Cyberattacks on the Aviation Sector: Threats, Trends and Strategies

The aviation industry has been a prime target for nefarious cyberattacks over the last few years. Mere months ago, Los Angeles International Airport (LAX) suffered a data breach to one of its customer relationship management systems. Information exposed reportedly included company names, aircraft tail numbers, 1.9 million emails and more, but did not include passenger names or traveler data.

Last November, a cyberattack took down the public website of Long Beach Airport (LGB) in an attempt to cause chaos for customers. Internet-based systems utilized by airlines and air traffic controllers were unaffected, but the result could have been a lot worse.

And bad memories still loom from the coordinated attacks in 2022 that crashed the public-facing websites of more than a dozen airports across the U.S. In that case, the pro-Russia hacker group Killnet claimed responsibility. Again, flight operations were not affected, but a collective sense of vulnerability permeated the entire industry. 

At the Global Connected Aircraft Summit last fall, I discussed some of the top cyber trends we’re seeing in the aviation sector, what organizations should be considering, and some of the strategies they can deploy to safeguard critical data.

Beware of the Cost Cut

In the U.S., financial uncertainties, the regional banking crisis and the ever-rising debt ceiling have spilled over into numerous industries. The aviation sector, among others, has looked to cut costs amid the associated economic strain. But trimmed investment in cybersecurity can often lead to gaping holes in cyber defenses. Critical projects or upgrades such as system assessments or audits are often pushed back indefinitely.

 It could be something as seemingly small as a set of security patches put on hold that leaves a well-known vulnerability wide open for bad actors to exploit. So, while cost pressures are continuing to rise, outsourcing key updates to experts can help keep bad actors at bay. For the aviation sector, however, it’s not just external threats they need to be keeping a close eye on.

Threats from All Sides

Bridewell’s research found that more than one-third (35%) of decision-makers in critical infrastructure believe that the economic downturn is causing more internal employees to turn to cyber crime. Whether driven by employee negligence or criminal intent, organizations need to invest in strengthening their cyber defenses from the inside out, carrying out continuous vulnerability assessments to deliver a detailed picture of the potential attack surface. For example, Red Teaming—when trusted internal or hired personnel try to breach a system—is a great way of simulating a range of attack types to test defense capabilities and identify vulnerabilities. 

Of the many external threats out there, ransomware is the most feared type of attack in the aviation industry. To put into context how damaging it can be, ransomware has the potential to lock up an airport’s day-to-day operations. Emails can’t be accessed, and cloud applications can become inaccessible. When we surveyed aviation organizations and others in critical infrastructure, we discovered a total of 26 ransomware incidents over the course of the last 12 months – approximately one every other week. We often find, however, that these numbers are underreported, because organizations don’t want to admit when they’ve been victims of a breach.

Reducing Possible Targets

Aviation entities often work with numerous vendors and suppliers for material sourcing, and every new relationship creates risk. But it becomes costly and time-consuming to complete a cyber risk assessment on every vendor. As a result, we’ve witnessed more organizations reducing the number of suppliers they work with.

They’re also taking a similar approach to tech stacks, the collections of technology tools used to run their software and systems. Solutions are now being consolidated, which is helping to further reduce the potential attack surface.

Future of the Sector

As economic pressures intensify, the temptation to cut cybersecurity costs can leave aviation organizations vulnerable to devastating attacks like ransomware. And as recent and continued breaches demonstrate, the airport sector remains a prime target.

Maintaining strong defenses through continuous assessments, undertaking Red Teaming exercises and addressing internal risks are crucial to keeping your airport safe. On a positive note, the industry is taking steps to reduce its attack surface by consolidating tech stacks and vendor relationships. The next step is to allocate resources wisely and take proactive steps toward strengthening and maturing your cybersecurity posture, leveraging internal and external expertise to achieve end-to-end visibility across diverse environments.