MIAMI – Eurocontrol’s European Air traffic Management-Computer Emergency Response Team (EATM-CERT) has published its findings on the state of cyber threats.
The Think Paper #12, published on July 5, takes a comprehensive look at the increasing phenomenon that has affected the aviation industry, particularly airlines and their customers.
With the support of Eurocontrol’s EATM-CERT data, the Think Paper sheds light on the extent and urgency of cyberattacks and tries to assess its magnitude and sources, giving advice to industry players on how to improve their response against cybercrime while offering help on how to counter these types of threats.
A first finding is that airlines are a prime target for a large number of cybercriminals – an estimated 500 – that, each year, create a loss of approximately US$1bn, an amount claimed by no less than 400 bogus websites. Cybercrimes include data theft, credit card fraud, frequent flyers miles fraud, phishing, and fake invoice emissions, just to mention a few.
A second finding is that ransomware is now a frequent source of cyberattacks, claiming victims on a weekly basis and on a global basis, disrupting business and negatively affecting productivity. The threat comes at a cost since extortion is usually the only way to avoid a grinding halt in operations and payment is the only way to restart them.
As for flight safety is, it is, for the moment, not impacted by cybercrime and no cases of extortion to recover blocked data have been reported but, as stated by the Think Paper, “there is no ground for complacency.”
There is growing news of state-sponsored cyberattacks or organized crime taking advantage of IT vulnerabilities to carry out large-scale interferences both for political reasons or ransom.
Finally, not every air transport industry actor, including entities involved in the supply chain, avails itself of efficient protections against cybercrime and therefore exposes itself to great risks for not systematically applying proper IT protection measures.
The Think Paper points out that digital identities need stronger and better protection to avoid cyberattacks.
The European Aviation Common Public Key Infrastructure (EACP), presently supported by Eurocontrol, and EATM-CERT services are being proposed as a solution to foil fraud and protect the aviation industry from disruptions and extortion carried out in cyberspace.
Article sourced from Eurocontrol Think Paper #12
Featured image: Egyptian ATC Tower Controller at HECA Cairo Photo: Air Traffic Controllers – Egypt