Protection against cyberattacks is becoming a growing challenge in the aviation industry, according to Tony Tyler, CEO of the International Air Transport Association (Iata).
Experts estimate that cybersecurity breaches cost a total of US$500m in 2015. It is also estimated that 94% of global companies have experienced some form of cyberattack. It is further estimated that about 13% of people still click on phishing attacks.
“Our electronically connected world is vulnerable to hackers bent on causing chaos,” said Tyler at Iata’s annual general meeting which took place in Dublin this week.
“We are all vulnerable and there is no guaranteed way to stay a step ahead.”
Subsequently, Tyler said real-time collaboration and information exchange between industry and governments is critical.
“Make no mistake. We face real threats. Government and industry must be nimble, share information, use global standards and keep a risk-based mindset when developing countermeasures,” said Tyler.
During a panel discussion on cyber security, Matthew Finn — a cybersecurity expert from Augmentiq — said businesses should look at security in a holistic way.
He said there is currently a downward trend of documentation fraud, but an upward trend regarding identity theft.
Linda Urrutia-Varhall, of the US department of defence, added that aviation is still a central focus for terrorists and criminals.
Aviation industry role players and authorities need to gather and share information to deal with threats, said Urrutia-Varhall.
Kurt Pipal of the FBI pointed out that airline companies sit on a lot of big data and that this is also of interest for industrial espionage.
He cautioned companies to be very careful about subcontractors and he stressed the importance of sharing intelligence information in the industry.
“Build awareness and do not have a silo approach. Identify your vulnerabilities and make the assumption that you are going to be hacked. Participate in a 24/7 securities operation centre,” suggested Pipal.
“Occasionally you could even use a so-called ‘dark agent’ — a hacker to test your system. Companies do fire drills, so why do they not do cybersecurity drills too?”