The aviation industry expanded exponentially in the last few decades. Air travel is an integral part of the professional and private lives of the global population. Inevitably, with such large growth, the industrial advancements bring a plethora of cybersecurity requirements.

Sustainability and security are this year’s key focuses within the industry, and with good reason. The 2023 Paris Airshow boasted “developments in the global aerospace and defense industry, including new orders and partnerships … for a safe and united world,” as cyberattacks against the industry have increased. Recently, there’s been a surge of attacks, like the one against British Airways (BA) in June 2023 in which Clop ransomware group targeted the organization with a malicious MOVEit file transfer software.

But, how are threat groups able to interrupt and impact global organizations with significant financial backing? Well, within the sector, the use of multiple interconnected systems has shown a shift from what was once a ticket and payment card process to an end-to-end digital air travel journey. Today, passengers buy their tickets online, pick their own seats, tag their own bags, and scan their eyes to get through security — the entire process uses technology that once seemed like science-fiction. Right up to a cockpit, systems are completely interconnected. But, have these advancements within the industry outrun the security of the technology it uses? This leads us to the current void of cybersecurity in aviation, concerning the following three elements.

  1. A growing knowledge gap within the aviation industry when it comes to cybersecurity.
  2. The existence of multiple regulations. This makes it difficult to adapt to the speed of new regulations in a quickly evolving threat landscape.
  3. Multiple stakeholders means data flows constantly back and forth between numerous internal and external systems, leading to regulatory headaches for decision-makers.

Supply chains and third-party risks

Third-party vendors are often used to provide critical infrastructure, services, and software to aviation companies, such as flight planning, maintenance, digital infrastructure and solutions, and navigation systems, to name a few. Any compromise of these vendors can have severe consequences, including disruptions to air traffic, loss of sensitive data, and potential safety risks.

These can also have a rippling effect, with one supply chain compromise impacting multiple businesses and customers at a time.

The 2019 data breach of Cathay Pacific, a Hong Kong-based airline, illustrates this. In this attack, malicious actors gained access to the airline's systems through a third-party vendor and stole sensitive information, including passport and credit card numbers from millions of passengers. This can then be used to develop large-scale phishing campaigns, conduct identity fraud, and pivot to further attacks on individuals, not to mention the regulatory impact this had on the airline.

The industry must take proactive measures to address third-party cyber risks and supply chain attacks rather than being reactive. This means implementing strict security protocols, conducting regular vendor audits, and ensuring all aviation systems and related infrastructure are hardened and secure from potential attacks.

EPP, vulnerability management, and threat intelligence

It’s important for all players in the aviation industry, including third parties, to have the right combination of security measures in place. Endpoint protection, vulnerability management as a service, and threat and risk intelligence are crucial elements that all airports need in order to safeguard against the latest cyber risks targeting the industry.

  • Managed endpoint protection (EPP) allows any threats targeting a large environment to be prevented and contained, mitigating any potential damage.
  • Vulnerability management as a service (VMaaS) can ensure digital estates are never exposed to malicious actors and are protected and always hardened.
  • Threat and risk intelligence (TRI) means artifacts and intelligence from the dark web can be used to give early warning signs, take preventative actions, and even track down the advanced threat actors before they have a chance to launch an attack.

A managed security services provider (MSSP) can help alleviate cybersecurity issues within aviation by providing the necessary expertise to bridge the knowledge gap, assist with regulatory compliance, and streamline data management across the organization — ultimately improving overall cybersecurity posture.