Cyber-attacks are becoming more widespread in many sectors of the economy. Hospitals, social media corporations, banks, and apps that operate in the gig economy are all grappling with a fresh wave of attempted network intrusions. While cyber-attacks have harmed businesses across the targeted industries were mainly caught off guard, resulting in a slew of successful attacks with major long-term ramifications for the companies targeted. Cyber security experts now believe that the aviation industry will be the next big target for cybercriminals.
A considerable number of early airline attacks have already taken place. Cathay Pacific Airways, for example, informed customers of a severe data breach in 2018. This resulted in a £500,000 fine from the Information Commissioner’s Office (ICO), the UK’s national data watchdog.
Air India experienced a data breach in 2021, exposing the personal information of around 4.5 million customers. Information such as passport and ticket numbers, as well as some credit card numbers, was stolen.
Attacks against the industry are on the rise as well. Despite the significant reduction in air travel demand, EUROCONTROL reported more than 1,200 aviation cyber security incidents and events in 2020, compared to only 200 the year before. This is why airlines must strengthen their cyber security as quickly as possible.
“A new attack has been launched against Mahan Air’s computer system,” the business said in a statement.
Because of its critical role in the country’s aviation industry, it has already been targeted multiple times.
The company’s website was down, but all of its flights were on time, according to the statement.
“Our internet security team is blocking the cyber-attack,” Amir-Hossein Zolanvari, a spokesman for the government, said state television.
According to the Mehr news agency, some Mahan users received text messages that read, “Cyber-attack against Mahan for cooperation in the crimes done by the terrorist Guardians Corps” — an allusion to Iran’s elite Revolutionary Guards.
Mahan Air is Iran’s second-largest private airline, after Iran Air. Since 2011, it has been on the US sanctions blacklist for Iranian enterprises. It also has a European and Asian network in addition to a domestic network.
Last month, Iran accused Israel and the United States of hacking into its gasoline distribution system, causing chaos at gas stations around the country.
Meanwhile, intrusions by the Black Shadow hacker gang have targeted Israel’s internet infrastructure, including the country’s largest LGBTQ dating site and an insurance provider. Although the hacker organization has denied any ties to Iran, the strikes are largely viewed as part of a years-long secret battle between Israel and Iran, which has included physical attacks on ships and offensive cyber actions online.
Flight is becoming more computerized, similar to passenger cars. Hackers can attack modern flight control systems since they rely on software controls and flight control systems. Simultaneously, computers are becoming more crucial in on-the-ground operations. Computers and Internet of Things devices are helping to expedite work and improve communications in airports and airline offices. However, if organizations do not have a cyber-security policy in place, these gadgets may leave them more exposed to assaults.
Each new device and computerized control system can provide another point of entry for hackers, making planes an easier target for thieves, in addition to providing utility for pilots or the airline.
The value of customer data is rising. Airlines collect and store a substantial amount of this information, including consumer data that hackers are particularly interested in, such as passport and ticket information, as well as financial information, such as credit card numbers.
On the Dark Web, this information can be sold in part or combination with information acquired in other breaches. Even information that would appear to be useless to hackers, such as medical data and aircraft reservation information, can be sold online.
Hackers could gain access to sensitive commercial and engineering information, such as 8130 forms, which certify that an aircraft component or part is in good working order. It’s critical to maintain all data secure and avoid fraudulent documents.
Simultaneously, airlines are collecting more data than ever before. Many major airlines are collecting transactional and behavioral data they haven’t collected before since consumer information can be sold to advertising or utilized to improve customer experience.
In 2014, there were about 1 million cyber security job openings. According to some estimates, the talent gap might reach 3.5 million unfilled posts by the end of 2021. While the tech industry is attempting to improve its talent pipeline, it’s unclear when the talent gap will start to close.
Airlines should consider the availability of personnel when selecting how to establish their cyber security strategy. Starting to hire a team sooner rather than later could assist ensure that, as competition for cyber security expertise heats up, airlines have workers capable of safeguarding their network or staging an attack response.
There is no industry-standard framework for approaching cyber security in the aviation industry at the moment. This means that most enterprises in the aviation industry that have a cyber-security strategy are flying blind, implementing their procedures, and sharing little knowledge with other airlines.
In April 2021, the World Economic Forum published a report calling for a unified approach to cyber security procedures in the industry, including improved communication and information-sharing standards that may assist individual businesses to defend against future intrusions.
A uniform method would ensure that information regarding threats aimed at airlines is widely shared among aviation cyber security experts.
In the near future, the number of cyberattacks aimed at the aviation industry is expected to rise. Airlines will become more of a target for hackers as they collect more data and install extra computer systems on their planes.
Cybersecurity planning can assist in ensuring that these hackers are unable to carry out successful attacks. Airlines can establish robust cybersecurity systems and practices to help protect themselves from these emerging cyber-threats if they start now.