Image courtesy of Yuri Samoilov
From keeping aircraft in the air to checking passengers in, aviation organizations rely heavily on information technology (IT) systems. But data collected from the growing number of aircraft, routes and passengers has increased the pressure on these systems, while legacy and inflexible IT systems are also leaving airlines vulnerable to the growing threat of cyber attacks. The following explains why safeguarding data is a serious challenge in the aviation industry and how cloud security and blockchain could help airlines reinforce cybersecurity.
Like most industry segments, airlines are quickly realizing that threats are just as likely to come from inside the organization as from outside. Cyber attacks have been reported at airports across the world, and it seems only a matter of time before we see an attack on a major airline.
In response to this threat, many commercial aviation organizations are actively hiring chief security officers and, according to a SITA Airline IT Trends Survey, the number of airlines that said they were advancing preparations to manage cyber risks has almost doubled to 91% in the space of three years.
With more IoT-enabled sensors being used, it’s actually the newer aircraft fleets that have a higher chance of being attacked, many of which can be ill-equipped to prevent unauthorized access. Increasingly being used for things such as passenger Wi-Fi, real-time air-to-ground communications are evolving to support mission-critical functions such as in-flight fuel adjustments and aircraft health monitoring, both of which could severely disrupt airlines if compromised.
The safeguarding of data has become a major challenge for airlines, one that threatens to disrupt key practices for the entire industry.
From passenger information at check-in desks to engine health data and maintenance history, airlines collect huge amounts of data. The corruption or loss of any of this information can pose serious safety and regulatory issues.
Storing information means airlines must adhere to compliance regulations, such as PCI-DSS for customer payment data, which states that information must be protected against unauthorized access and accidental loss. These regulations are even harder for international airlines to meet, having to cope with different data compliance laws across country borders.
This has implications on data storage, a lot of which is now being held in the cloud. Companies that don’t have strict policies in place, lack data access controls or use legacy IT systems will struggle to keep their data secure.
Cloud solutions are a vital tool in the new airline IT landscape, especially when dealing with scheduled and unscheduled aircraft maintenance. Having mobile devices wirelessly connected to software and data in the cloud frees up personnel from having to physically or electronically store manuals and documents. Powerful and easy-to-use mobile applications are now available to help decipher the mountains of data available, finally leveraging the elusive “return on experience” to support mechanics in real time.
This also helps with compliance during inspections, as data on portable tools can be easily recorded. A cornerstone principal in aviation compliance is having that second set of eyes. Allowing data to be shared across organizations lowers the potential for errors as there is no longer the time lag and inaccuracy to which workers have been accustomed from paper records.
The new generation of cloud solutions can be set up in their own separate environments, which today have the potential to be far more secure than any previous private or on-premise data center. As the name suggests, cloud containers create isolated boundaries of data, which means that if anything goes wrong in one container, it only affects that single cell and not the entire system. This helps to reduce the threat of a wider cyber attack.
The aviation supply chain covers a wide variety of businesses, including original equipment manufacturers, Tier 1 suppliers, airlines, airports and third-party MRO providers. This presents an interesting dilemma because not only do you need to secure and protect data accumulated from each party, you also need to be able to share it across this broad supply chain.
Blockchain technology is emerging for this very purpose. In a Blockchain, each record or block of data has its own timestamp and is encrypted with credentials in a peer-to-peer relationship, which makes malicious tampering extremely difficult. All blocks are linked to the previous block of data, meaning the only way to tamper with its content is to have the entire network of trusted peer-to-peer contributors collude to corrupt the chain.
Blockchain is still some way off being widely adopted and is just a concept for airlines right now, but the technology has real potential to help boost cyber defenses.
The fear of cyber attacks disrupting the entire aviation industry is driving organizations to make sure they have the right solutions in place when, not if, an attack occurs. Cloud security systems build the assurance airlines need to prevent and minimize the impact of cyber attacks, and blockchain could even further protect operational data for airlines in the future.
But keeping up with cyber developments requires airlines to adapt to new technology. Legacy systems pose a stumbling block, especially when it comes to dealing with compliance regulations and data protection — the cost of which can be damaging in an industry where safety is the top priority.
Inflexible and cumbersome IT implementations cannot always adapt quickly to incorporate new technologies to stay ahead in the cyber arms race. Airline systems need inherent agility in order to keep passengers, staff and the business safe from the rising tide of cyber attacks.
Jeff Cass is the vice president of strategy with the Aviation & Defense Business Unit at IFS.