Page 22 - AAA JANUARY - FEBRUARY 2019 Online Magazine
P. 22
systems are actively patched with the latest software releases to are of the opinion that the chances of an air-
protect from zero-day attacks,” Larson said. “Automated software plane being hacked cannot be discounted.
patching performed on a routine basis is one effective control to Cybersecurity attacks are not uncommon in
help address many cyber threats.” Cybersecurity experts are of the business aviation as well, experts say.
opinion that using Artificial Intelligence tools to detect data probes
can help prevent a cyber breach. Protecting sensitive data by using In 2017, Robert Hickey, from the Cyber Security
multiple layers of security and encrypting data are also important Division of the Department of Homeland
steps that companies should take to stop cyberattacks, they say. Security (DHS), said at a conference of cyber
experts in Virginia that his team had “accom-
Vulnerable to Attacks plished a remote, non-cooperative penetration”
Hackers targeting the aviation industry has, over the last two years, of a Boeing 757, owned by the department,
become something of a common occurrence. In March 2018, the while it was parked at Atlantic City airport. The
US Department of Homeland Security and the FBI said that Russian hacking the airplane involved “typical stuff that
state-sponsored hackers had been infiltrating the nation’s elec- could get through security,” he added.
tricity grid and various infrastructure industries, including aviation,
collecting information on the networks and the systems’ controls in According to a 2018 presentation by US
place. The entry, most often than not, was achieved by targeting government researchers detailing efforts to
the weaker sections of the supply chain. uncover vulnerabilities in commercial aircraft,
In August last year, British Airways suffered a 15-day data breach many of the aircraft currently in use lack ade-
quate cybersecurity protection. The Pacific
Northwest National Laboratory (PNNL), one of
the researchers working on behalf of the DHS,
said the “potential of catastrophic disaster is
inherently greater in an airborne vehicle” and
that it is only “a matter of time before a cyber
security breach on an airline occurs.”
In February this year, Radio-Canada reported
that computers of the International Civil Aviation
Organization (ICAO), the Montreal-based
United Nations’ aviation agency, were hacked in
November 2016 by a group of Chinese hackers,
causing malware to spread throughout the air-
line industry. The agency, which is responsible
for setting international civil aviation standards,
withheld information about the hack, it alleged.
Lockheed Martin was the first to bring up the
issue, with company’s cyber-intelligence ana-
lyst writing in an email to the ICAO that the
cyberattack was “a significant threat to the
aviation industry.”
that compromised around 380,000 card payments and led to cus-
tomers having to cancel credit cards. Alex Cruz, airlines chairman, Europe Takes the Lead
said the hackers were “very sophisticated criminals” who had not The European Union Aviation Safety Agency
hacked the company’s encrypted data, but rather gained illicit has taken measures in trying to prevent cyber-
access to the airline’s system. In October, Cathay Pacific Airways attacks in aviation. In February this year, EASA
admitted that a hacker had, earlier in the year, accessed personal issued a Notice of Proposed Amendment (NPA)
information of 9.4 million customers. The airline said that flight that aims to impose stricter standards in deal-
safety hadn’t been compromised, but passports, addresses and ing with cybersecurity threats. According to the
emails had been exposed. proposed change, there would be dedicated
requirements under the specific certification
In April last year, Delta Airlines said that some of its customer pay- specifications (CS) applicable to aircraft, as
ment information had been exposed in a cyberattack at its software well as avionics. The agency expects to make
service provider. In January this year, a data breach at Singapore a decision on implementing the new rules in
Airlines’ loyalty program, due to a software glitch, exposed the the third quarter.
details of 285 members. All four airlines have increased spending
on cybersecurity after the hacks. “Such (cybersecurity) threats could be the
It could get much worse than credit card information being leaked. consequences of intentional unauthorized
With modern aircraft being virtual flying data centers, experts acts of interference with aircraft onboard
22 | January/February 2019 WWW .GBP .COM.SG/ AAA
