Aviation industry faces rising cybersecurity risks as new technologies drive adoption, says Aviation ISAC survey

The 2024 edition of the Aviation ISAC Cyber Risk Survey highlighted significant growth in 2023 with the adoption of new technologies to enhance the aviation industry. These technologies include advancements in electric take-off and landing vehicles, drones, security and monitoring technologies, and artificial intelligence. Inclusion of these technologies emphasizes the critical need for a robust cybersecurity program across various segments of the sector, such as airframers, airlines, airports, air navigation service providers, communications providers, and supply chains.

The latest Aviation ISAC survey report identified that over the past eight years, cyber hackers have demonstrated an ability to disrupt the global commercial aviation system. “Airline and airport operators, aircraft manufacturers, satellite companies, and the complex aviation supply chains that support them will continue to be targeted. Certain companies have experienced significant operational disruption, loss of sensitive data, and financial losses.” 

The Aviation ISAC assesses that due to their frequent use of zero-day exploits, sophisticated evasion techniques, and targeting of aviation-related data, China-based APT groups are likely to pose the highest cybersecurity risk to the global commercial aviation sector. It added that the assessment of the cyber threat landscape addresses the capabilities and intent of cyber threat actors, the increased vulnerabilities of the sector as more business functions become digital, and the impact attacks can have on global commercial aviation.

The Aviation-ISAC report disclosed that “Identity Management, authentication, and access control, continues to be the most significant area of concern for the aviation cyber security community. Many initiatives are underway, and more details can be found in the body of this report. Supply chain risk management was the second category of most concern. This aligns with the many supply chain-based attacks we saw impacting the industry in 2023. Governance was the third highest rated area of concern.”

Year over year, Protect, Identify, and Detect initiatives remain the ‘top 3’ areas of emphasis for the majority of airport member companies, according to the Aviation-ISAC report. “For 2024 there was a significant shift in resources toward identify-based initiatives. The sub-categories of Supply Chain and Risk Assessment were the most frequently mentioned areas of emphasis.”

Every year, the Aviation ISAC surveys CISOs in the community to gather insights into their strategies for mitigating cyber risks in the upcoming year. The survey consists of a single question: “What are the three to five actions you have committed to accomplishing in 2024 to minimize cyber risk?” The resulting research report serves as a tool for industry CISOs to benchmark their strategies, assess program maturity, and manage resources. Additionally, the Aviation ISAC staff utilizes this information to prioritize and direct their efforts towards areas of emphasis for its members.

The responses are then cataloged using the National Institute of Standards and Technology’s Cyber Security Framework (NIST CSF). The Aviation-ISAC aggregates the responses and summarizes where cybersecurity efforts are focused. The survey also noted that as the NIST CSF has significantly fewer categories and sub-categories in the Respond and Recover functions, it expects to observe fewer initiatives in these areas.

The report disclosed that for 2024, more projects were called out in the Identify Function, followed by Protect, Detect, Respond, Other, and Recover. However, Identity Management, a category within the Protect Function, continued to be the number one focus of the industry. 

The Aviation-ISAC also noted two significant changes from prior years. There was a marked shift into projects in the Identify function as opposed to an emphasis on the Protect function in 2023. This was primarily due to an increased emphasis by member companies on supply chain risk management, governance, and risk assessments. Secondly, there was a sharp increase in initiatives within the Detect function, as members highlighted projects to broaden and improve security, continuous monitoring, and upgrade detection processes.

The Aviation-ISAC report identified three types of cyber threat actors targeting the commercial aviation sector – the nation-state, APT (advanced persistent threat) groups, organized cybercriminal groups, and hacktivists. The objectives of these groups are to obtain sensitive corporate data (including intellectual property), track dissidents, steal or extort money, gain a geopolitical advantage, and/or support a cause. The large and growing digital infrastructure that supports the commercial aviation sector provides attackers with an extensive cyber-attack surface. 

Furthermore, the growing reliance upon managed service providers (MSPs) and cloud service providers increases the risk of indirect data breaches, when these providers are targeted by malicious cyberthreat actors. Although cyber adversaries continue to exploit known computer vulnerabilities in organizations that have not fully mitigated these flaws, they are also becoming increasingly adept at finding and exploiting zero-day vulnerabilities before they are made public. 

Cyber threat actors are also getting much better at avoiding traditional signatures-based intrusion detection systems and maintaining network persistence through living-of-the-land (LOTL) tactics.

The Aviation ISAC assesses that some cyber threat hackers likely possess the ability to inflict serious disruption upon the global commercial aviation sector. A serious malicious cyber disruption would most likely occur via exploitation of a software/firmware vulnerability to either breach corporate networks directly or breach the networks of service providers or supply chain companies to indirectly impact their downstream customers. The disruption may be intended to either extort ransoms or to temporarily shut down normal operations.

Escalating regional tensions in EMEA and APAC regions are likely to serve as driving forces behind increases in malicious cyber activities emanating from these areas. Cyber hacktivism is evolving into a form of proxy cyber warfare with fewer boundaries than traditional state-directed cybercampaigns.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.