Protecting the aviation industry from cyberthreats

As the summer holiday season is in full swing, thousands of holidaymakers are jetting off on their getaways. Yet, the excitement of a holiday can swiftly be eclipsed if challenges arise.

 

While passengers are likely to face longer waits at security and check-in, airlines are under immense pressure to maintain peak performance to avoid unpredictable disruptions and delays for travellers.

This year, peak season comes at a time when the aviation industry is facing a significant and growing threat, in the form of cyberattacks. Since the beginning of June, several airlines have seen their IT systems targeted by cybercriminals.

The combination of a surge in travel and the escalating cyberthreat makes it vital for airlines and airports to secure their IT infrastructure. To achieve this, security teams must have real-time, comprehensive visibility and observability across their networks.

 

In the absence of this complete observability, the ability of IT security professionals to identify and respond swiftly and confidently to attacks is significantly reduced.

Aviation cybercrime on the rise

Recent events illustrate that the aviation sector is a prime target for cybercriminals seeking to extort and disrupt its operations. In mid-June, Canadian airline WestJet suffered a cyberattack that disrupted its website and mobile app, compromising its internal systems.

 

Just over a week later, Hawaiian Airlines faced a similar incident affecting its IT systems. While flight operations in both cases remained unaffected, the attacks – which the hacktivist group Scattered Spider is suspected to have carried out – point to a broader campaign by threat actors targeting the airline industry.

In early July, Qantas, Australia’s flagship airline, reported a major data breach after hackers accessed a third-party platform. This saw the personal details of millions of customers, including names and contact details, compromised, further highlighting the vulnerabilities present in the interconnected systems of aviation organisations.

 

Unfortunately, these weaknesses are not just limited to those airlines targeted to date – any airline or airport could easily become the next victim.

Exploiting vulnerabilities

The recent cyberattacks on major airlines signal a clear pattern of cyber activity – hackers are taking advantage of specific points of weakness within the aviation industry. One of the main weak links threat actors are exploiting is the sector’s heavy dependence on complex webs of third-party vendors and legacy IT systems. 

 

For threat actors who are capable of exploiting known vulnerabilities, these represent easy targets, as evidenced with the Qantas breach.

Furthermore, the complex and interconnected nature of airline operations creates an extensive attack surface for bad actors to exploit. For instance, a disturbance in crew scheduling or air traffic management can impact the entire network, resulting in major delays, missing luggage, financial losses and reputational damage. 

 

In an industry in which an hour of unplanned downtime can result in millions of pounds of losses, the stakes are especially high.

The importance of comprehensive network visibility

To effectively counter these evolving threats, airlines and airports must adopt a proactive and comprehensive cybersecurity strategy. The basis of this approach is complete, end-to-end visibility across the entire IT environment.

 

It’s critical to monitor all traffic: across cloud, on-premises, and remote sites in real time. Without this continuous, round-the-clock monitoring, security teams can’t recognise the real threats nor respond quickly to them.

Deep, packet-level visibility into every communication and transaction occurring across the network is crucial for identifying and addressing security breaches in an efficient and effective manner. This level of observability allows IT teams to reduce the mean time to repair (MTTR), minimising the impact of any incident, cyber-related or not.

Preparing for the inevitable

In today’s threat landscape, it is not a matter of if an attack will occur, but when. Therefore, preparation and rehearsal are vital for ensuring the cyber resilience of key business applications. By simulating real-life disruption events, airlines can make sure that both their staff and systems are fully prepared to respond effectively to cyberattacks.

The aviation industry must also practice proactive threat hunting – ensuring they provide security analysts with the tools to look back in time and spot early indicators of compromise.

Ultimately, securing the skies requires a holistic and fully integrated approach to an organisation’s cybersecurity. This starts with airlines and airports having complete visibility and observability over their entire network so they can stop attacks in their tracks.

 

Having this enables an immediate and effective response to cyberattacks, ensuring passengers can continue to travel safely and without disruption this summer holiday season.