23 May Aviation community waking up to threat of cyber attacks
The risks facing the aviation community from cyber attacks are becoming more widely-acknowledged by industry associations and safety agencies due to their potentially catastrophic effect on both aircraft safety and commercial operations.
Business and commercial aviation companies are increasingly relying on machine-to-machine interfaces in aircraft management, air traffic control, commercial operations (including online sales) and safety monitoring communications, meaning systems could potentially be vulnerable to malicious attacks.
Cyber attacks – which could involve a competitor, a state actor or a terrorist being able to remotely impact the operation of an aircraft or the whole company through the click of a laptop key – have been considered a growing threat over the past few years.
In 2016, Luc Tytgat, director of strategy and safety management at the European Aviation Safety Agency (EASA) said that aviation systems were .
These attacks – some of which involved aircraft being infected with malware or security systems being breached – had caused delays, loss of information and general unease among the industry.
But fears that future attacks may prove to be much more catastrophic underlie current measures being implemented at a supranational level by agencies of the United Nations and the European Union.
International Civil Aviation Organization council president Olumuyiwa Benard Aliu, speaking at the ICAO’s first Cyber Summit and Exhibition last month, .
The US-centred National Business Aviation Association (NBAA) held its first security conference in January. Director of information technology Todd Wormington called cyber security the “greatest threat” to companies.
In February, EASA created the European Centre for Cyber Security in Aviation (ECCSA), inviting various industry stakeholders to join in order to benefit from shared information about cyber attacks.
The International Airline Transport Association (IATA), the trade association of the world’s major airlines, has also been discussing this topic on a regular basis at its Risk Management Committee to raise awareness among both its members and national governments.
However, despite the headline-grabbing fears of a cyber attack leading to the downing of an aircraft, a more everyday concern for commercial airlines is the loss or theft of customer data.
In fact, the majority of delays caused by hacking are attacks on the booking systems of airlines and not the aircraft management systems.
These attacks have the potential to not only cause major disruptions to the commercial operation of an airline, but also to damage customer confidence in data security.
The impact of a large-scale cyber attack on business has been made abundantly clear in the past week as almost a quarter-of-a-million computers in 150 countries were infected with the WannaCry ransomeware – a virus which encrypts files on a user’s computer and demands a ransom in Bitcoin for their decryption.
Osprey Insurance Brokers, an aviation-specialised broker based in Malta, is well abreast of the conversation about cyber exposures and the risks they pose to both the general and commercial aviation communities.
Osprey Insurance Brokers Co Ltd is licensed to undertake the business of insurance broking and is regulated by the Malta Financial Services Authority.