Defend aircraft networks against cybersecurity breaches

The aviation industry is both vast and complex. More … than 45,000 flights and 2.9 million passengers fly through US airspace every day, requiring high-tech tools and extensive communication networks. All of this data and complexity makes the industry a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have fully adopted NIST security standards. As attacks on critical infrastructure and the rapid digitization of industries increase, the aviation industry must reevaluate its standards.

How vulnerable are aircraft networks?

Attacks on aircraft networks can cause immense damage. Airplanes depend on radio signals to navigate and communicate, so cybercriminals could divert flights by interfering with these networks. As airplanes incorporate more Internet of Things (IoT) technologiesattackers gain more potential gateways to infiltrate aircraft control or communication systems.

The aircraft themselves suffer rigorous security and compliance testing, so they may not be the most vulnerable parts of these networks. Air traffic control systems and airline reservation platforms that process large amounts of data on a daily basis are a more likely target. Cybercriminals could infiltrate airport networks to steal sensitive passenger data, such as names and financial information.

These threats are also more than hypothetical, as attackers have already started targeting the aviation industry. In 2018, cybercriminals gained access to 9.8 million passenger data, including passport numbers and credit card details. Upon review, it became clear that the airline had numerous vulnerabilities, such as unprotected backups, outdated software and unpatched internet servers.

Earlier this year, British Airways suffered an attack on its website, exposing thousands of customer data. Air Canada experienced a similar breach via its app. Attacks have also targeted airports, with Bradley International Airport experiencing a DDoS attack in March 2022.

How can aircraft networks become more secure?

In light of these attacks, it is clear that aviation cybersecurity needs to be improved. Aircraft networks are too vulnerable and the potential damage is too great to neglect best security practices. Here are four steps aviation companies can take to protect their planes, data and passengers.

1. Zero Trust Architecture

One of the most important measures to implement is Zero Trust security. Zero trust is a best practice everywhere, with 97% of security professionals agreeing that it improves security outcomes, but it is essential in the aviation industry.

Aircraft networks involve many devices and communications processing different types of sensitive information. Lateral movement between any of these systems could cause extensive damage, so aviation companies must separate them. Since zero trust segments networks by design, it can help in this area.

Verification of all devices and users is another crucial aspect of zero-trust security for aviation. Given the complexity of aircraft networks, especially as aircraft add more and more IoT devices, they need to ensure that nothing goes unnoticed. Zero Trust architecture measures are the only reliable way to achieve this.

2. Complete encryption

Aviation companies need to encrypt customer data on their websites, apps, and other systems. The average amount of data created to manage all the information for a transatlantic flight is approximately 1,000 gigabytes, most of which is customers’ sensitive personal information. If airlines do not encrypt this data, attackers could steal the identity or financial information of hundreds or even thousands of passengers. Given the amount of sensitive data involved, this encryption must be comprehensive. This includes both at rest and in transit.

3. Threat Monitoring

As cybercriminals recognize the value of aircraft networks, airlines must continually monitor these networks. The only reason Cathay Pacific’s massive breach didn’t spell the end of the company is that it quickly uncovered and responded to the irregularities. Quick reactions are essential to minimize damage, which requires continuous monitoring.

Vulnerability management platforms can help by analyzing network traffic and modeling threats. These automated tools can then establish network behavior benchmarks to uncover suspicious activity earlier. They can then alert IT professionals, enabling decisive action, preventing breaches.

Automation and AI will likely have to lead the charge in this area. These networks are too complex and labor shortages too prevalent for any airline to create a sufficient security operations center.

4. Regular Penetration Testing

Similarly, aircraft networks should perform regular penetration testing to ensure their defenses are up to date. As aircraft and air traffic control systems integrate more and more devices, they will become increasingly complex. This can make it difficult to understand vulnerabilities, which is why penetration testing is essential.

These tests will reveal whether airports have glaring vulnerabilities and how they can improve. They will also help them keep abreast of attack trends. Since these facilities could be prime targets for cyberterrorism, gaining this advantage is a vital security measure.

Penetration testing should occur at least once a year to scale with new systems and stay current. Larger or faster growing facilities may even choose to test multiple times per year to stay safe.

Aircraft cybersecurity is crucial

As air travel resumes, aviation companies need to think about their cybersecurity measures. Given the vulnerability of the industry and its status as a high-value target, it is essential to follow these four steps. Failure of aircraft networks to adopt robust security measures could lead to disastrous results.

About the Author: Dylan Berger has several years of experience writing about cybercrime, cybersecurity, and similar topics. He is passionate about fraud prevention and the relationship between cybersecurity and the supply chain. He is a prolific blogger and regularly contributes to other technology, cybersecurity and supply chain blogs on the web.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.

Comments are closed.