The internet facilitates convenience and anonymity. This includes enabling criminals or foreign entities with malicious intent to cause harm to airspace operations and all other industries, and it has the potential for use in warfare. Schmidt (2016), The aviation industry is already very aware of the threat to safety including those posed by terrorism. Such threats are not actually new for aircraft. Communication from air to ground has been common in aviation for over about our decades, and cyber security has been a challenge which is monitored during that entire time (Broderick, 2016). What has changed today is the volume of technology-based communications, as well as the extent to which is provides critical functions in operations (Broderick, 2016). Cybercriminals may target the personal or financial information of customers, as well as operational communications that control maintenance, flight, and other critical infrastructure (Broderick, 2016). Cyber-crimes can result in theft, disruption, or ransom. Even supply chain communications now involve channels that could potentially be hacked (Broderick, 2016).
The aviation industry has already been targeted by cybercriminals, and this is a great threat to air safety. The 2016 Global State of Information Security Survey and other surveys by PwC and partners revealed that 85% of the CEOs in the aviation industry had cyber security concerns, in comparison with the 61% across industries (Broderick, 2016). Respondents in the aviation industry were more likely to report cyber security incidents and attempts, and yet these same companies also implemented the fewest protective measures against cyber criminality (Broderick, 2016). Just one in four aviation companies responding to the survey indicated that they had a security strategy at all, and just over one third had employee training in cybersecurity or third-party standards for network safety (Broderick, 2016). Across other industries, the average was that half had instituted these proactive measures (Broderick, 2016).
Use your promo and get a custom paper on
"Aviation Cyber Security Challenges".
The problem was serious enough that The Aerospace Industries Association developed a decision paper which provided a proposed cybersecurity framework that could be used for civil aircraft, one that is based on the safety model of accident risk reduction (Broderick, 2016). The idea was that, like public safety, stakeholders such as government and entities in the industry would work together to ensure their common interest (Broderick, 2016). The representatives of companies in the industry heeded this call to collaboratively develop a voluntary framework for cyber security (Broderick, 2016). The same year, a White House Executive Order formalized the framework project, and consulted with thousands of representatives from public, commercial and academic contexts (Broderick, 2016). The initial framework was made available in 2014, and this was followed by the International Air Transport Association’s (IATA) cybersecurity toolkit to support companies and stakeholders in the industry by explaining cyberthreats, the assessment of risks, and monitoring (Broderick, 2016).
The organization of various stakeholders to work towards a common frame of reference and supports to thwart cyber crime are a good starting point, however more is needed given the real possibility of threats to safety and security. As Schmidt pointed out, the aviation industry has already been used in violent political attacks against foreign entities through hijacking, bombings and the use of domestic civil planes as weapons in 9/11 (Schmidt, 2016). In addition to a risk framework, there needs to be expanded effort which builds on this working relationship between stakeholders to form response plans to possible situations, as well as the identification of critical points of vulnerability in systems and recovery plans (Schmidt, 2016). A framework alone cannot prevent attacks, provide guidance during a cyber-attack, or assist in recovery without plans of action based on the possible scenarios.
- Broderick, S. (2016, December 21). Aviation Taking Systems Approach to Cybersecurity Threats. Retrieved from http://www.mro-network.com/maintenance-repair-overhaul/aviation-taking-systems-approach-cybersecurity-threats
- Schmidt, A. V. (2016, Winter). Cyberterrorism: combating the aviation industry’s vulnerability to cyberattack. Suffolk Transnational Law Review, 39(1), 169+. Retrieved from http://link.galegroup.com.ezproxy.libproxy.db.erau.edu/
