The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers pass through US airspace every day, requiring high-tech tools and extensive communications networks. All of this data and complexity makes the industry a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have fully adopted NIST security standards. As attacks on critical infrastructure and the rapid digitization of industries increase, the aviation industry must reevaluate its standards.
How vulnerable are aircraft networks?
Attacks on aircraft networks can cause immense damage. Airplanes depend on radio signals to navigate and communicate, so cybercriminals could divert flights by interfering with these networks. As aircraft incorporate more Internet of Things (IoT) technologies, attackers have more potential gateways to infiltrate aircraft control or communication systems.
The aircraft themselves undergo rigorous security and compliance testing, so they may not be the most vulnerable parts of these networks. Air traffic control systems and airline reservation platforms that process large amounts of data on a daily basis are a more likely target. Cybercriminals could infiltrate airport networks to steal sensitive passenger data, such as names and financial information.
These threats are also more than hypothetical, as attackers have already started targeting the aviation industry. In 2018, cybercriminals accessed the data of up to 9.8 million passengers, including passport numbers and credit card details. Upon review, it became clear that the airline had numerous vulnerabilities, such as unprotected backups, outdated software and unpatched internet servers.
Earlier this year, British Airways suffered an attack on its website, exposing thousands of customer data. Air Canada experienced a similar breach via its app. Attacks have also targeted airports, with Bradley International Airport suffering a DDoS attack in March 2022.
How can aircraft networks become more secure?
In light of these attacks, it is clear that (Read more…)