The aviation sector is increasingly reliant on digital systems, encompassing everything from cockpit avionics to passenger service databases, air traffic control communications, and even the infrastructure of airports. As such, the importance of cybersecurity cannot be overstated. 

While aviation has benefited from this technology in terms of efficiency and safety, there are also concerns around the vulnerability of aircraft to cyberattacks in the digital age.   

Data breaches 

The aviation industry faces a range of hacker threats that vary in complexity and potential impact. Data breaches, where cybercriminals target personal information stored by airlines and airports, are one of the most common. This data, which may include passenger names, contact information and payment details, can be used for identity theft and financial fraud. 

One notable case was the 2020 easyJet data breach where approximately nine million customers were affected, and the credit card details of 2,208 people, including CVV numbers, were compromised.  

The incident, considered a sophisticated cyberattack, occurred between October 17, 2019, and March 4, 2020. easyJet disclosed the attack publicly in May 2020 and customers were warned of the risk of phishing attacks using the stolen data. 

When making the news public, the airline told the that an investigation suggested hackers were targeting “company intellectual property” rather than attempting to steal customer data.  

Following the breach, there were reports of credit card fraud, and a class-action lawsuit worth 拢18 billion ($22 million) was filed against the airline. However, in November 2023 that the United Kingdom精东影业 Information Commissioner’s Office (ICO) had abandoned the investigation, a decision that was met with criticism from some quarters.  

In October 2023, Boeing also experienced a data breach, as a result of failing to respond to a ransom demand from the ransomware group LockBit.  

LockBit claims to have obtained a large amount of sensitive data from Boeing and threatens to release it unless a ransom is paid. Boeing’s financial details, supplier and distributor information, training materials and internal instructions are reportedly among the leaked data.  

While Boeing acknowledged the cyberattack on November 2, 2023, the company claims that it has had no impact on flight safety. 

Operational disruptions 

Operational disruptions represent a more severe threat. Cybercriminals can deploy malware or ransomware to infiltrate the IT systems of airlines or airports, crippling booking systems, flight operations, and even air traffic control communications. These attacks not only cause financial losses but can also lead to significant safety concerns and the loss of public trust. 

In June 2015, Polish state-owned airline LOT suffered a cyberattack by unidentified attackers using a distributed denial-of-service (DDoS), a tactic that overwhelms systems with traffic from multiple sources, to target LOT精东影业 ground computer systems at Warsaw’s Frederic Chopin Airport (WAW). The attack disrupted the processing of passenger flight plans, resulting in the cancelation of approximately 20 flights and around 1,400 passengers were left stranded. At no point was the safety of in-flight systems compromised.   

Another cyberattack along similar lines occurred in October 2022, when pro-Russian hackers, identifying as the group Killnet, claimed responsibility for a series of distributed DDoS attacks on US airport websites, including Los Angeles International (LAX), Chicago O’Hare (ORD) and Hartsfield-Jackson Atlanta International Airport (ATL). The attacks were part of a call to action by Killnet posted on Telegram, where they listed multiple US airports, urging other hackers to join the DDoS barrage. 

Despite the cyberattacks, LAX officials confirmed that the disruptions were limited to their public website and had not affected internal systems. Services were restored, and an investigation was launched with the Federal Bureau of Investigation (FBI) and Transportation Security Administration (TSA) being notified.  

Atlanta officials added that disruptions to website access were only temporary. The motivation for these cyberattacks appears to have been anti-US sentiment, related to the country’s role in the war in Ukraine. 

Hacking the aircraft 

In 2017, during the CyberSat Summit a Department of Homeland Security (DHS) official, Robert Hickey, revealed that his team had been able to remotely hack a parked Boeing 757 at Atlantic City Airport (ACY) in New Jersey. 

The hack took place in 2016 and required no physical contact with the aircraft, using equipment that could pass through airport security to exploit the 757精东影业 radio frequency communications. 

The details remain classified, but the revelation underscored long-standing concerns about the potential for unauthorized access to aircraft systems via interconnected networks such as passenger Wi-Fi. 

A cyberattack on a plane can have disastrous consequences. The crash of Spanair Flight 5022 in 2008, which resulted in 154 deaths, initially raised speculation that malware had contributed to the accident. According to Spanish daily newspaper , an internal report issued by the airline revealed an infected computer at the airline精东影业 headquarters failed to alert the crew of critical technical issues, including the improper configuration of flaps and slats for takeoff.聽聽

While it was later clarified that the malware had not directly factored into the crash, which took place shortly after departure from Madrid-Barajas International Airport (MAD), industry experts聽went on to raise聽serious concerns about aviation cybersecurity and the potential for such threats to compromise flight safety systems.聽

Navigating cyber threats 

The aviation industry, recognizing the critical nature of cybersecurity, has developed comprehensive frameworks and protocols to safeguard against cyber threats. Efforts began ramping up in the 2000s as reliance on this technology grew. These frameworks are a collaborative effort, involving input and regulation from industry bodies, international organizations, and governmental agencies. 

Key among these is the International Civil Aviation Organization (ICAO), which has established guidelines for cybersecurity in aviation. These guidelines cover a wide range of areas, including risk assessment, threat identification and response strategies. The ICAO also emphasizes the importance of cooperation between Member states of the United Nations (UN) and the sharing of cybersecurity information. 

Similarly, the Federal Aviation Administration (FAA) in the United States and the European Union Aviation Safety Agency (EASA) have set forth regulations and guidelines for cybersecurity. These include requirements for airlines and airports to implement robust cybersecurity measures such as integrating safety oversight systems, and for regular audits and assessments to be conducted. 

In addition to these regulatory frameworks, the industry has developed its own protocols and best practices. The Aviation Information Sharing and Analysis Center (A-ISAC) serves as a hub for sharing threat intelligence and best practices among industry stakeholders. Airlines and airports frequently comply with the ISO/IEC 27000 series, a suite of standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), to ensure effective management of their information security risks.   

Aircraft certification plays a pivotal role in ensuring cybersecurity. Both the FAA and EASA require that new aircraft models undergo rigorous cybersecurity testing as part of the certification process. This includes assessing the aircraft’s resilience to cyberattacks and the integrity of its critical systems. Manufacturers must demonstrate that aircraft systems are not only functionally safe but also secure from potential cyber threats. 

This process ensures that cybersecurity is built into the aircraft from the design stage and continues throughout its operational life. 

Emerging technologies in aviation security 

The aviation industry is also turning to emerging technologies like Artificial Intelligence (AI), machine learning, and blockchain to bolster its cybersecurity defenses. AI and machine learning are being deployed to detect and respond to cyber threats more efficiently. These technologies can analyze vast amounts of data to identify patterns indicative of a cyberattack, often recognizing threats faster and more accurately than human operators. They can also learn from each incident, continuously improving their ability to detect and neutralize threats. 

Blockchain technology offers a different set of advantages. Known for underpinning cryptocurrencies, blockchain can provide a secure and unalterable ledger of transactions. Within the context of aviation, this could be used to securely track the maintenance history of aircraft components, the movement of baggage, or even the credentials of personnel, all of which have implications for security. 

However, technology is only part of the solution. Continuous training and awareness programs are equally critical in maintaining a strong defense strategy against cyber threats, which, together with advanced technology, constitute a robust cybersecurity posture. Human error remains one of the most significant vulnerabilities in cybersecurity. Ongoing training ensures that all employees, not just IT staff, are aware of the latest cyber threats and the best practices for preventing them. This includes everything from recognizing phishing attempts to following protocols for reporting suspicious activity. 

Moreover, awareness programs help to foster a culture of cybersecurity within organizations. When employees at all levels understand the importance of cybersecurity and their role in maintaining it, they become an active part of the defense strategy, rather than a potential weak link. This human-centric approach, combined with advanced technological tools, creates a comprehensive defense against the evolving landscape of cyber threats. 

Advancements in AI and blockchain should enhance aviation’s cyber defense, making hacking more challenging but not impossible. The landscape is ever-changing, and absolute security can never be guaranteed.  

Aviation industry experts continue to grapple with the complexity and persistence of cyber threats, highlighting the need for constant vigilance. 

How secure do you feel about flying in the digital age? Join the discussion in the comments section. 

What are the privacy concerns when using satellite imagery to solve crimes?聽

• Space

byEmilia Stankeviciute

September 2, 2023

On October 27, 2023, Lockbit that it had stolen “a tremendous amount” of Boeing精东影业 sensitive data that it would publish and leak online if Boeing failed to pay the ransom by November 2, 2023.

鈥淎 tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing does not contact within the deadline!鈥�, the on its website.

On November 1, 2023, Boeing acted to acknowledge the attack. “We are aware of a cyber incident impacting elements of our parts and distribution business,” a Boeing spokesman said in a report by Reuters, adding: “This issue does not affect flight safety”.

On November 3, 2023, tech media outlet reported that, at some point between October 30 and 31, 2023, Boeing had been removed from Lockbit精东影业 hack threat list, leading to speculation that the aircraft manufacturer had entered into negotiations with the ransomware group.

As of November 3, 2023, Boeing精东影业 service site remains down due to 鈥渢echnical issues鈥�.

LockBit is a cybercriminal group proposing ransomware as a service. They use double extortion tactics where they not only encrypt the victim’s data but also threaten to leak it if their demands are not met.

The group claims to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa.

Airline scammers: family loses $3,400 after hackers changed airline contact info

• Civil Aviation

byJean Carmela Lim

August 18, 2023

Although the attacks temporarily rendered the sites inaccessible to the public, no operational disruptions were reported. 

A senior official briefed on the situation that the attack came from within the Russian Federation. 

John Hultquist, vice president for intelligence at Mandiant, an American cybersecurity firm, said that the attacks were carried out by Killnet, a group of pro-Russian hackers, reported.

has released a target list of airports.

According to O’hare airport and airport two of the biggest in the US been having issues for several hours.

鈥� CyberKnow (@Cyberknow20)

Airports affected by the cyberattack include Los Angeles International Airport (LAX), O鈥橦are International Airport (ORD), Des Moines International Airport (DSM), and Atlanta’s Hartsfield-Jackson International Airport (ATL). 

The airports stated that information or personal data was not stolen, and there was no safety risk to the public.

American Airlines discloses data breach after phishing scam in employee email

• Airlines

byJean Carmela Lim

September 20, 2022

 

鈥淪tarlink has resisted Russian cyberwar jamming & hacking attempts so far, but they鈥檙e ramping up their efforts,鈥� Musk stated via his Twitter account.

Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they鈥檙e ramping up their efforts

鈥� Elon Musk (@elonmusk)

In the post, stating that Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline after Russia invaded Ukraine on February 24, 2022.

Since the onset of Russia精东影业 invasion of Ukraine, SpaceX has been shipping Starlink terminals to Ukraine, after internet has been disrupted due to the war.  

In May 2022, Mykhaylo Fedorov, Vice Prime Minister of Ukraine and Minister of Digital Transformation of Ukraine, said that approximately 150,000 Ukrainian people are currently using Starlink internet daily.  

Rough data on Starlink’s usage: around 150K active users per day. This is crucial support for Ukraine’s infrastructure and restoring the destroyed territories. Ukraine will stay connected no matter what.

鈥� Mykhailo Fedorov (@FedorovMykhailo)

ISS could crash if sanctions not lifted, warns Roscosmos

• Space

byVyte Klisauskaite

March 14, 2022

The Russian Prosecutor General精东影业 office began reviewing the computer infrastructure of the Russian Federal Agency for Air Transport (Rosaviatsiya). 

Russian deputy transport minister resigns following Aeroflot raids

• Civil Aviation

byValius Venckunas

April 14, 2022

RBC精东影业 sources provide additional details of the attack. The sources claim intruders accessed Rosaviatsiya精东影业 network through an administrator account belonging to InfAvia, a company that provides Rosaviatsiya with IT services.  

Russia denies that aviation authority has been hacked, data deleted

• Civil Aviation

byValius Venckunas

March 30, 2022

 

Mahan Air, Iran精东影业 second largest airline, has sustained a serious cyberattack. 

The incident occurred on November 21, 2021. The airline精东影业 website was down for some time, and customers received messages from the hackers, Iranian media . 

Following a two-year investigation, the ICO found that British Airways was processing 鈥渁 significant鈥� amount of its customers鈥� private data without proper security measures. Had the airline identified and resolved weaknesses of its security measures, it could have prevented the 2018 cyber-attack 鈥渂eing carried out in this way,鈥� the commission outlined in a statement on October 16, 2020.

British Airways cyber-attack

British Airways revealed that it had been subject to a cyber-attack on September 6, 2018.

鈥淔rom 22:58 (BST) August 21, 2018, until 21:45 (BST) September 5, 2018, inclusive, the personal and financial details of customers making bookings on ba.com and the airline精东影业 app were compromised,鈥� the airline精东影业 statement read.

At that time, it was estimated that hackers obtained personal data of around 380,000 BA精东影业 customers, including names, addresses, credit card numbers, expiry dates and security codes, but not travel or passport details, as the airline stressed.

“We discovered that something had happened but we didn’t know what it was [on the evening of September 5, 2018]. So overnight, teams were trying to figure out the extent of the attack,鈥� the airline精东影业 Chairman and Chief Executive Alex Cruz was quoted as saying by the BBC at that time. “The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that’s when we began immediate communication to our customers.”

However, the ICO announcement indicates that the data breach actually affected around 429,612 BA精东影业 customers and staff. Among them, there are around 244,000 people whose  names, addresses, payment card numbers, and CVV numbers are believed to have been accessed by the attacker.

Historic 拢20M fine against BA

鈥淭heir failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result,鈥� ICO investigators outlined in the statement. 鈥淭hat精东影业 why we have issued BA with a 拢20m fine 鈥� our biggest to date.鈥�

However, the biggest fine to date is actually not that great when taken into the account that the initial, worst-case estimation pointed to a 25 times greater sum.

After the information about the BA精东影业 cyber-attack became public in 2018, experts counted that the airline might be subject to up to 拢489 million ($637 million) fine 鈥� 4% of its annual global revenue in 2017.

In June 2019, ICO issued the airline with a notice of intent to fine, finally revealing the actual size of the proposed financial penalty. In reality, the authority was proposing a 拢183.39 million fine against the air carrier, which was equal to approximately 1.5% of BA精东影业 revenue in 2017.

So how did the fine go from the intended 拢183.39 million to the actual 拢20 million? Well, COVID-19 happened. 鈥淎s part of the regulatory process the ICO considered both representations from BA and the economic impact of COVID-19 on their business before setting a final penalty,鈥� the authority explained in its latest statement.

In 2019, the showed that airlines spent 7% of their IT budget on cybersecurity in 2017 and 2018, and it has risen up to 9.64% in 2019. With a reason to show a prevention of cyber threats, get to know the public cyber attacks that happened in aviation. The article presents four different types of cyberattacks such as malware, hacking/phishing, denial-of-service (DoS) and human error by giving examples of different cyber accidents in aviation.

The chaos in Istanbul airports (Malware)

Malware is defined as a virus that can destruct computer-based and information technology systems and replicate themselves once a system is settled.

In 2013, cybercriminals attacked airports in Istanbul, Turkey. The cyberattack happened in at the departure terminals at both Istanbul Ataturk and Sabiha Gokcen airports. This accident led to the closing of the passport control systems in both airports. This cyberattack caused the delay of many flights.

The hacker attack at airports of Vietnam (Hacking/phishing)

Hacking and phishing are often related to obtaining information. There is only one difference between of mentioned cyber attacks that 鈥渋n a hack鈥� hacker involuntarily extracts the sensitive information by forcing the perpetrator to first take over the computer system. In another case, a phish can also be described as a hack, but this cyber attack occurs when the user is baited with an email or call and tricked into 鈥渧oluntary鈥� responding with information meaning hacker gets the necessary information from the user.

In 2016, cybercriminals hit the two largest airports in Vietnam. Pro-Beijing hackers on Friday defaced the website of Vietnam Airlines and flight information screens at two major airports in Ho Chi Minh City and the capital, Hanoi, displaying messages of supportive China’s maritime claims in the South China Sea. Right after the accident, the operators in Ho Chi Minh and Hanoi City were forced to stop all electronic check-ins. The accident at both airports of Vietnam was associated with hacking attack.

Polish Airlines faces the denial-of-service attack (DoS)

The denial-of-service attack is defined as one more type of cyber attack, where cybercriminal aims to render a computer or other information technology unavailable to its intended users by interrupting the regular functioning of the system. Commonly, cybercriminals flood the targeted system with requests until it becomes unable to process.

In 2015, cybercriminals attacked the LOT Polish Airlines flight-plan systems at the Warsaw Chopin airport. The attack made LOT精东影业 system computers unable to send flight plans to the aircraft. The flight plan includes very sensitive data as aircraft details, route, weather, etc. Knowing that without the flight plan aircraft can’t take off and as a consequence, 10 airplanes were grounded and around 1,400 passengers were stranded after the accident, which was associated with DoS attack.

Human error causes the IT chaos at British Airways (Human error)

In the cybersecurity context, human error is known as intentional or unintentional behavior by employees and/or users that cause, spread, or allow a security breach to take place.

In 2017, the British flag-carrier computer systems failed. The mentioned failure was caused by two human errors from a contractor. As a consequence, over 75,000 passengers were stranded and British Airways experienced enormous reputational damage. After the investigation, it was found that the accident was caused by the engineer, who disconnected and then reconnected the data-center power supply. It caused the power flood that led to the failure of computer systems.