Is aviation cybersecurity at risk?

O’Fallon, IL, November 22, 2017 – Aviation Cybersecurity is the focus of Atlantic Council’s recent report, Aviation Cybersecurity: Finding Lift, Minimizing Drag. The aviation industry is part of our critical infrastructure. It is a complex ecosystem with many different players – airline operators, airports, aircraft manufacturers, ATC, FAA, EASA, TSA, etc. Aviation is the cornerstone of much of our national and international business, tourism, and trade. It is vital consumers have a high level of trust in the aviation industry. Christian Espinosa, CEO and aviation cybersecurity penetration testing and risk assessment expert, contributed to the report on aviation cybersecurity. Christian also participated in a panel discussion on aviation cybersecurity, focused on hacker and pilot perspectives, facilitated by CNN.

“Aircraft wireless, radio, and satellite communications include many vulnerabilities, primarily due to a lack of authentication. It is relatively easy to spoof messages to and from aircraft. Attack objectives could range from a denial of service to providing false data to aircraft and ground stations.”

Sponsored by Atlantic Council, the panel brought together industry experts to discuss the current state of aviation security. The good news is an attacker is not able to take over an airplane in the air from the rear of the aircraft. However, as the report points out “Airports are a key focal point of adversary interest.”

With this in mind, the Aviation Cybersecurity report offers five suggestions to combat the coming cybersecurity challenges:

1. The International Civil Aviation Organization (ICAO) will play a critical role in working with and advising national regulators in deciding how the aviation industry should manage cyber risks. The ICAO will also help clarify what challenges legislators might encounter.
2. A greater focus on delivering resiliency and security will require both resilient systems engineering practices and personnel culture.
3. Passenger and stakeholder trust in aviation safety and security is at the forefront of the cybersecurity challenges facing the industry. In the case of an incident that trust will be eroded. Restoring that trust will be essential to regaining credibility in the eyes of the public and major stakeholders.
4. Because human error or technical failures are inevitable there must be a focus on protecting the integrity of the data human operators are presented with so they will be able to make safe and timely decisions.
5. Developing a shared culture of collaboration between aviation and cybersecurity industries will foster a shared culture of awareness of risk.

The full report can be read at the Atlantic Council web site.

The full report launch event is shown below.

About Atlantic Council

The Atlantic Council promotes constructive leadership and engagement in international affairs based on the Atlantic Community’s central role in meeting global challenges. The Council provides an essential forum for navigating the dramatic economic and political changes defining the twenty-first century by informing and galvanizing its uniquely influential network of global leaders. Through the papers we write, the ideas we generate, and the communities we build, the Council shapes policy choices and strategies to create a more secure and prosperous world.

About Alpine Security

Alpine Security is a Service Disabled Veteran Owned Small Business (SDVOSB) providing cybersecurity assessment services including penetration testing, risk assessments, incident response, audits, and digital forensics. Alpine Security also provides cybersecurity certification hands-on technical training. We believe it is better to have an ally determine your weaknesses than the enemy. We are based in the Greater St. Louis area and add value to clients worldwide.