Aviation Cyber SecurityThe aviation sector depends on computer systems (ground/flight operations) to a great extent. Certain systems ensure aircraft safety, while some are critical from an operations point of view. There are other systems that affect the service quality and financial well being of the sector. Several airlines/airports have established efficient systems to manage hacking threats. However, they have not taken a holistic approach in managing the IT infrastructure nor taken into account the threat to aviation system.
At present, the cyber threats could be due to any of the following: pernicious intent, information theft, political reasons, state sponsored. Being a critical and integrated system of information and communications technology (ICT) globally, the international aviation system is a probable target for mega cyber attack. The integration of technologies has enabled the aviation sector to reach new frontiers. Changing technology also increases chances of cyber threat. Hence, effective cyber security procedures are needed to mitigate the cyber threats.
Facilitating a robust aviation system and countering cyber threats must be addressed jointly by aviation cyber security stakeholders - governments, airlines, airports, and manufacturers. The establishment of risk-informed decision making model to elucidate cyber security framework and roadmap to enhance the aviation systems ability to negate attacks is pivotal. It requires a well defined common strategy based on safety concerns while taking into account security layers - deterrence, identify, counter, and recover.
The cyber security for aviation must be based on the following framework:
Establish Common Cyber Standards for Aviation Systems
- The key stakeholders pertaining to cyber security must establish information security and cyber protection standards for key infrastructure.
Ensure a Cyber Security Culture
- Create awareness on cyber security culture (vision, strategy across the globe).
Understand the Threat/Risk
- The aviation stakeholders must identify the people behind cyber threats and their intent before strategizing counter measures.
- In order to efficiently manage cyber risk, it is vital that the sector identifies the features of the aviation system that requires being safe guarded.
Communicate the Threats and Assure Situational Awareness
- Any specific information must be shared to mitigate threats encompassing the aviation system. Since aviation cyber threats are international in nature, a process to exchange information within the international aviation sector would assist in negating cyber security threats.
Incident Response Time
- The response time would vary according to the scenario. For e.g.: modification to a ticketing system could be done expeditiously, while modification to aircraft software would require testing and validation.
Research and Development
- Develop robust system architectures.
- Enhance attack detection.
- Facilitate forensic availability