Just like many other industries, the aviation industry has reaped benefits of substantial digital transformation. But with more digitalisation comes more risk. The Atlantic Council recently published a report regarding aviation cybersecurity, based on a global survey of 244 respondents. In this report, the two main sets of challenges highlighted are:
- Attempt to weave aviation cybersecurity into flight safety, security, and enterprise information technology has proven difficult.
- The second challenge is third-party risk management. There seems to be an issue between suppliers and customers regarding cybersecurity, with many finding it difficult to incorporate best practices into purchases, as well as difficulties in developing consensus on adequate cybersecurity risk management and transparency.
For an industry that is built around risk reduction, there seems to be a huge lack of understanding when it comes to cyber risk highlighted by the two points above. The report also claims that there isn’t enough dialogue about cybersecurity across different stakeholders. This lack of dialogue and understanding has driven the industry to rely on third parties to help assess and manage risk as well as a high reliance on cybersecurity researchers.
In addition to the lack of discussion there are three other key reasons for the lack of understanding of cyber risk:
- A huge focus on preventing, for lack of a better term, planes falling out of the sky. Traditionally this has been the main worry and has probably taken much of the attention away from cyber risk.
- Secondly, the follow of astonishing amount of PII data through these organisations. Organisations are now just starting to realise the value and importance of such data and aviation industry has to contend with some of the most sensitive aspects, e.g. passports and visas.
- Thirdly, the massive interconnectivity within the aviation industry. It is easy enough for most corporations to stay within the Five Eyes or avoid interactions with ‘high risk countries’ but it is a lot more difficult when you share passengers.
The report also says that there is not enough data captured to analyse and there are not enough aviation-based cybersecurity standards/regulations, but all of the above problems can start to be solved by increasing dialogue between relevant stakeholders.
Many best practices can be borrowed from other industries but each industry faces its own unique challenges. Therefore, there is a need for more conversations, as they drive regulation and best practice – it is not until we as an industry start looking at and come up with effective solutions.
Cyber Security is a key strategy for any aviation company. Read more about Privasec’s Risk and Compliance services here