Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

Improving ICS Cybersecurity for Aviation

Rob Hulsebos, ICS Security Engineer | November 2, 2018

The aviation sector is a massive industry, generating $704.4 billion of GDP per year (ATAG, 2018). To put this into perspective, if the collective aviation industry were a nation, it would rank 20th in the world in terms of gross domestic product (GDP). In 2017 alone, air transport carried over 53 million tons of freight and over 3.8 billion passengers (IATA, 2017). These monumental figures underscore how important the average airport hub is to the world economy and why cyber security is a critical concern for any stakeholder affiliated with, or dependent on, aviation and air travel as we know it today.

The Goal: Improve Customer Experience and Bottom Lines

For the aviation industry, digitalization of operations presents airports and airlines alike with a huge opportunity to reduce flight delays, improve customer experience and boost their bottom line. Ultimately, ICS cybersecurity, as it applies to the many applications within aviation, has a huge part to play in improving the traveler’s experience.

This is why initiatives like the Single European Sky ATM Research program (SESAR) and the United States NextGen program are paving the way to digitize, streamline and automate everything from, air traffic management systems to BAS resiliency.

Although the digitalization of airport and aviation applications will improve the average traveler experience, we can’t ignore that these new gains in efficiencies will also present new vulnerabilities that must be managed.

Today’s Cyber Threat Landscape

It’s important to understand that cyber criminals are constantly innovating. When it comes to the cyber world, malware writers are hard at work finding new ways to infiltrate critical infrastructure networks. Recent news headlines highlight how the aviation industry has been increasingly targeted by such attacks.

Improving ICS Cyber Security For Aviation 1

Aviation cyber-attacks 2016-Present

In the table below, we can see a simplified list of the threats that can affect the aviation industry and the possible impacts:





Compromise of the public-facing host to use it as a gate to gain access

Malicious operations camouflage, personal data theft

Disgruntled Employee

Selling unauthorized access

Privacy & confidentiality issues, lateral movement for Advanced Persistent Threats

Cyber Criminal

Attack to commercial networks / passenger management networks

Financial loss

Competitor / Hacktivist

Attacks to HVAC or passenger management systems

Airport service disruption

Competitor / Hacktivist

Attacks to ground side systems like baggage handling

Service disruption, block on ATM services, crisis state

Foreign State

ATM Support Systems DDoS or Takeover

Malicious operations camouflage, incidents through misguiding surface objects


Violation of vehicle routing systems or landing queues monitoring

Malicious operations camouflage, provision of bad data to cause incidents or outages


GPS spoofing, ADS-B spoofing, NAV or landing aids disruption, datalink networks sabotage

Diverting traffic to different flight space, flight delays or cancellation, potential cata-strophic attack like Sept. 11th

So, why are threats in the aviation sector growing so fast? In short, there’s a lot to target if you’re a cyber criminal.

The aviation sector is a critical and potentially lucrative target for hackers and state-sponsored cyber warfare initiatives. Disrupting operations of any airport building automation system (BAS) for example, even for a handful of hours, could result in millions of dollars of lost revenue for airlines and related vendors.

Additionally, air transport consists of exceedingly complex operations that orchestrate a multitude of critical systems, including air traffic management (ATM), air fleet management, APRON and tarmac operations, airline operations center (AOC) networks, luggage and goods management, surveillance and many others. Securing all these systems is no small feat.

Digitalization, as we know, presents new threats and vulnerabilities. These are inevitable and manageable with improved visibility and threat detection solutions.

At SecurityMatters, what we observe is that most threats affecting various aviation-related applications target industrial control and process control networks. Additionally, traffic control networks for ATM resemble traditional ICS networks in many ways, from their reliability requirements to their usage of specific protocols. This makes a holistic, scalable cybersecurity strategy that utilizes technologies that excel at industrial threat detection critical for both aviation risk management and process optimization.

A Holistic ICS Cybersecurity Strategy for Aviation

After air transport stakeholders fully understand the various threats and vulnerabilities that can affect their networks, they need to develop a strategy to manage and mitigate them. One of the best approaches is the Defense in Depth strategy, which basically means multiple layers of defense are distributed throughout the network. The exhibit below highlights the approach.

Improving ICS Cyber Security For Aviation 3

When air transport stakeholders implement this strategy, the impact of an accidental security incident or a malicious attack is contained to the zone where it began.

Increasing ICS Visibility & Threat Detection with SilentDefense

When implementing a Defense in Depth strategy, asset owners will need to gain complete visibility into the network assets to understand what devices sit where and the vulnerabilities of each. One of the best ways to do this is by implementing a non-intrusive ICS network monitoring tool.

These monitoring solutions are invisible to the network and have no impact on running processes and equipment. They collect asset information such as type, version, location, configuration changes and vulnerabilities by listening to traffic already traveling through the network. Because of the automated and passive nature of this method, you can continuously track asset information and behavior in real time. This greatly improves the ability to detect:

  • Device and network information
  • Device vulnerabilities
  • Operational threats, including network connectivity issues
  • Device malfunction and misconfiguration
  • Dangerous process operations
  • Use of insecure protocols and default credentials
  • Advanced cyber-attacks and exploit attempts

Device information and alerts about any potential threat to operational continuity are delivered to a central management platform in real-time. From there, they can be escalated appropriately within the organizational ecosystem.

This gives aviation asset owners total ICS visibility and a clear path towards achieving true cyber resilience.


Leveraging a converged IT/OT infrastructure offers stakeholders in the aviation industry a competitive advantage, but only if cyber or operational incidents can be identified and prevented.

The benefits of ICS visibility for air transportation systems include:

  • Complete asset transparency
  • A significant reduction in OT management workloads and costs
  • Lower business risk through cyber and operational incident prevention
  • Simplified compliance

To learn more about how SilentDefense can help aviation asset owners secure their networks, schedule a demo with one of our cyber resilience experts or read our solution brief for ICS networks.

Demo Request Forescout Platform Top of Page