Over seven million lines of computer code control each and every aircraft from take-off to landing. But the aeroplane is only the most visible piece of a very complex system ranging from global air traffic control systems, international logistics and more.
There is definitely an awareness of the mounting risk to the industry posed by cyber security threats given the widening attack surface created by the increased collaboration and information sharing amongst airlines, airports and air traffic management companies.
With operations and supply chains spanning the globe, a major potential source of cyber issues for the airline industry is the Federal Aviation Administration’s (FAA) modernisation of air traffic control, notably the Next Generation Air Transportation System or NextGen. The current system is 40 years old and relies on radar, which provides limited connectivity. NextGen seeks to improve network efficiency by using GPS (global positioning system) that is software-based and connected to the Internet. While it’s widely accepted that this transition is needed to modernise our air traffic control systems, the General Accounting Office has voiced concern that implementing a system with Internet connectivity brings with it greater threats to security.
It is true that overall, security procedures to date have been effective, safely integrating the many technological advances introduced to aircraft and airlines. Yet the industry continues to see major technological advances that contribute to the complexity of protecting data and assets. Two of these are tablet-based electronic flight bags (EFBs) and the installation of in-flight entertainment and Wi-Fi connectivity systems (IFEC).
The industry is trying to address this. In September a task team is set to present their recommendations on a declaration on cyber security to the International Civil Aviation Organisation (ICAO), when this United Nations body meets for its regular triennial gathering. What these recommendations are set to do is develop a standard methodology to detecting, protecting, and mitigating the aviation industry from cyber threats, and by signing the declaration it would send out a clear message that signatories from member states are taking the issue seriously.
This is not the end of the story, though it creates an industry-wide basis from which cyber security in the sector can be more closely monitored and pro-actively approached and defended against.