Building cyber resilience in the aviation industry

Lydia Walker, senior lead consultant at cyber security specialists Bridewell, offers her perspective on how to make aviation more secure.

After a turbulent few years, the transport and aviation industry is striving to leave the disruptive Covid days behind in 2023. But in order to continue on the path to recovery, the sector will need to strengthen its resilience to a key disruptor – evolving cyber security threats.

While the industry is making progress towards securing systems and processes, there is no room for complacency. Aviation continues to be among the most targeted sectors within the UK’s critical national infrastructure (CNI), with new cyber threats constantly emerging, particularly from nation-state cyber warfare.

At the same time, aviation organisations are accelerating their digital transformation programmes. This has led to greater connectivity between traditionally air-gapped systems, with operational technology (OT) becoming more interconnected and internet-enabled than ever before. While this has helped the sector to modernise and develop further operational capabilities, it potentially exposes organisations to new vulnerabilities.

As the digitalisation of aviation proceeds at pace – and growing numbers of organisations transition to cloud environments – the industry needs to take a proactive approach to cyber security operations to counter emerging risks.

Security budgets soar

At first glance, the sector appears to be rising to the challenge. Bridewell research suggests that cyber security is becoming a growing priority within transport and aviation, with 82% of organisations seeing their security budget rise over the past 12 months. Operators are now spending on average 40% of their IT budget on cyber security – and security investment across transport and aviation is expected to increase by a further 36% in the year ahead.

Whilst this is encouraging to see, it’s only one piece of the puzzle. Increased budgets alone are not sufficient to build a mature and resilient response to ever-changing cyber threats. Instead, spend needs to be continually reviewed and channelled into the right places.

Evolving threat landscape

Aviation organisations face a rising tide of cyber threats from increasingly sophisticated and resourceful criminal groups. When Bridewell surveyed IT decision makers across CNI, it found that 81% of transport and aviation respondents have seen an increase in the volume of cyber security attacks over the last 12 months – compared to an average of 69% across all other sectors. Attacks against aviation have also been more successful than those in other sectors, with 84% of organisations reporting a rise in successful cyber attacks over the last year.

Recent geopolitical events have created a sudden and significant challenge for aviation, a sector which is particularly vulnerable due to its global presence and reliance on local on-the-ground conditions. An overwhelming 92% of aviation organisations have seen a rise in cyber attacks on their infrastructure since the start of the Russia-Ukraine war – the highest increase across all CNI industries surveyed.

Alongside the rising fear of cyber warfare, which is causing concern for 99% of IT decision makers in aviation, the sector is facing a sharp increase in a range of evolving cyber threats. These include supply chain compromise, ransomware, phishing, and distributed denial of service (DDoS) – where criminals flood an organisation’s server with internet traffic to prevent users from accessing connected services.

Prioritising detection and response

It currently takes transport and aviation companies almost two months on average (51 days) to detect a cyber attack on the business. This is significantly longer than any other CNI sector, suggesting that cyber budgets are not being spent effectively. After all, it only takes minutes for a cyber attack to inflict severe harm on critical systems.

Many organisations also suffer from a lack of comprehensive visibility across their diverse digital landscapes. As IT systems within aviation converge into previously isolated OT environments and cloud architectures, blind spots can make it difficult to detect and respond to cyber threats as they unfold.

With 86% of transport and aviation leaders saying they do not have sufficient visibility across the IT/OT boundary, organisations must prioritise the improvement of visibility across all assets and environments. This will fundamentally enhance threat detection capabilities by eliminating blind spots, which, in turn, enables faster response.

Achieving cyber maturity

As cyber threats proliferate, aviation organisations must combine traditional preventative tools with more proactive and holistic approaches to cyber security, such as threat intelligence and detection and response. This will enable the development of better, more informed preventative strategies to protect systems and society.

Organisations now have a great opportunity to invest in the technologies, processes and people that will help them to strengthen and mature their security stance. Encompassed managed services, such as managed detection and response (MDR), can be critical in helping organisations design, articulate, and produce their own successful security programmes, especially if there are in-house skills gaps across IT and OT that need to be plugged.

By ensuring proactive, intelligence-led cyber security is embedded into operations from the outset, aviation organisations can build the confidence and resilience to modernise securely, all the while keeping pace with an ever-expanding threat landscape.
Subscribe to the FINN weekly newsletter