Why air transport is burying its head in the cyber sand
LARGE numbers of international air cargo hubs are fatally-equipped to handle the fast-evolving threat of cyber attacks, security experts warn.
Alarmingly, in just a few seconds or minutes, cybercriminals can compromise an entire operating system, global technology company Verizon’s latest annual data breach investigations predicts.
“There were more than 53,000 security incidents across the world over the last 12 months and 2,216 confirmed data breaches,” says the firm.
If those figures are not disconcerting enough, the European Aviation Safety Agency reveals estimates of 1,000 cyberattacks each month on aviation systems worldwide.
Although many airport operators have a range of safety strategies in place to thwart such terrorist attacks, they are far less prepared for a hacking incident, a study conducted by technology consultants PA Consulting Group, finds.
Sabotage of this kind results in the infiltration of computers, servers, network components; and the software and the information transmitted over this infrastructure.
Industrial control systems, such as air cargo handling systems, airfield lighting, heating, ventilation, fuel distribution, power management and air conditioning are all at risk.
David Oliver , global transport security representative at PA Consulting Group, acknowledges the vulnerability of airfreight throughput. “The increasing levels of cargo connectivity is indicative of the wider trend around [technological] connectivity discussed in the 24-page report.
“As cargo becomes increasingly connected to the airport infrastructure, care needs to be taken to ensure the system is secure by design and default.”
Problematic elements of cyber security
The PA study highlights some well-publicised incidents in 2017, where hackers used ransomware (malware in which data on the victim’s computer is locked and then usually encrypted) to attack systems and then demand that organisations pay up to recover their data and regain access.
LATAM Airlines had data encrypted by WannaCry, and Ukraine’s Boryspil International Airport lost access to its systems after the intervention of NotPetya. “These cyberattacks were not targeting aviation — yet they resulted in interruptions to airport services,” the reports states.
In 2013, a sophisticated virtual spying operation directly affected 75 airports in the United States. “This intrusion happened via an advanced persistent threat attack, which means an intrusion was carried out by top-tier hackers who are generally funded by a nation-state,” it asserts.
“The airport hackers could have been driven by a desire to know who would be on certain flights, as well as the cargo [airlines] would be carrying.”
Why are airports vulnerable to cyberattacks? One main contributory factor is the air transport industry is becoming increasingly reliant on technology in almost every area of operations.
Another major factor is one of the most problematic elements of cyber security — such as the fast and constant evolution of the threats themselves, warns the report. Traditionally, airports focus on the biggest known threats, such as physical terrorism, hi-jackers, thieves, fraudsters etc. “But this approach cannot handle the demands of the current ever-changing environment.”
Cyber threats come in many forms and vary in their level of sophistication and motivation. They range from low-skilled ‘script kiddies’ (a script kiddie or skiddie is an unskilled individual who uses scripts or programmes developed by others to attack computer systems, networks and disfigure websites) to highly- skilled and motivated nation states.
Between these two extremes are other threat actors that can cause harm to an airport, including criminal organisations, disgruntled employees and so-called hacktivists, explains the study.
These typically affect the confidentiality, integrity and availability of systems and data that can result in the release of sensitive information. In addition, operational technology can be affected, potentially leading to the disruption of services or safety incidents.
PA Consulting Group, which collaborated with four leading airports, has uncovered seven key trends which make air cargo hubs especially susceptible to cyberattacks.
Among them are the generally increased use of technology, including big data; in-house and outsourced analytics; and the greater reliance on data-link-messaging between air traffic control towers and aircraft rather than traditional radio voice communications, for example.
Data-sharing is also another dangerous trend, with air navigation service providers increasingly under pressure to reduce charges and to integrate and harmonise national airspace and air navigation services.
Cyber security should be integrated into day-to-day processes
For example, System Wide Information Management has evolved into a global concept that has been adopted by the International Civil Aviation Organisation to facilitate greater sharing of air traffic management system information, notes the report.
Mega hubs are particularly vulnerable. As airports become larger, collaborative decision-making technologies and processes are commonly implemented to share greater data flows between the different stakeholders involved in airport operational processes. “These airports are then more exposed to attacks, and their iconic status makes them more appealing [targets] for attackers,” the report argues.
Major air cargo hubs cannot afford to ignore a number of fundamental practical steps if they are to have any chance of thwarting the nefarious ambitions of cybercriminals, asserts PAConsulting. Among these steps, cyber security should be integrated into day-to-day processes and procedures.
Furthermore, if holistic — and an easily maintained minimum number of software and hardware installations — risk assessments are conducted during the early stages, they can help hubs gain a rapid insight into the risks they face from cyber-security threats. They also provide a summary of specific areas that need to be addressed.
Also, by moving away from the outdated concept that cyber security is purely an IT function, airports will gain a shared understanding of the risks that can then be managed by all areas of the business.
This concept also applies to the supply chain, where any weaknesses in the level of cyber security could lead to a cyber-related incident affecting the airport, the airline, the forwarder.
With this approach, establishing an essential security monitoring and incident response capability becomes achievable. “Fundamentally, the focus on physical security needs to be applied with the same rigour in the cyber arena if airports are going to build resilience to potentially catastrophic cyberattacks,” Oliver concludes.
“If the industry does not act now, it will find itself at increased vulnerability to cyber attacks as new technologies increasingly become a part of their everyday operations.”