Cyber Security in Aviation Sector
Airports are one of the most advanced structures in terms of electromagnetic and digital information. In order to maintain effective and timely operations, large amounts of information in the relevant aviation operation units must be linked to each other. Every critical threat must be identified and protective measures are taken against it. In this sense, we will examine cyber security, which is one of the most critical points in terms of both the airport and customers’ security. The “Cyber Security” ecosystem is of critical importance for the aviation industry. In addition, the safety of airline vehicles is also very vital.
What is cyber security? Cyber security is the methods and measures taken to protect networks, systems, hardware, software and data from cyber attacks. According to the research of the University of Maryland, more than 2 thousand cyberattacks occur daily. The majority of these attacks are phishing attacks. Ransomware and phishing attacks are at the top of the threats, so many airports attach great importance to the defense system created against cyber risks.
It has been reported in the press that many airline companies have been subjected to cyberattacks in the past years and that leaks with a high financial dimension have occurred as a result of these attacks. In fact, British Airways company was attacked twice a month apart, and as a result of this attack, the credit card data of approximately 570,000 people were leaked. Also, the Belgian-based company, which produces parts of aircraft such as ASCO, Airbus, Boeing, F-35, which are one of the important companies of the aircraft manufacturing industry, had to stop its production globally as a result of the ransomware attack.
Cyber security at airports starts from the individual and continues at the airport. Access, departure and passport control systems, cargo transport and distribution, reservation systems, fuel indicators, hazardous material handling management, flight entertainment systems, electronic check-in systems, electronic flight bags (EFB), cabin crew devices, flight traffic management systems ( Primary and secondary radars, automatic dependent surveillance (ADS-B), Global navigation satellite system etc.), aircraft information management system and many other electronic systems are all candidates to be targets of cyber attacks.
Until now, cyber attackers have not successfully attacked an aircraft’s electronic systems but have managed to hack a commercial aircraft’s satellite internet modem. This has affected passenger mobile devices connected to the internet on the aircraft.
Wi-Fi Security at the Airport
You can use VPN for Wi-Fi security at the airport individually. The password-free Wi-Fi networks offered at airports actually pose a cyber threat to both passengers and airport employees. With VPN programs, you can encrypt your data traffic as well as gain anonymity on unencrypted public Wi-Fi networks.
Unfortunately, this does not mean that it will provide full protection and prevent cyberattacks. In 2018, as a result of a man-in-the-middle (Mitm) attack at Atlanta Airport, the Wi-Fi service at the airport was shut down to prevent the spread of ransomware. Airport officials shut down the Wi-Fi service in order to prevent the ransomware spreading in Atlanta from affecting the airline’s Wi-Fi network.
Phishing Attacks
In phishing attacks, hackers often imitate known institutions to learn people’s account passwords and credit card information; They aim to leak data, damage systems and gain financial gain by infiltrating the network systems of institutions. In 2013, departure terminals in Istanbul airports were subjected to a cyberattack containing malware. As a result of the attack, passport control systems were closed and many flights were delayed.
Phishing attacks should not be taken lightly because as a result of the phishing attack, not only the attacked device, but all devices in that network can be affected and the malware can copy itself to other systems.
● Asking you to update your payment information,
Stating suspicious login to your account,
● Asking you to download files such as supposed invoices and update files included in the attachment,
● E-mail or message content asking you to click on the link for government aid, campaign, free product are usually phishing attacks.
It has been revealed that 92 percent of the malware is transmitted via e-mail. Therefore, antivirus programs should be used to prevent malicious software that may infiltrate the device through phishing attacks. Multiple authentication methods should be used in every possible account against theft of account passwords. Also, as a result of phishing attacks, ransomware can infect your device. Ransomware encrypts data and information on the device. It does not provide access to this data and information until the ransom is paid, and there is no guarantee that access will be granted when the ransom is paid. Always make offline backups to avoid losing your data and information.
Referances:
https://cyberstartupobservatory.com/aviation-cybersecurity-understanding-the-airport-ecosystem/
https://datascience.aero/cybersecurity-aviation/
https://www.airnewstimes.com/havacilik-sektorunde-siber-guvenlik.html
