Security Impact on the Connected Airline Industry


For well-over a decade, the Department of Homeland Security has sponsored National Cyber Security Awareness Month (NCSAM) in October. The goal is to increase education and awareness about cyber security issues impacting everyone — from consumers, to business owners, to enterprise organizations.

There is no doubt that the airline industry also has cybersecurity on its mind, with 95 percent of airlines and 96 percent of airports investing in major cybersecurity initiatives over the next three year, according to recent reports. As cybersecurity becomes more complex, from airport wi-fi access to in-flight connectivity and flight deck communications, more vulnerabilities arise if the right protection isn’t in place. APEX reports that “The FAA and industry have worked together on aircraft cybersecurity over the past 20 years, and there have been no US commercial accidents or incidents from intentional unauthorized electronic interaction with onboard aircraft systems.” Yet, the complexity of the issue deepens as connectivity and advanced technologies integrate into the aviation ecosystem.

So how can airlines prepare? Here is a roundup of industry expert advice that we’ve compiled for our readers:

Understanding the Threat

Fred Schreiner, Chief Technology Officer of Thales Avionics InFlyt Experience says that, “Organizational awareness will drive decision-making across the business, from budget allocation to cyber-risk management. Good preparedness is a delicate balance between business priorities and cyber-risk management priorities, where awareness of threats in terms of frequency, intensity, target and magnitude of potential consequences is critical to understanding how priorities should be managed.”

Keeping up in the Wild, Wild West

Joel Otto, VP of Strategy and Business Development at Rockwell Collins, agrees that understanding the threat is important. According to Otto, “You need a good threat analysis for where you’re vulnerable to protect against some sort of event that could disrupt your operations or cause some sort of malicious outcome.”

Additionally, organizations have to understand what they are dealing with when it comes to the Internet and the connected aircraft. It is like the Wild, Wild West according to Otto. “In the age of the connected airplane, perpetrators, victims and targets must be looked at in slightly different ways. The ecosystem is a complex place.”
Otto says there are three main questions we need to ask: What don’t we want to happen? How do we make sure we can detect it when it happens? And finally, what can we do to ensure it doesn’t cause a discontinuity of operations?

The Threat is Unavoidable
The goal of the airline industry isn’t to avoid threats. That is impossible, given how rapidly the threat landscape is changing, especially as more and more consumers have access to handheld devices and are always on and always connected. This new digital transformation opens the door to so many more attack vectors. The goal is to protect data, detect in real-time and remediate quickly. RJ McLaren, manager of Product Marketing at Kontron, says while the threat may be unavoidable, ongoing assessment is always needed. “Make sure the equipment you’re putting on your aircraft is up to the latest standards,” he says.”

Stronger Security Standards

Cybersecurity issues are growing more complex in the airline industry. It does not only impact the Flight deck, or the communications tower, but now also every passenger device that connects through in-flight wi-fi into a public network. According to the Airline Passenger Experience Association (APEX), “There are a growing number of links in the security chain for a passenger airline flight: from the navigation to the in-flight entertainment and connectivity system to the devices brought aboard by passengers to the flight bag itself, with many more in between. As airplanes and airports become increasingly complex networking nodes, APEX is pushing for higher standards of security by sharing industry insights and leading conversations at APEX TECH conferences. Meanwhile, real-life risk management means recognizing threats, staying on top of emerging hacker trends and predicting potential targets.”

Quotes from this article were originally published in APEX Experience.