Unified approach needed to mitigate growing risks.
The aviation industry needs to unify its approach to prevent cybersecurity shocks, according to a re recently released report by the World Economic Forum.
The increased level of interdependencies can lead to systemic risks and cascading effects as airlines, airports and aircraft manufacturing take different approaches to countering cyber risks.
To guard against these risks and create a streamlined approach with civil aviation authorities, the World Economic Forum has launched the Cyber Resilience in Aviation initiative in collaboration with more than 50 companies.
The latest report, Pathways to a Cyber Resilient Aviation Industry, developed in collaboration with Deloitte, outlines how the industry – from airlines to airports to manufacturing and the supply chain – can work with a common language and baseline of practices. The report focuses on mitigating the impact of future digital threats on multiple levels.
The aviation industry has developed a strong track record of safety, resilience and security practices for physical threats and must integrate cyber risks into this culture of safety and resilience, said Georges De Moura head of industry solutions Centre for Cybersecurity at World Economic Forum.
“A common understanding and approach to existing and emerging threats will enable industry and government actors to embrace a risk-informed cybersecurity approach to ensure a secure and resilient aviation ecosystem,” he said.
However, revenues and cyber budgets are dwindling, cyberattacks are not. The sudden change in our way of working, combined with the sense of urgency and uncertainty generated by the COVID-19 pandemic, proves to be fertile ground for cybercriminals and nation-state actors.
Phishing is still one of the most common attack vectors and there has been a surge in COVID-19 related scams. In a survey conducted in 2020 by Airports Council International (ACI), 87.2 per cent of respondents named social engineering as their greatest vector of compromise.
Additionally, phishing emails that focus on specific targets – such as chief executive officers, financial departments and procurement teams – have increased in sophistication.
Ransomware activities targeting businesses skyrocketed over the past two years, with a 365 per cent increase in detections in 2019.6 Other targets include critical infrastructure providers, such as hospitals, power utilities and airports.
Loss of life has occurred as an indirect result. In addition, such attacks on hospitals can harm public trust and cause significant economic and reputational damage.
The Cyber Resilience in Aviation initiative has enabled organisations to create plans as a community to safeguard against current and future risks. It convenes over 80 experts from more than 50 organizations across global aviation and technology companies, international organizations, trade associations and national government agencies.