The aviation sector is a massive industry, generating $704.4 billion of GDP per year (ATAG, 2018). To put this into perspective, if the collective aviation industry were a nation, it would rank 20th in the world in terms of gross domestic product (GDP). In 2017 alone, air transport carried over 53 million tons of freight and over 3.8 billion passengers (IATA, 2017). These monumental figures underscore how important the average airport hub is to the world economy and why cyber security is a critical concern for any stakeholder affiliated with, or dependent on, aviation and air travel as we know it today.
The Goal: Improve Customer Experience and Bottom Lines
For the aviation industry, digitalization of operations presents airports and airlines alike with a huge opportunity to reduce flight delays, improve customer experience and boost their bottom line. Ultimately, ICS cybersecurity, as it applies to the many applications within aviation, has a huge part to play in improving the traveler’s experience.
This is why initiatives like the Single European Sky ATM Research program (SESAR) and the United States NextGen program are paving the way to digitize, streamline and automate everything from, air traffic management systems to BAS resiliency.
Although the digitalization of airport and aviation applications will improve the average traveler experience, we can’t ignore that these new gains in efficiencies will also present new vulnerabilities that must be managed.
Today’s Cyber Threat Landscape
It’s important to understand that cyber criminals are constantly innovating. When it comes to the cyber world, malware writers are hard at work finding new ways to infiltrate critical infrastructure networks. Recent news headlines highlight how the aviation industry has been increasingly targeted by such attacks.
Aviation cyber-attacks 2016-Present
Compromise of the public-facing host to use it as a gate to gain access
Malicious operations camouflage, personal data theft
Selling unauthorized access
Privacy & confidentiality issues, lateral movement for Advanced Persistent Threats
Attack to commercial networks / passenger management networks
Competitor / Hacktivist
Attacks to HVAC or passenger management systems
Airport service disruption
Competitor / Hacktivist
Attacks to ground side systems like baggage handling
Service disruption, block on ATM services, crisis state
ATM Support Systems DDoS or Takeover
Malicious operations camouflage, incidents through misguiding surface objects
Violation of vehicle routing systems or landing queues monitoring
Malicious operations camouflage, provision of bad data to cause incidents or outages
GPS spoofing, ADS-B spoofing, NAV or landing aids disruption, datalink networks sabotage
Diverting traffic to different flight space, flight delays or cancellation, potential cata-strophic attack like Sept. 11th
So, why are threats in the aviation sector growing so fast? In short, there’s a lot to target if you’re a cyber criminal.
The aviation sector is a critical and potentially lucrative target for hackers and state-sponsored cyber warfare initiatives. Disrupting operations of any airport building automation system (BAS) for example, even for a handful of hours, could result in millions of dollars of lost revenue for airlines and related vendors.
Additionally, air transport consists of exceedingly complex operations that orchestrate a multitude of critical systems, including air traffic management (ATM), air fleet management, APRON and tarmac operations, airline operations center (AOC) networks, luggage and goods management, surveillance and many others. Securing all these systems is no small feat.
Digitalization, as we know, presents new threats and vulnerabilities. These are inevitable and manageable with improved visibility and threat detection solutions.
At SecurityMatters, what we observe is that most threats affecting various aviation-related applications target industrial control and process control networks. Additionally, traffic control networks for ATM resemble traditional ICS networks in many ways, from their reliability requirements to their usage of specific protocols. This makes a holistic, scalable cybersecurity strategy that utilizes technologies that excel at industrial threat detection critical for both aviation risk management and process optimization.
A Holistic ICS Cybersecurity Strategy for Aviation
After air transport stakeholders fully understand the various threats and vulnerabilities that can affect their networks, they need to develop a strategy to manage and mitigate them. One of the best approaches is the Defense in Depth strategy, which basically means multiple layers of defense are distributed throughout the network. The exhibit below highlights the approach.
When air transport stakeholders implement this strategy, the impact of an accidental security incident or a malicious attack is contained to the zone where it began.
Increasing ICS Visibility & Threat Detection with SilentDefense
When implementing a Defense in Depth strategy, asset owners will need to gain complete visibility into the network assets to understand what devices sit where and the vulnerabilities of each. One of the best ways to do this is by implementing a non-intrusive ICS network monitoring tool.
These monitoring solutions are invisible to the network and have no impact on running processes and equipment. They collect asset information such as type, version, location, configuration changes and vulnerabilities by listening to traffic already traveling through the network. Because of the automated and passive nature of this method, you can continuously track asset information and behavior in real time. This greatly improves the ability to detect:
- Device and network information
- Device vulnerabilities
- Operational threats, including network connectivity issues
- Device malfunction and misconfiguration
- Dangerous process operations
- Use of insecure protocols and default credentials
- Advanced cyber-attacks and exploit attempts
Device information and alerts about any potential threat to operational continuity are delivered to a central management platform in real-time. From there, they can be escalated appropriately within the organizational ecosystem.
This gives aviation asset owners total ICS visibility and a clear path towards achieving true cyber resilience.
Leveraging a converged IT/OT infrastructure offers stakeholders in the aviation industry a competitive advantage, but only if cyber or operational incidents can be identified and prevented.
The benefits of ICS visibility for air transportation systems include:
- Complete asset transparency
- A significant reduction in OT management workloads and costs
- Lower business risk through cyber and operational incident prevention
- Simplified compliance