Airlines Increase Cybersecurity as IoT Broadens Connectivity

By Juliet Van Wagenen | July 26, 2016
Send Feedback

[Avionics Today 07-26-2016] A new study by SITA reveals that airlines are increasing investments in new levels of connected technology, such as the Internet of Things (IoT). And, as more airlines begin to embrace connectivity onboard their aircraft for both operational and passenger use, airlines are also making protecting themselves against cyber threats more of a priority.

SITA’s recently released 2016 Airline IT Trends survey found that 68 percent of airlines in the next three years are planning to invest in programs surrounding IoT, or the development of the internet in which everyday objects have network connectivity, allowing them to send and receive data. According to Nigel Pickford, director of market insight at SITA, this uptick in IoT investment is just the beginning of an age that will see the proliferation of smart objects and devices drive massive gains in efficiency, deliver greater value to passengers and staff, and enable new business models for airlines.

Photo: SITA

“For the airline community the leveraging of the IoT for new or enhanced passenger services is in the early stages and will be realized through the ever-growing number of mobile devices being used by passengers through their journey. Placing sensors in objects allows them to be controlled or monitored remotely,” Pickford told Avionics Magazine. “For example, in the last few years there has been a leap forward in technological capabilities of beacons and sensors, which allow for automatic geo-location and/or temperature sensing, for example.”

Widespread wireless connectivity has been a significant contributor to the rise of IoT using either cellular networks or Wi-Fi, according to Pickford. Low-Power, Wide-Area Networks (LPWANs) are also starting to emerge, which improve the business case for low-bandwidth sensors. Also, as the robust and higher bandwidth connectivity becomes more widely available onboard aircraft, as the aircraft itself becomes part of the IoT, opportunities are emerging for IoT-enabled services as well.

“By 2019 almost three-quarters of airlines will offer internet access and multi-media file streaming direct to passenger devices onboard. Airlines are also planning other ‘connected’ services on-board, with over half planning apps for destination services and duty free on board over the next three years,” said Pickford.

Rising in tandem with an interest in IoT and more connected systems and aircraft is a growing investment in cybersecurity. Pickford notes that with the proliferation of internet-connected devices on aircraft, used by an ever-increasing number of passengers and by staff within the operation itself, airline exposure to cyber threats is growing rapidly. The company’s survey found that 91 percent of airlines plan to invest in cybersecurity programs over the next three years. Just three years ago, less than half of airlines, 47 percent, said they were making advanced preparations to manage cyber risks.

“Like all industries, the air transport community is facing increased risk from cyber attacks and airlines are reacting to this responsibly by increasing investment in cybersecurity-related initiatives,” said Pickford. “Airlines recognize that cyber threats never stand still and that it’s an ongoing requirement to maintain investment in safeguarding against these risks by staying one step ahead of cyber criminals.”

The move toward more investment in cybersecurity follows a wider call throughout the industry for airlines to begin taking steps to protect against cyber threats, including training employees and taking advantage of new technologies that would allow airlines to enhance their view of cyber intrusion attempts performed by passengers on their aircraft. Intelsat Chief Information Officer (CIO) Vinit Duggal urged airlines to protect themselves from new age hacker technology at the 2016 Global Connected Aircraft Summit earlier this year. One example of these new hacker technologies is the Wi-Fi Pineapple, a wireless platform small enough to fit in an overhead bin and can be used to connect unsuspecting passengers to what appears to be the airline-facilitated Wi-Fi, where hackers can then spy on their Internet activity.

“We are moving from a closed [In-Flight Entertainment] IFE environment to a real open communications environment that is going to open the threat landscape. Some of the things we have to figure out are how are we monitoring the situational awareness of an aircraft, who is responsible for that? Is it the airline? Is it the service provider? Who is responsible and how is that happening?” said Duggal. “The goal is to start protecting proactively and not get into this reactive state where you’re chasing the threat; that’s impossible to do, you’re never going to win that battle.”

Pickford believes that collaboration within the air transport community is key and the most effective way to challenge these cybersecurity threats is the sharing of information.

“We know that those posing these threats are sharing information among themselves,” said Pickford. “The air transport community needs to do the same to ensure both preventative and reactive measures have the optimal impact for individual companies and the industry overall.”

The 2016 SITA survey found that virtually all airlines will have implemented general cyber-threat awareness, education and training for their staff by 2019, ensuring their own employees are key in acting as a first line of defense against cyber attacks. Moreover, the majority of airlines have security inherent in new developments today with 52 percent already having implemented security as a key element in the software and product development life cycle, and almost all airlines having implemented this by 2019.

Pickford notes that not only does the industry need to continue to increase awareness and education about cybersecurity, but that it also needs to continue to innovate regarding technologies that protect against cyber threats.

“Just as the industry is continually innovating against cyber risks, cyber attackers are also developing their approach. It is crucial that the air transport community learns their techniques and the technologies they are utilizing to counter these threats by building security measures into air transport technology and software as standard,” said Pickford.

Receive the latest avionics news right to your inbox