Aviation Cyber Security in The Digital Age

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 734

Sofema Aviation Services (SAS) www.sassofia.com looks at the current cyber climate and considers the challenges which the industry faces.

Aviation cyber security may be considered as the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks. It aims to reduce the risk of cyber-attacks and protect against the unauthorised exploitation of systems, networks and technologies.

The possibility for malicious aviation cyber acts continue to threaten the integrity of the aviation system and the potential grows almost daily. A continuing challenge is a task of identifying potential cyber vulnerabilities across many different and often complex aviation systems, some integrated and some disparate.

Whilst the current threat of cyber-attacks linked to terrorism in the aviation industry is assessed as low, the potential for opportunistic malware types of cyber-attacks is ever-present.

Bad actors will continue efforts to exploit any vulnerabilities in Aviation systems for financial gain as well as the opportunity to inflict reputational damage or even just general disruption.

The outcome of such cyber-attacks raises the potential to incur significant costs which will ultimately have to be borne by our industry.

The challenge for civil aviation organizations is to identify the cyber risks faced by a particular business area, to analyze in accordance with the companies framework of acceptability and to make any recommended risk mitigations to address unacceptable risk.

Where are the Vulnerabilities to Aviation Cyber Attacks?

Any IT application used in support of aviation has potential for exposure and can cause any number of associated issues:

» Closing down the information flow to board passengers
» Passengers forced to queue for long periods related to check-in/Security/Passport Control
» Unable to move aircraft on the airport 
» Aircraft stuck on stand awaiting loading or catering
» Baggage delays
» Customs Delays

Developing a Business Continuity Mindset

To be fully effective staff should be trained in the use of the Business Continuity Plan (BCP). A business continuity mindset recognizes that we will have negative issues which will occur and to develop the best available recovery plan:

» Understand the full impact of the attack
» Identify priority tasks to mitigate or reduce the impact of the attack
» Stakeholders should fully recognize their immediate tasks
» Implement an effective communication plan so that situational status is shared with all stakeholders
» Plan for return to normal working at the earliest opportunity

Note that full recovery could take a considerable period so different scenarios should be considered & practised

Next Steps

Sofema Aviation Services (www.sassofia.com) & Sofema Online (www.sofemaonline.com) is now taking reservations for the following course https://sassofia.com/course/easa-compliant-organizational-cyber-security-responsibilities-1-day/

Please email team@sassofia.com for details.

Last modified on