Expert calls for international mandates to strengthen defences against cyber security attacks

Generic airport photo.

An aviation expert is calling for international mandates to be imposed on the industry in order to strengthen its defences against the rising number of cyber security attacks.

Vance Hilderman, chief technical officer at AFuzion, says not enough action is being taken to circumvent cyber hacks, leaving airports “vulnerable” to the potential for violent acts such a repeat 9/11 incident.

A failure to take more action could also leave open the possibility, particularly in wartime, that countries like Russia or China could hack into America’s airports to cause chaos as a means of holding it to political ransome.

But the aviation industry, he says, has not responded well to increasing cyber attacks. “It’s a bit like global warming. We all know it’s happening, we all think it’s ‘his or hers’ responsibility”.

“With all the people developing software and building computer systems, we’re finally making some traction – but not enough. And that’s what has people worried, we need a concerted effort,” Mr Hilderman said.

“We think the increasing number of cyber attacks are being committed by state agencies. We think it’s probably Russia and China, possibly North Korea.”

He says in the event of US intervention in Taiwan, China would likely hack into airports’ cyber security networks to prevent the country’s involvement in possible conflict.

But whilst he suggests the industry itself is “vulnerable”, it’s a “concern” that passengers are also at risk of violent attacks where hackers have the potential to remotely take control of an aircraft and deliberately crash it.

In March, the US Transportation Security Administration issued an emergency amendment to the security programmes of several airports and airlines to increase security.

This was largely in response to reports of increased attacks on critical infrastructure and transportation in the US.

The amendment requires regulated airports and airlines to develop a plan to improve cyber security resilience and assess that plan regularly, but Mr Hilderman says that in order to properly address concerns, efforts must be made at a global level.

“We have hundreds of threats and we’re trying a patchwork technique to close them, but we don’t have an international, or even national, programme to start addressing that.”

In order to mitigate the concerns, the industry must “formally mandate and adopt a common infrastructure of security [on an international level] … a common standard that makes everyone realise they’re part of the problem”.

Mr Hilderman says that without international co-operation, greater threats are posed to key infrastructure, including “air traffic control, airport access, computer access and new avionic systems that use commercial-off-the-shelf software”.

He adds that passengers are also at risk from the use of consumer electronics within an aircraft’s infrastructure.

Image credit: Ivan Shimko/Unsplash