Cyber security threats faced by the aviation industry from cyber criminals are among the sector’s most serious challenges. A major attack not only compromises passengers’ safety, but also has the potential to wreak major-scale havoc on major transport hubs worldwide and lead to huge numbers of delays, flight cancellations and heightened security alerts, resulting in massive financial and commercial damage.

Although media focuses on terrorism as the main threat because of the associated fear of loss of life, disruption and chaos, the most likely threats to aviation are from the same sorts of threats that affect other businesses, such as phishing attempts, data breaches or ransomware.

According to a 2019 SITA report Air Transport IT Insights, airline CIOs are focusing their IT strategies on digital transformation, with cloud services (100%) and cyber security initiatives (96%) being the greatest areas for investment. The report found cyber security as a high priority, ranking second on the agenda of airline CIOs, with 86% having a major cyber security program in place and another 10% running a pilot. 

In the report SITA highlighted an emerging technology trend showing 72% of airlines are prioritizing ‘threat intelligence’ investment to help them collect and analyze threat data.

Parallel to the industry’s challenge in dealing with the cyber security threat is the need to take the necessary steps to overcome the widely acknowledged skills gap in cyber security. 

According to the SITA air transport report, investing in ‘employee awareness and training’ is a key component when it comes to improving cybersecurity – with 79% of airports stating it as an investment priority.

In developing their cyber security strategy, aviation businesses need to understand their supply chain and ensure their own cyber security is robust and reliable. They need to know who has access to which systems, and make sure that vendors have the right practices and procedures in place to deal with the cyber threat. There are several steps the industry can take to secure infrastructure, mitigate risk and ensure resilience in the face of the growing cyber threat.