Cybersecurity in aviation

Issue 4 2023 Transport (Industry), Information Security

The aviation industry has expanded exponentially in the last few decades. Air travel is an integral part of the professional and privates lives of the global population. Inevitably, with such large growth, the industrial advancements bring a plethora of cybersecurity requirements.

Sustainability and security are this year’s key focuses within the industry, and with good reason. The upcoming 3 day long 2023 Paris Airshow boast ‘developments in the global aerospace and defence industry, including new orders and partnerships […] for a safe and united world’ as cyberattacks against the industry have increased. Recently we have seen a surge of attacks like the one against British Airways (BA) in June 2023, in which the Clop ransomware group targeted the organisation with a malicious MOVEit file transfer software.

But how are threat groups able to interrupt and impact global organisations, with significant financial backing, within the industry? Well, within the sector, the use of multiple interconnected systems has shown a shift from what was once a ticket and payment card process, to an end-to-end digital air travel journey. The moment a ticket is booked, passports are screened, payment information is interrogated; the extensive airport security process uses technology that once seemed like science fiction. Right up to a cockpit, systems are completely interconnected.

But have these meteoric advancements within the industry outrun the security of the technology it uses? This leads us to the current void of cybersecurity in Aviation, concerning the following three element:

1. A growing cybersecurity knowledge gap in the industry.

2. The existence of multiple regulations, making it difficult to adapt to the speed of new regulations and to the quickly evolving threat landscape.

3. Multiple stakeholders, with their data flows constantly back and forth between numerous internal and external systems, leading to regulatory headaches for decision makers.

Supply chains and third-party risks

Third-party vendors are often used to provide critical infrastructure, services and software to aviation companies; comprising elements of the industry, such as flight planning, maintenance, digital infrastructure and solutions, and navigation systems, to name a few. Any compromise of these vendors can have severe consequences, including disruptions to air traffic, loss of sensitive data, and potential safety risks.

These can also have a rippling effect, with one supply chain compromise impacting multiple businesses and customers at a time.

The 2019 data breach of Cathay Pacific, a Hong Kong-based airline, illustrates this. In this attack, malicious actors gained access to the airline's systems through a third party vendor and stole sensitive information, including passport and credit card numbers from millions of passengers. This can then be used to develop large scale phishing campaigns, conduct identity fraud, and pivot to further attacks on individuals, not to mention the regulatory impact this had on the airline.

The industry must take proactive measures to address cybersecurity third party risks and supply chain attacks, and guard against becoming reactive to these threats. This means implementing strict security protocols, conducting regular audits of third party vendors, and ensuring that all aviation systems and related infrastructure are hardened and secure from potential attacks.

EPP, vulnerability management, and threat intelligence

It is important for all operations in the aviation industry, and third parties, to have in place the right combination of security measures. Endpoint protection, vulnerability management as a service, and threat and risk intelligence are crucial elements that all airports needs in order to safeguard against the latest cyber risks targeting the industry.

• Managed endpoint protection (EPP) allows any threats targeting a large environment to be prevented and contained, mitigating any potential damage.

• Vulnerability Management as a Service (VMaaS) offering can ensure your digital estate is never exposed to any malicious actors and is protected and always hardened.

• Threat and risk intelligence (TRI), means artefacts and intelligence from the dark web can be used to give early warning signs, take preventative actions, and even track down the advanced threat actors targeting you, before they even have a chance to launch an attack.

A MSSP can help alleviate cybersecurity issues within aviation by providing the necessary expertise to bridge the knowledge gap, assist with regulatory compliance, and streamline data management across the organisation, ultimately improving overall cybersecurity posture.

Cybersecurity managers, incident responders, and analysts provide a best-class service. SecurityHQ’s CSMs and analysts are highly certified, coming from infrastructure, network, and development backgrounds, and can cover every area of an extensive technology stack. With 24/7/365 global SOCs, incident response around the clock is provided, meaning you are never without protection from malicious actors.

For more information, contact SecurityHQ Southern Africa, +27 11 702 8555, rob@securityhq.com, www.securityhq.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...
New tools for investigation and robust infrastructure security
News & Events Information Security
Cybereason continues to enhance its security platform, with recent updates introducing improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...