Airports and the air traffic networks upon which global aviation relies are extremely important to local economies as well as to the importance to transport infrastructure.
The enormous reliance on computer networks and technology just to operate on a day-to-day basis, increasingly places this infrastructure at an elevated risk of cyber-attack.
In the past, cybersecurity had always been an on the ground issue. However, with the rise of the connected aircraft, this is changing.
Connectivity of aircraft systems, through traditional information technologies, aviation specific protocols and RF communications, have extended the attack surface to the aircraft itself, whether on the ground or in flight.
With the rising size of the digital footprint of aircraft, new concerns have arisen regarding the safety of data communications both on the aircraft, between the aircraft and the ground and security of the networks used to facilitate this.
The question is: Are we running out of time to fix aviation security? A report last year from the Atlantic Council on aviation cybersecurity underscored the poor state of aviation security — and worse, how poorly understood the problem is within the industry.
The report went on to say that modern aircraft are “flying data centers” that “travel around the globe,” but the aviation industry poorly understands how to protect passengers from cybersecurity risk. Now, without fully understanding the risk, without the technical expertise to mitigate that risk, and without sufficient financial or regulatory incentives to do so, the industry is stumbling into the future, and hoping nothing bad happens while they figure things out.
In truth, improving aviation cybersecurity is a journey. Experts in this field have recommended modalities to improve cybersecurity. These ideas include:
–Aviation-system design must be approached from the perspective of not only securing systems, but also increasing cybersecurity risk transparency and objectivity, for manufacturer and customer alike.
–All contracts between aviation stakeholders must include cybersecurity considerations, such as through-life risk management, vulnerability management, and data sharing.
–Standards bodies must be supported in the creation of informed and balanced aviation-cybersecurity regulations, through input from diverse stakeholders, as a collaborative and structured effort to promote global coherency.
Want to learn more? Tonex offers Aviation Cybersecurity Airworthiness Certification, a 3-day course that introduces participants to the aviation industry’s best practices cyber-security risk assessment, analysis, development, mitigation and assurance.
Additionally, Tonex offers nearly three dozen more courses in Cybersecurity Foundation. This includes cutting edge courses like:
—Cybersecurity Fundamentals (2 days)
—Electric Grid Cybersecurity Master Certification (4 weeks)
—Network Security Training (2 days)
—Software Security Training (2 days)
—ICS Cybersecurity Training (4 days)
For more information, questions, comments, contact us.