Aviation Security: The Emerging Threat of Cyberattacks

For this blog, I decided to talk about the emerging threat of cyberattacks/cyber-terrorism. Cybercrimes are illegal acts that use technology as either the tool or the target of a crime. There are various definitions of this, but I am sure the readers of this blog know what it is.  I would say this is a relatively new issue that the industry will face in the coming years with the continued rise of technology each year. While the world has witnessed numerous terrorist attacks on the industry, especially after the events of 911, cyber-attacks are a newer and less expensive tactic used by these unseen invaders that can wreak a similar kind of havoc. Some worst-case scenarios would be tampering with air traffic control to cause a crash. This is the main concern because ATC is not immune to cyber-attacks (IATA, 2019).  Other scenarios would be basic system breaches, small electronics programmed to be explosive, the BHS attacks (Willemsen & Cadee, 2018), somebody hacking into in-flight Wi-Fi to steal sensitive information of passengers, hacking into a plane/control systems from their seat via networks, etcRegardless, the potential scale of harm is huge. 

The IATA thinks that human factors will still have the greatest influence on security outcomes when it comes to cyber and insider threats. So, I think that the layers of the U.S. Aviation Security working in combination to help mitigate this threat the most are (8) behavior detection officers, (20) passengers, (17) trained flight crews, and (1) air intelligence officers. The purpose of these TSA security layers is to ensure that the air transportation system is being protected against any kind of terrorism. Air intelligence officers determine threats to aviation security, so in this case cybercrimes. Passengers can do their part by not sending/viewing sensitive information when on in-flight or airport wifi, and using security software or VPN's when attempting to use their device when they fly to prevent becoming a victim of in-flight hacking. Passengers are often not careful enough with their devices. Passengers should also look out for any suspicious behavior around them. This goes for flight crews and behavior detection officers as well, and they can be trained to look out for suspicious behavior of somebody trying to breach the security of the plane or passengers. The ongoing training and evaluation of staff should be a priority. 

 Hackers look for vulnerability or anything exploitable.  I read something about a new software out there that can be used by the airlines in their systems for protection, which actually uses emulated traps for the attacker if something suspicious is going on and it alerts the airline. But then again, software security cannot be guaranteed even in the aviation industry and only efforts can be made to prevent breaches and handle vulnerabilities (Harvard, 2016).  As time goes on, the world will have an even greater reliance on data and automation (AI). The International Air Transport Association, or the IATA's, white paper "Air Transport and Security: 2040 and Beyond", effectively discusses the threats to aviation security, particularly cyber-terrorism, and offers strategies to help be better prepared for the future, especially after 2040 when we are even more connected... or when they believe that this problem will reach a peak. That being said, the industry has started to address these challenges. According to the IATA, In order to combat cybersecurity and insider threats (particularly exploitation of increased connectivity and automation), IT and Security need to become better integrated. Rather than treating these as two separate functions (as most do today), cyber experts should be integrated into security teams so that they can provide specific advice and countermeasures to the cyber security threats aviation security operations are faced with (IATA, 2019). I think that the best ways to mitigate this issue would be regular system vulnerability assessments, recruiting those with good operational IT skills, designing systems with cybersecurity/insider concerns in mind, increasing the laws we have on cybersecurity, and implementing additional security measures on aircraft. This is all summed up in the IATA paper as some of the best actions as well. 

Flying does however remain one of the safest ways to travel... which is because of the continuous effort to improve air safety. But cyberterrorism is a critical and growing area of concern for the aviation security sector (IATA, 2019).




References:

 Duchamp, H., Bayram, I., & Korhani, R. (2016). Cyber-security: a new challenge for the aviation and automotive industries. Harvard Univerisity. Retrieved from http://blogs.harvard.edu/cybersecurity/files/2017/01/Cybersecurity-aviation-strategic-report.pdf 

International Air Travel Association. (2019). Air Transport Security: 2040 and Beyond. Retrieved from https://www.iata.org/contentassets/a7065984fea6447fa3b738c844c97ebb/iata-blue-skies-white-paper-2019.pdf   (page 14, 18 and 19 discuss the topic of cybercrime in aviation)

Transportation Security Administration. (2017). Inside Look: TSA Layers of Security. Retrieved         `    from https://www.tsa.gov/blog/2017/08/01/inside-look-tsa-layers-security

Transportation Security Administration. (2017). Security Guidelines for General Aviation Airport Operators and Users. Retrieved from https://www.tsa.gov/sites/default/files/2017_ga_security_guidelines.pdf

The White House. (2018). National Strategy for Aviation Security. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2019/02/NSAS-Signed.pdf

Willemsen, B., & Cadee, M. (2018). Extending the airport boundary: Connecting physical security and cyber-security. Journal of Airport Management, 12(3), 236-247. Retrieved from https://web-a-ebscohost-com.ezproxy.libproxy.db.erau.edu/ehost/detail/detail?vid=0&sid=1b37ee15-8df5-46e8-ba86-aa6a3d2166c9%40sdc-v-sessmgr01&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=131227183&db=tsh

Images References:
Flight Safety Australia. (2014). Cyber terrorism and drones emerging as aviation threats. Retrieved from https://www.flightsafetyaustralia.com/2014/12/cyber-terrorism-and-drones-emerging-as-aviation-threats/

Murdock, S. (2017). EASA and FAA Issue Software Standards As FBI And DHS Issue Hacking Warning. JDA Journal. https://jdasolutions.aero/blog/easa-faa-issue-software-standards-fbi-dhs-issue-hacking-warning/


(I know this is over the word count, I apologize. This is a really interesting topic to me and I have written various essays on the subject of cybercrimes in general.)


Comments

Popular posts from this blog

Weather Hazards In Aviation: Icing