adults do too. Cell phones utilized under a BYOD policy represent a special type of security threat because IT professionals may find it difficult to regulate these devices.
Some other major systems that are particularly vulnerable to bad actors and cyberattacks are:
- Reservation systems
- Airplane Information Management Systems (AIMS)
- Flight traffic management systems, such as; RADAR, Automatic Dependent Surveillance-Broadcast (ADS-B), Global Navigation Satellite Systems
- Flight history servers
- Airline fleet and route planning systems
- Ticket booking portals
- Cabin crew devices
- Digital Air Traffic Controls (ATCs) and other traffic management systems
Although this list is non-exhaustive, it demonstrates that the sophistication of the airline industry, along with its adoption of digital technologies, has significantly increased the size of its attack surface and the number of available vulnerabilities.
Attack Motivations and Perpetrators
Like other industries, aviation has access to high-value information and sensitive data. Air travel is also key to the global supply chain, economy, and social fabric of the entire world. All of these factors help drive some of the attack motivations for bad actors. Frequent perpetrators of aviation cyberattacks include:
- State actors: Hackers or cyber criminals that attack for political reasons
- Advanced persistent threats: These are state-sponsored attackers that try to steal intelligence or other data to weaken countries’ aviation capabilities and improve their own
- Cybercriminals: Attackers that are primarily driven by money. They attack systems for financial gain, often utilizing ransomware and the threat of further damage.
- Insiders: Insiders are dissatisfied employees, ex-employees, or other individuals/groups with access to non-public information and systems. These attackers are particularly dangerous because they may be motivated by monetary gain or revenge
Major Challenges for Aviation Cybersecurity
In order to respond to some of these threats, the aviation industry will need to adopt policies for managing vulnerabilities and preventing attacks. First, sophisticated multi-layer systems must become more secure to ensure their continued operation. Zero-trust principles can easily be applied to airline industry systems and help prevent attackers from spreading their reach once a system is penetrated.
Second, the increased use of commercial software solutions needs to be addressed because commercial software is more easily understood by attackers and bad actors, unlike specialized aviation hardware and software. Software is increasingly moving to a Software-as-a-Service model (SaaS), meaning that software updates happen more frequently and software is often updated on the fly.
Aviation companies will have to adopt best practices for implementing SaaS updates to ensure the highest level of cybersecurity. For example, cloud-based software may be utilized as the backend for rewards programs. Many passengers fly using airline miles that depend on these services, but hackers can target these systems for critical data.
Finally, the Federal Aviation Administration (FAA) and Single European Sky ATM Research (SESAR) are both working to modernize air traffic management systems. The FAA is developing the Next Generation Air Transportation System or NextGen, which calls for networking information technology systems using IP technology. These types of changes should incorporate DevSecOps and other cybersecurity best practices to ensure that they put security first in their development.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.