From keeping aircraft in the air to checking passengers in, aviation organizations rely heavily on IT systems. However, data collected from the growing number of aircraft, routes and passengers has increased the pressure on these systems, while legacy and inflexible IT systems are also leaving airlines vulnerable to the growing threat of cyberattacks.
Jeff Cass, VP, strategy, at the aviation and defence business unit at IFS, explains why safeguarding data is a serious challenge in the aviation industry and how cloud security and blockchain can help airlines reinforce cybersecurity.
Like most industry segments, airlines are quickly realizing that threats are just as likely to come from inside the organization as from outside. Cyberattacks have been reported at airports across the world, and it seems only a matter of time before we see an attack on a major airline.
In response to this threat, many commercial aviation organizations are actively hiring chief security officers and, according to a SITA Airline IT Trends Survey, the number of airlines which said they were advancing preparations to manage cyber risks has almost doubled to 91% in three years.
With more IoT-enabled sensors being used, it’s actually the newer aircraft fleets which have a higher chance of being attacked, many of which can be ill-equipped to prevent unauthorized access. Real-time air-to-ground communications, which are increasingly being used for things such as passenger wi-fi, are evolving to support mission critical functions such as inflight fuel adjustments and aircraft health monitoring, both of which could severely disrupt airlines if compromised.
The safeguarding of data has become a major challenge for airlines, one that threatens to disrupt key practices for the entire industry.
From passenger information at check-in desks to engine health data and maintenance history, airlines collect huge amounts of data. The corruption or loss of any of this information can pose serious safety and regulatory issues.
Storing information means airlines must adhere to compliance regulations, such as PCI DSS for customer payment data, or the UK Data Protection Act, which states that information must be protected against unauthorized access and accidental loss. These regulations are even harder for international airlines to meet, as they have to cope with different data compliance laws across country borders.
This has implications on data storage, a lot of which is now being held in the cloud. Companies that don’t have strict policies in place, lack data access controls or use legacy IT systems will struggle to keep their data secure.
Blue sky thinking
Cloud solutions are a vital tool in the new airline IT landscape, especially when dealing with scheduled and unscheduled aircraft maintenance. Having mobile devices wirelessly connected to software and data in the cloud frees up personnel from having to physically or electronically store manuals and documents.
Powerful and easy-to-use mobile applications are now available to help decipher the mountains of data available, finally leveraging the elusive ‘return on experience’ to support mechanics in real time.
This also helps with compliance during inspections, as data on portable tools can be easily recorded. A cornerstone principal in aviation compliance is having that second set of eyes. Allowing data to be shared across organizations lowers the potential for errors as there is no longer the time lag and inaccuracy that workers have been accustomed to from paper records.
The new generation of cloud solutions can be set up in their own separate environments, which today have the potential to be far more secure than any previous private or on-premise data center. As the name suggests, cloud containers create isolated boundaries of data which means that if anything goes wrong in one container, it only affects that single cell and not the entire system – helping reduce the threat of a wider cyberattack.
Blockchain and cybersecurity
The aviation supply chain covers a wide variety of businesses, from original equipment manufacturers and Tier 1 suppliers to airlines, airports and third party MRO providers. This presents an interesting dilemma because not only do you need to secure and protect data accumulated from each party, you also need to be able to share it across this broad supply chain. Blockchain technology is emerging for this very purpose.
In a blockchain, each record, or ‘block’, of data has its own timestamp and is encrypted with credentials in a peer-to-peer relationship, which makes malicious tampering extremely difficult. All ‘blocks’ are linked to the previous block of data, meaning the only way to tamper with its content is to have the entire network of trusted peer-to-peer contributors collude to corrupt the chain.
Blockchain is still some way off being widely adopted, and is just a concept for airlines right now, but the technology has real potential to help boost cyber defences.
The fear of cyberattacks disrupting the entire aviation industry is driving organizations to make sure they have the right solutions in place when, not if, an attack occurs. Cloud security systems build the assurance airlines need to prevent and minimize the impact of cyberattacks, and blockchain could even further protect operational data for airlines in the future.
But keeping up with cyber developments requires airlines to adapt to new technology. Legacy systems pose a stumbling block, especially when it comes to dealing with compliance regulations and data protection – the cost of which can be damaging in an industry where safety is the top priority.
Inflexible and cumbersome IT implementations cannot always adapt quickly to incorporate new technologies to stay ahead in the cyber arms race. Airline systems need inherent agility in order to keep passengers, staff and the business safe from the rising tide of cyberattacks.
October 5, 2017