The aviation industry expanded exponentially in the last few decades. Air travel is an integral part of the professional and private lives of the global population. Inevitably, with such large growth, the industrial advancements bring a plethora of cybersecurity requirements. 

Sustainability and security are this year’s key focuses within the industry, and with good reason. The 2023 Paris Airshow boasted “developments in the global aerospace and defense industry, including new orders and partnerships … for a safe and united world” as cyberattacks against the industry have increased. Recently, there’s been a surge of attacks, like the one against British Airways (BA) in June 2023 in which Clop ransomware group targeted the organization with a malicious MOVEit file transfer software.

But, how are threat groups able to interrupt and impact global organizations with significant financial backing? Well, within the sector, the use of multiple interconnected systems has shown a shift from what was once a ticket and payment card process to an end-to-end digital air travel journey. The moment a ticket is booked, passports are screened, payment information is interrogated, and the extensive airport security process uses technology that once seemed like science-fiction. Right up to a cockpit, systems are completely interconnected. But, have these advancements within the industry outrun the security of the technology it uses? This leads us to the current void of cybersecurity in aviation, concerning the following three elements.

  1. A growing knowledge gap within the aviation industry when it comes to cybersecurity.
  2. The existence of multiple regulations. This makes it difficult to adapt to the speed of new regulations in a quickly evolving threat landscape.
  3. Multiple stakeholders means their data flows constantly back and forth between numerous internal and external systems, leading to regulatory headaches for decision-makers. 

Supply chains and third-party risks

Third-party vendors are often used to provide critical infrastructure, services, and software to aviation companies, such as flight planning, maintenance, digital infrastructure and solutions, and navigation systems, to name a few. Any compromise of these vendors can have severe consequences, including disruptions to air traffic, loss of sensitive data, and potential safety risks. 

These can also have a rippling effect, with one supply chain compromise impacting multiple businesses and customers at a time. 

The 2019 data breach of Cathay Pacific, a Hong Kong-based airline, illustrates this. In this attack, malicious actors gained access to the airline's systems through a third-party vendor and stole sensitive information, including passport and credit card numbers from millions of passengers. This can then be used to develop large scale phishing campaigns, conduct identity fraud, and pivot to further attacks on individuals, not to mention the regulatory impact this had on the airline.

The industry must take proactive measures to address third-party cyber risks and supply chain attacks rather than being reactive. This means implementing strict security protocols, conducting regular vendor audits, and ensuring that all aviation systems and related infrastructure are hardened and secure from potential attacks.

EPP, vulnerability management, and threat intelligence 

It’s important for all aspects of the aviation industry, and third parties, to have the right combination of security measures in place. Endpoint protection, vulnerability management as a service, and threat and risk intelligence are crucial elements that all airports need to safeguard against the latest cyber risks targeting the industry. 

  • Managed endpoint protection (EPP) allows any threats targeting a large environment to be prevented and contained, mitigating any potential damage. 
  • Vulnerability management as a service (VMaaS) can ensure your digital estate is never exposed to any malicious actors and is protected and always hardened.
  • Threat and risk intelligence (TRI) means artifacts and intelligence from the dark web can be used to give early warning signs, take preventative actions, and even track down the advanced threat actors before they even have a chance to launch an attack. 

A managed security services provider (MSSP) can help alleviate cybersecurity issues within aviation by providing the necessary expertise to bridge the knowledge gap, assist with regulatory compliance, and streamline data management across the organization — ultimately improving overall cybersecurity posture.