Emerging Cyber Threats In Nigeria’s Aviation Sector (1)
By Okuneye Moyosola
More than most sectors, aviation has embraced digital transformation. Airports are turning to connected technologies such as the internet of things (IoT), Artificial Intelligence (AI), cloud computing, among others.
SITA, a multinational information technology company providing IT and telecommunication services to the air transport industry, in its Air Transport Trends for 2017 report found that more than half of all the airports surveyed were planning significant investment in AI over the next few years. Among the technologies being investigated is self-check-ins which uses facial recognition data as is being used by Air Asia.
Hong King International Airport, for example, aims to take facial recognition data and allow passengers to use it as a single token for their entire journey. Cameras would scan the face as they arrive and this would allow them to move more quickly through the terminal and onto their flight.
Other airports are tracking the movement of passengers through terminals to help them reduce overcrowding. These can provide details of crowd movements, highlighting potential areas of bottlenecks and allowing the airport to make adjustments to infrastructure and to allocate staff as and when needed to reduce delays.
Heathrow, meanwhile, is using smart boarding cards which are embedded with all the information about a passenger’s flight and boarding gate. It can track them as they pass through the terminal and spot when they are in danger of being late. Using big screens, they can issue instructions to hurry up and not to dawdle at the duty-free shops. If a passenger arrives at airport security too late, they can be sent back to the check in. The Airport hopes this could reduce the 50,000 hours of delays which it says are caused by late passengers.
Meanwhile, airport IT systems are becoming increasingly connected and take information from many different sources into a central dashboard. This is a future in which airports are smart and connected, bringing together diverse technologies through the internet of things (IoT) to streamline operations, communications, improve collaboration between departments and increase data visibility.
For example, by using tags and sensors an airport can quickly locate infrastructure and equipment, they can monitor the progress and location of baggage and they can track the real time location of aircraft and vehicles.
These technologies will be crucial if the aviation industry is to successfully meet the various challenges confronting it over the next few decades. Statistics suggest the number of passengers could double over the next 20 years. IATA’s latest long-term passenger forecast, suggests there could be more than 8.2bn passengers by 2037 with numbers growing at an annual rate of 3.5%.
Expansion is expensive and can take a long time, which means airports will have to find a way of making existing infrastructure go much further and to do that, they will need digital technologies. These connected technologies, however, make the industry much more susceptible to cyber-attacks. Airports are increasingly reliant on technology and the global aviation network is more connected than it has ever been before.
Cyber-attacks represent one of the most serious threats to the aviation industry. At the very least they can exact millions of pounds in damages, but at worst they could be devastating and allow terrorists to achieve their goals without having to set foot on a single flight.
The aviation transportation system continues to grow rapidly, as more and more passengers regularly choose to fly. On a daily basis, hundreds of flights arrive, depart, or overfly the Nigerian Airspace, while each year huge amount of freight are transported by air into Nigeria and within Nigeria. However, the aviation sector in the country still has challenges with physical security issues at airports and with aircrafts. However, the country needs to start focusing on cyber threats in the aviation sector. Although, Nigeria has not experienced a case of cyber attack in the aviation sector, there is need for the sector to ensure that preventive- measures are put in place to prevent such attacks. The Nigerian aviation industry therefore may be at risk without appropriate cybersecurity measures put in place for this evolving threat.
Engr. Ronald Ajiboye, an Aerospace Engineer, Techpreneur and the CEO/Founder of McRonald AutoDrone Centre Ltd while speaking with MMS Plus highlighted some of the preventive measures that could be adopted by the country in addressing cyber crime while pointing out some areas of the sector which are prone to attacks.
“Over time, the aviation industry hasn’t had, both national and international, good regulatory bodies to tackle emerging issues like these cyber-attacks. Today, we have the International Air Transport Association (IATA) and they are already working on something like this. They started in June 2019 with an attempt to bring all countries together so that they can have a particular document that will be able to address this issue. Another country that I have also seen which has a document like this is Qatar. I’m sure some other countries will also have theirs.
“Qatar’s major strategy in tackling cyber crime in the aviation industry is that you predict, prevent, detect and respond. Predicting capability enables the security organization to learn from external event via external monitoring of the hackers. This is done through data analysis. I remember that there was a cyber attack that occurred in Atlanta last year which shut down the operations of the airport. We can gather data from these occurrences that have happened before and model it to help us predict future occurrence. Once the predictive is done, we have to prevent it”.
Explaining Qatar’s strategy, he noted that its preventive strategy includes policies, products and processes that are put in place to prevent a susceptible attack which means that we don’t want the attack, noting that detective capability can be designed to fight attacks that have evaded the preventive category and responsive functions are required to investigate when things are already on ground.
“There are also different kinds of threats. We have the dishing attack, the Wi-Fi date attack, the BYOD attack, jamming attack, remote hijacking and there are several others. Let’s say you introduce the jamming technology, you and I can be at the same place using a phone and maybe the phone was used to publish some data to the air traffic control unit, once that equipment is placed in there, it jams both network and we wouldn’t be able to do anything. This is an example of jamming” he outlined.
According to him, the Nigerian Civil Aviation Authority (NCAA) needs to create a law which seeks to punish those who engage in cyber attacks.
Reacting to this, the Public Relations Officer of NCAA, Mr. Sam Adurogboye stated that there wasn’t need for the authority to create laws specifically for cyber threats in the sector as there are general laws which address cyber threats generally in all sectors.
“Cyber threat is not peculiar to aviation. We are talking about IT generally and there is a threat to it whenever it is in use. The department that handles Information and Communication Technology generally is Ministry of Communications and I know that cyber threats are controlled. There are limitations and responsibilities attached at that level. If NCAA has to put a law on cyber threats, what would the Ministry of Communication be doing? Our core mandate revolves around aircraft and its safety. If there are violations that are arising in the aspect of aviation business, there are enough laws to take care of that. As we speak, there is control. There are laws that guide IT operations but the threats are to everybody. There are cyber threats everywhere computer is in use. Every department or office shouldn’t be involved in making laws, we leave it to those who should do it and when people violate, they are handled under that law”.
He also disclosed that the agency is working towards securing its communication systems to prevent them from been hacked.
However, the NCAA spokesperson observed that there are security measures that can be put in place by individual operators and businesses.
“In our system, we automate our processes. So it’s left for us to get the service of an expert to secure our system so that it would not be hacked or corrupted. But where there is a deliberate violation, there are laws already in operation under which such person would be tried”, he said.
Meanwhile the Nigerian Airspace Management Agency (NAMA) has also created a National Air Navigation Planning unit, vested with the mandate to oversee the domestication and replication of new International Civil Aviation Organization (ICAO) global and regional plans for the enhancement of air navigation in the country.
The agency made this known recently while stating that it has recently concluded one-week training for 20 critical personnel to run the newly created unit.
NAMA spokesman, Steve Onabe, in an exclusive chat with MMS Plus noted that the unit was also created to address cyber crimes in the aviation sector.
“Some of the basic inputs that we need to make in ICAO, we are not doing it. The planning unit was created to replicate what ICAO typically does in Nigeria. What we are going to gain is enhanced safety, safety of our air traffic management system and navigational aids against cyber threats. Right now, there is a lot of discussion on cyber security. What we are trying to do is to manage our equipment because if they hack the air traffic management system, the safety would be compromised. You can be here trying to control traffic and a hacker would be in another place trying to hack in. We are also going to serve as a link to ICAO from Nigeria. All the resolutions that ICAO is making, we are going to make an input and impact on those resolutions” he opined.
Over the years more emphasis has been placed on physical security, as the Federal Airport Authority of Nigeria (FAAN) has focused on securing the nation’s physical security perimeters. Without a concerted combined effort of a two prolonged containment strategy on both the physical and digital domain, Nigeria’s aviation sector remains highly vulnerable to cyber attack. It is time for Nigeria to focus more on cyberspace security in the aviation sector.