The growing trend in cyberattacks against the aviation industry [Q&A]

Towards the end of last year the American Airlines pilot union was hit with a ransomware attack. This is just one of a growing number of attacks targeting the aviation sector.

What makes the aviation industry such an attractive target and how can it protect itself? We spoke to Marty Edwards, deputy CTO for OT/IoT at Tenable, to find out.

BN: Why is the the aviation sector such an attractive target?

ME: Cyberattacks on our nation's critical infrastructure are on the rise, and the aviation sector is garnering growing interest among cyber criminals. The industry is heavily reliant on interconnected computer systems making it susceptible to disruptive cyberattacks, with potential cascading effects on global economies. Attackers recognize the consequences to aviation organizations if operations go down and prey on this vulnerability and desire to restore operations quickly.

BN: Are there real risks to airline users here?

ME: Absolutely -- aviation organizations possess a wealth of sensitive consumer data. In the event of a cyber incident, attackers could steal this sensitive information. Attackers usually sell this information to other cybercriminals for additional nefarious purposes such as phishing, identity theft and financial fraud. Not to mention that disruptive cyber attacks can delay passengers.

In addition to data theft, there's the risk that operational technology -- such as baggage handling systems or utilities and Building Management Systems (BMS) within airports -- could be disrupted. While travel disruptions aren't ideal, physical and safety risks in these scenarios are very low.

BN: How far down the supply chain do the risks go?

ME: There is cyber risk across the entire aviation supply chain from the systems and services used by airport security to the communication networks between airlines and air traffic control. As aviation embraces digital transformation, the interconnected nature of these systems increases the attack surface, demanding stringent cybersecurity measures.

BN: How are regulators responding to the threat?

ME: In response to rising security threats, TSA updated their cybersecurity requirements for airport and aircraft operators, which include developing a plan to improve their cybersecurity resilience and to prevent disruption and degradation to their infrastructure. Under these requirements, airport and aircraft operators must develop network segmentation policies and controls, create access control measures, implement continuous monitoring and detection policies and procedures, and routinely apply security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems.

Additionally, the TSA requires airport and aircraft operators to establish a Cybersecurity Assessment Program and submit an annual plan that describes how the owner/operator will proactively and regularly assess the effectiveness of cybersecurity measures, identify and resolve device, network and/or system vulnerabilities.

Additional steps that any critical infrastructure company can do to bolster security is implement a strong backup and recovery plan for the inevitable ransomware attack. Companies that backup often and regularly test their backups to verify their integrity can have confidence that they can isolate the incident and restore operations in the shortest amount of time as possible.

BN: What should companies in the sector be doing to bolster their defenses?

ME: Security and compliance for airports, aircraft operators and airport terminal projects all need to start with visibility. By getting an inventory of IT and OT assets on their networks, users can see a complete picture of the assets and how they are interconnected. But visibility is more than just identifying what’s out there and knowing which challenges must be addressed. Identifying vulnerabilities and other security risks starts with being able to identify and understand the target. With that level of visibility, organizations are better positioned to understand where the greatest risks are within their environment and start taking the necessary steps to mitigate risk where it matters most. Gaining the right context is crucial for effective prioritization and cross-team communications, as well as reporting up to business leaders with a clear picture of the risk to the business.

All critical infrastructure organizations must also understand that securing OT systems also requires securing the IT side of the house. Most industrial environments are no longer air-gapped, which means they’re exposed to the outside world. This creates an expanded attack surface and provides cybercriminals with an opportunity to move laterally from IT to OT, or vice versa. Visibility and control over converged environments are foundational to any security program.

Image credit: magann/depositphotos.com