Two weeks ago, a technology outage at Kolkata Airport disrupted operations and delayed 25 flights. This incident followed another in late April in New Delhi which delayed 137 flights following a five-hour software outage. These disruptions were attributed to operational errors. We should consider how much more damage can be caused by an adversary intent on creating disruption through a cyber attack, and how the Indian aviation sector can defend against these scenarios.
The aviation sector is one of the most targeted for cyber attacks. Companies in the aviation sector today face attackers from across the threat landscape which can be divided into three primary categories.
The most prevalent threat facing the aviation industry today is state-linked espionage activity carried out over the internet. State-sponsored actors—including those from China, Russia, and more recently Iran—routinely seek to steal industrial secrets from manufacturers, researchers, designers, and operators of both military and cutting-edge civilian aircraft.
All three countries also routinely target ticketing and traveller data, shipping schedules and manifests—as well as partner industries such as railways and accommodation providers—as they gather counterintelligence data on travellers who could be from the worlds of industry, government, media or other VIPs of interest.
When cyberespionage operators get a foothold on a system, they can often use that access to steal information or launch a disabling or destructive attack using the same technology. But they rarely choose to carry out destructive attacks. And with safe redundancies in place, a crashed computer does not mean a crashed plane, which is an important distinction for the public to keep in mind.
Aviation sector companies and passengers face three principal ongoing economic cyber threats. First, for years, airlines and third-party ticket sellers have been compromised to facilitate the re-sale of illicit tickets for profit in underground forums. Second, because airlines are trusted by their customers with a wide variety of sensitive personal data, they are also frequently targeted by cybercriminals looking to gather data to enable other types of fraud.
Also, there has been a sharp increase in the use of ransomware to temporarily disable airline ticketing and support operations over the last two years. Air travel is a time-sensitive business, and cybercriminals know that they can extort quick payment from airlines that are unable to move passengers until their systems are decrypted.
Airports around the world have had their websites defaced or disrupted, principally by non-state actors seeking to draw attention to a particular political, social or moral cause. This can lead to passengers fearing that they or a loved one may be at risk of a terrorist attack or hijacking, whereas in reality, the compromised systems are likely to have no relationship with flight operations.
In a limited number of cases, such hacks have caused flight delays and other damaging disruption, impacting both revenues and reputation. It is important that officials and airlines representatives communicating with the public during such events differentiate between taking down systems that cause inconvenience from those that directly support flight operations and passenger safety.
The aviation sector’s safety-oriented approach has served in well in recent decades, making passenger air travel significantly safer than many other modes of transportation. The proliferation of cyber threats has introduced new risks into the equation. Industry and government must work together to ensure our networks are as safe as our runways.