By Okuneye Moyosola
The aviation sector has benefited from the increasing level of connectivity and digitization across the value chain. The enabling technological advancements in the aviation sector are creating enormous opportunities to have better customer service, security, flight efficiency, operations and passenger experience both on the ground and in the air. However, following the advancement of technology and connectivity, the market has become prone and vulnerable to cyber attacks of malicious malware activities targeting the aviation sector.
In December 2017, a major amount of sensitive security data was stolen at Perth Airport. The world’s biggest airline Cathay Pacific Airways Ltd. also suffered from data breach, with the hacker accessing personal information of more than 9.4 million customers.
As the air travel industry has become dependent on information and communication systems, more cyber threat access points have been created that could lead to malfunctions or compromise customer data. Aviation stakeholders, therefore, need to boost cybersecurity efforts to ensure customers have a safe travel experience.
More airports plan to roll out systems that permit greater airspace flexibility and higher traffic densities. While higher productivity will be the result, more shared users on interconnected platforms translates into additional access points for cyber threats.
Also, wi-fi on aircraft is increasingly offered because it provides customers with entertainment and a method of communication in the air. Wi-Fi also allows airlines to engage with patrons and capitalize on services. However, Wi-Fi on a plane is not secure. This means anything done on a laptop or phone using the aircraft’s network could potentially be hacked. One fellow passenger read emails accessed by a reporter using the plane’s network during a flight.
One failure in the airline industry could cause terrible cascading effects, such as the mass grounding of planes and cancellation of flights. Customers’ confidence in the industry would decrease, and serious financial implications would be the result. The August 2017, Delta Airlines outage that lasted for only five hours resulted in 2,000 flight cancellations and cost the company $150 million.
Also, experts at the Department of Homeland Security hacked into the avionics of a parked commercial plane last year as part of a test. A computer virus spread to air traffic control systems which made the Federal Aviation Administration (FAA) to shut down operations in Alaska. In another attack, adversaries took over FAA network servers and gained access to about 48,000 FAA employees’ data.
Since networks today are widely shared and interconnected, aviation systems need to be created with the expectation that failures and intrusions will occur. It is necessary for stakeholders to have the ability to detect intrusions and implement appropriate responses after discovery.
Stakeholders can try to prevent cyber threats from penetrating their networks, but it is likely that a malicious attack will enter systems at some point. Identifying the threat and implementing an appropriate response is key to limiting the amount of damage any one attack can cause. Aviation industry stakeholders must continue to work together to prevent and respond to cyber threats to guard their businesses and maintain customer confidence.
A lead Developer and tech expert at MAC Prodoos Company, Ejeh Ernest while speaking with MMS Plus noted that organizations need to focus much more on detection as well as prevention. According to him, there is need for the aviation industry in Nigeria to be aware of the risks associated with cyber attacks stressing that it can occur at any point in time.
“Cyber attack in aviation is not common in Nigeria. They may be flight ticket fraud and others, however, the serious one that could shut down an airport has not happen. We also have to prepare for it because, it can happen anytime” he opined.
According to him, whenever a breach occurs, it is important to ensure that it is resolved as quickly as possible. In some cases, the detection of a cyber attack could take long as four months and by this time, the damage will have already been done. So, timely detection affords proper response and minimizes the damage.
“Cyber security, therefore, has much more importance within an organisation. It starts at the executive team and moves on down throughout the organisation. Employees will also have to be trained in best practice procedures as part of their induction and the strategy will need to be continually monitored and updated as the threat landscape evolves” he said.
Ernest also highlighted some of the softwares can be put in the place to prevent cyber attacks in the industry such as VBoT, Vision Box and VB ochestra.
“VBoT is a small and fully autonomous biometric device. It performs both capture and contactless biometric recognition within seconds. VBoT recognizes people while they are stationary or on the move, using their face or iris in a non-intrusive way”.
“VBoT is conceived as an AI powered edge device, and is ideal for travel and border Control, smart government, and smart city ecosystems. It is also good for secure, quick and accurate Identity vetting. VBoT uses digital credentials to replace passports, ID badges, or any form of paper or digital access tokens. It supports officers, hosts and receptionists by offering personalized guest identification. VBoT increases and expedites security by performing on-the-move recognition at airport terminals or any other venues. Multiple VBoTs can communicate with each other through a handshake automated process, enabling for a smart correlated tracking along the entire journey. In addition, VBoT easily connects to external systems for reconciliation with source images’ databases, watchlists, ERPs’, passengers’ manifests, among many others”.
“Vision-Box is also new facial recognition technology which seeks to improve passenger identification as well as homeland security. Asides from improving traveler experience, collecting high quality data from a variety of sources, it also enhances the matching process against government databases as well as improve the ability to deploy important analytics to improve the country’s security. The new biometric totem offers an accurate establishment the identity of individuals travelling, efficient vetting of foreign visitors, and the immediate recognition of the ones that are undocumented or have overstayed their visas”.
“VB orchestra is another powerful end-to-end airport and border control management platform that services travel stakeholders as a hub of multi-source data streams, bridging traveler and other parties, biometric-enabled smart interaction devices and processes, mapping a complex data infrastructure into a seamless travel experience” he said.
Engr. Ronald Ajiboye, an Aerospace Engineer, Techpreneur and the CEO/Founder of McRonald AutoDrone Centre Ltd who spoke to MMS Plus a forthnight ago also revealed that the industry is prone to these attacks because of the level of information that is transmitted.
“Cyber crime is way bigger. We have the navigation system and the communication system and these things can be hijacked because information are been transferred over time. Before I pilot can fly, there are flight dispatchers, flight layout and flight layout will already be made. If he wants to land, the air traffic control unit would get information across. If there is interference or another aircraft that is flying close range between that aircraft, the air traffic controller is monitoring the aircraft. On the aircraft as well, the pilot system is also running and is giving the range of the altitude and to tell them about the area as to how they can actually manage the situation. All these are data and information. Anything that makes information transmittable from one place to another that means it is hackable”.
Ronald also stressed that awareness in the aviation sector is key to ensuring that all stakeholders are prepared to address cyber threats if it occurs in the country.
“The first thing that should be done is for the compliance and regulatory body should come up with the minimum Bench-mark for regulating cyber-crime because we need to secure the humans. Secondly, there must be awareness about it. Airlines needs to know. There must also be training. Most people are not aware of this cyber-crime. The airport manager or those that are in the Information and Communication Technology (ICT) sector should know that there is a possibility of jamming. The certified ticket seller should also be aware that someone might hack their website and they won’t be able to have access to ticket selling. Someone could have made a reservation and the person realizes that his or her data was not found while checking in. that person might want to travel for an interview or might want to go and give birth. So this needs training so that they know the security measures that must be put in place to address this. Airlines, airports, air traffic controllers and manufacturers have to train their own people. There must also be a constant updating and circular that needs to be passed around every time so that people will know”.
“We should also implement configuration management. In the process of developing this benchmark and a structure, during our work breakdown structure, we must ensure that we have other than the execution stage, a change management and configuration management stage. So that at the end of the day, there are people who can manage the changes that have happened. The international bodies also have a role to play because they will do it better. IATA is actually spearheading it because whatever we have at the local body is also a function of what has been accepted globally. If all these international bodies can come together and attack this as well and develop a model for that, its also going to go a long way”.
The Director, Transport Research and Intelligence , Nigerian Institute of Transport Technology, Dr Danjuma Ismalia also urged operators to create contingency strategy while stressing the need for them to beef up security in the cyber space.
“The means of communication in aviation before was radar system but now they are resorting to GPS. GPS is connected to the internet which is efficient and faster. However this makes it more vulnerable to attack. These systems have a lot of component and each one depends on the other. So if one is affected, the other one is also going to be affected. The operators should guide against their data, monitor the data activity and data flow, have a lot of security gadgets and also create contingency or reactionary strategy. When there is an attack, this contingency plan should be able to deal with the situation. Operators should be able to share information among themselves and engage experts on cyber security”.
“ Another thing that the operators, government and the Nigerian Civil Aviation Authority should also do is risk assessment of potential cyber attack. It’s just like what you have in Safety Management System (SMS). They should do the risk assessment to discover where the problem lies and risk preventive strategy. Cyber security should be pro-active and not re-active and this can only be done through risk assessment. Through this, they can see all areas that could be attacked and bring in risk prevention strategy. The NCAA should also ensure that this is incorporated into SMS. We shouldn’t feel that it’s not going to happen, it’s just a matter of time”.
Similarly, the International Civil Aviation Organization (ICAO) also adopted action-oriented cyber security resolution at its 40th Triennial Assembly in October. The resolution recognizes the need for a coordinated and coherent international framework and calls on the sector to adopt cyber security management systems to protect critical aviation systems from cyber threats, to develop a cyber security culture, and to promote the development and implementation of international standards and best practices in order to protect data and systems from interference.
International Air Transport Association (IATA) also presented to the 40th ICAO Assembly the Information Paper, “Aviation Cyber Security – Moving Forwards” explaining the need for a coordinated, proactive, and tangible progress on gaining visibility to and managing aviation cyber security risks. Through this paper, IATA also gave its support to the creation of the ICAO Cyber Security Strategy.
These efforts made by the international bodies shows that a lot of focus has been drawn to cyber security. therefore, Nigeria’s aviation industry shouldn’t be left out in the fight against cyber threats.