Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cybersecurity in aviation

Issue 4 2023 Transport (Industry), Information Security

The aviation industry has expanded exponentially in the last few decades. Air travel is an integral part of the professional and privates lives of the global population. Inevitably, with such large growth, the industrial advancements bring a plethora of cybersecurity requirements.

Sustainability and security are this year’s key focuses within the industry, and with good reason. The upcoming 3 day long 2023 Paris Airshow boast ‘developments in the global aerospace and defence industry, including new orders and partnerships […] for a safe and united world’ as cyberattacks against the industry have increased. Recently we have seen a surge of attacks like the one against British Airways (BA) in June 2023, in which the Clop ransomware group targeted the organisation with a malicious MOVEit file transfer software.

But how are threat groups able to interrupt and impact global organisations, with significant financial backing, within the industry? Well, within the sector, the use of multiple interconnected systems has shown a shift from what was once a ticket and payment card process, to an end-to-end digital air travel journey. The moment a ticket is booked, passports are screened, payment information is interrogated; the extensive airport security process uses technology that once seemed like science fiction. Right up to a cockpit, systems are completely interconnected.

But have these meteoric advancements within the industry outrun the security of the technology it uses? This leads us to the current void of cybersecurity in Aviation, concerning the following three element:

1. A growing cybersecurity knowledge gap in the industry.

2. The existence of multiple regulations, making it difficult to adapt to the speed of new regulations and to the quickly evolving threat landscape.

3. Multiple stakeholders, with their data flows constantly back and forth between numerous internal and external systems, leading to regulatory headaches for decision makers.

Supply chains and third-party risks

Third-party vendors are often used to provide critical infrastructure, services and software to aviation companies; comprising elements of the industry, such as flight planning, maintenance, digital infrastructure and solutions, and navigation systems, to name a few. Any compromise of these vendors can have severe consequences, including disruptions to air traffic, loss of sensitive data, and potential safety risks.

These can also have a rippling effect, with one supply chain compromise impacting multiple businesses and customers at a time.

The 2019 data breach of Cathay Pacific, a Hong Kong-based airline, illustrates this. In this attack, malicious actors gained access to the airline's systems through a third party vendor and stole sensitive information, including passport and credit card numbers from millions of passengers. This can then be used to develop large scale phishing campaigns, conduct identity fraud, and pivot to further attacks on individuals, not to mention the regulatory impact this had on the airline.

The industry must take proactive measures to address cybersecurity third party risks and supply chain attacks, and guard against becoming reactive to these threats. This means implementing strict security protocols, conducting regular audits of third party vendors, and ensuring that all aviation systems and related infrastructure are hardened and secure from potential attacks.

EPP, vulnerability management, and threat intelligence

It is important for all operations in the aviation industry, and third parties, to have in place the right combination of security measures. Endpoint protection, vulnerability management as a service, and threat and risk intelligence are crucial elements that all airports needs in order to safeguard against the latest cyber risks targeting the industry.

• Managed endpoint protection (EPP) allows any threats targeting a large environment to be prevented and contained, mitigating any potential damage.

• Vulnerability Management as a Service (VMaaS) offering can ensure your digital estate is never exposed to any malicious actors and is protected and always hardened.

• Threat and risk intelligence (TRI), means artefacts and intelligence from the dark web can be used to give early warning signs, take preventative actions, and even track down the advanced threat actors targeting you, before they even have a chance to launch an attack.

A MSSP can help alleviate cybersecurity issues within aviation by providing the necessary expertise to bridge the knowledge gap, assist with regulatory compliance, and streamline data management across the organisation, ultimately improving overall cybersecurity posture.

Cybersecurity managers, incident responders, and analysts provide a best-class service. SecurityHQ’s CSMs and analysts are highly certified, coming from infrastructure, network, and development backgrounds, and can cover every area of an extensive technology stack. With 24/7/365 global SOCs, incident response around the clock is provided, meaning you are never without protection from malicious actors.

For more information, contact SecurityHQ Southern Africa, +27 11 702 8555, rob@securityhq.com, www.securityhq.com




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Securing your access hardware and software
SMART Security Solutions Technews Publishing RBH Access Technologies Access Control & Identity Management Information Security
Securing access control technology is critical for physical and digital security. Every interaction between readers, controllers, and host systems creates a potential attack point for those with nefarious intent.

Read more...
Phishing and social engineering are the most significant risks
News & Events Information Security
ESET Research found that phishing accounted for 45,7% of all detected cyberthreats in South Africa, with higher-quality deepfakes, signs of AI-generated phishing websites, and short-lived advertising campaigns designed to evade detection.

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...
OT calculator to align cyber investments with business goals
Industrial (Industry) Information Security Security Services & Risk Management
The OT Calculator has been developed specifically for industrial organisations to assess the potential costs of insufficient operational technology (OT) security. By offering detailed financial forecasts, the calculator empowers senior management to make well-informed decisions.

Read more...
Protecting high-value data from AI
CASA Software Infrastructure Information Security Products & Solutions
As artificial intelligence accelerates the speed and sophistication of cyberattacks, protecting high-value data, such as financial records, legal files, patient data, intellectual property, and compliance records, has never been more urgent.

Read more...
Integrated security key to protecting cloud applications
Infrastructure Information Security
Cloud-native applications have transformed the way businesses operate, enabling faster innovation, greater agility, and enhanced scalability. Yet this evolution brings an equally complex security landscape.

Read more...
Factories, grids, and finance: Critical infrastructure cyber lessons of 2025
Asset Management Information Security Industrial (Industry)
Africa has seen an accelerated, large-scale digitisation of our overall industrial base, and this rapid convergence of IT and OT is happening on a foundation that, in essence, was not designed to be cybersecure.

Read more...
Axis signs CISA Secure by Design pledge
Axis Communications SA News & Events Surveillance Information Security
Axis Communications has signed the United States Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge, signalling the company’s commitment to upholding and transparently communicating the cybersecurity posture of its products.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.