As the MRO and aviation industry, in general, become increasingly digitised and connected, the risk of potentially devastating cyber attacks increase. What are the implications? How is the industry currently protecting itself? How can we take steps toward better protection against cyber attacks? We’ll take an in-depth look.

Cybersecurity has been a top-of-mind concern of late for companies, industries and governments. In an increasingly digitised world, cyber attacks and their crippling effects have become all the more prevalent. Already we’ve seen high-profile cases of cyber attack take entire industries and even governments by a storm.

These incidences have rippling effects on a global level. In order to protect against such attacks, the aviation industry needs to think critically about cybersecurity and put forth a consolidated effort within the sector to protect against it.

Join us for a deep dive into the state of cybersecurity, how it affects the aviation industry and what we can do to protect ourselves.

The state of cybersecurity today

Cybersecurity has been a major concern showing up on the radar for a number of companies across industries—and rightly so. Over the last five years, we’ve seen a number of cyber attacks on a global scale, rendering whole industries helpless.

Entities that we think of as secure from cyber attacks are being readily infiltrated through overlooked vulnerabilities by cyber attackers that make it their job to look for said vulnerabilities.

What are the greatest risks facing the aviation industry?

Often it’s not even the company the attackers are after that gets initially infiltrated, but a third-party vendor, or another kind of stepping-stone company that can give access to the prime target.

Take retail giant Target, for example. In 2013, using the stolen credentials of a heating, ventilation and air-conditioning vendor, hackers managed to get into the network of the retail giant, planting malware and stealing 70 million customers’ personal data and 40 million customers’ credit card information. The whole ordeal cost the company around $300 million.

A global threat

This case isn’t unique. It’s happening more and more. In fact, according to the Oliver Wyman MRO survey 2018, hacking has actually readily become an organised industry.

»In some countries, hackers work out of regular offices and get paychecks to spend their workday looking for vulnerabilities in organisations’ digital networks, lying in wait for holes to develop through which they can penetrate and steal information or worse,« states the report.

Experts estimate that there are around 300,000 hackers worldwide, typically originating from places, such as Russia, China, Eastern Europe and North Korea.

The industry is a lucrative one too. Oliver Wyman even goes so far as to call it a ‘growth industry’.

»Globally, hacking has become a highly profitable industry, costing economies around the world more than half a trillion US dollars annually – a sum that has been increasing every year,« the report shows.

According to multinational professional services network, PWC, the cost of data breaches alone can reach a staggering $2 trillion by 2019 and, in general, cybercrime costs businesses about $400 billion annually. And these numbers are expected to grow, along with the frequency and sophistication of cyber attacks.

»Consider the greatly expanded use of cloud and mobile devices. Businesses are embracing these tools to connect their internal staff and operations. They’re also accelerating usage to connect externally—with strategic partners, customers, and a multitude of other third parties. These efforts are serving to enhance efficiencies, collaborations, and competitiveness. But along with these benefits, new vulnerabilities have emerged,« a report by PWC states.

Achieving the connected aircraft: What does it take and what are the potential yields?

The threat of the hacking industry is becoming all the more real as we see hackers targeting national infrastructure.

For example, an alert from the United States Computer Emergency Readiness Team—a Department of Homeland Security (DHS) unit—stated that a group of foreign hackers have been targeting the American electricity grid, along with other major infrastructure industries, such as water, nuclear, energy, critical manufacturers and even aviation. The alert stated that this has been going on since at least March 2016. 

»The risk of breaches is real – as we’ve witnessed for more than a decade in industries from banking, to healthcare, to retail – and the threat is growing for the MRO industry as it strives to digitise,« the Oliver Wyman report concludes.

More recently, some high-profile cases have hit a bit closer to home, certainly catching the eye of the MRO industry. Some notable examples are Maersk and FedEx, who were victim to wiper ransomware, NotPetya, which infected computer systems around the world.

Cybersecurity in the airline industry

The airline industry is increasingly embracing digital connectedness, and the new technologies that enable it, to offer greater efficiencies and a better customer experience—and for good reason.

Unfortunately, though, these advancements also leave airlines more open and vulnerable to attack. Further, it can potentially mean that when cyber attacks do occur, there’s a greater chance they’ll have more severe, widespread and even global implications.

That’s because when security breaches happen, they mean the loss of data—be it customer records, personal financial details of customers or even details about their business dealing. Above this, though, cyber attacks in aviation would actually mean the ability to disrupt flight paths and cause a real threat to passenger safety.

IoT is slowly but surely taking off in the aviation industry. Read along, as we explore the benefits of a highly connected industry.

The good news is the industry is taking the cybersecurity risk seriously. Most regulatory bodies take a stance on cybersecurity, regularly address it and seem to be working toward better industry standards and opportunities for industry players to get educated on the subject, though there is no current uniform benchmark.

The EASA, for example, has supported the creation of a European Centre for Cybersecurity in Aviation (ECCSA), a centre which offers opportunities for stakeholder to voluntarily exchange »domain relevant cybersecurity information, such as vulnerabilities, i.e. weakness that can be used for malicious purposes, as well as events and incidents that might be worth sharing with the aviation community,« the ECCSA website states.
IT workers

While we’ve certainly seen breaches – for example, Cathay Pacific Airways and British Airways – for the most part, it seems the major players within the industry have a decently high degree of readiness in the event of a cyber attack. The same can’t necessarily be said about the many other bodies they tend to work with within the industry, namely MROs.

»While the biggest organisations within the industry’s fold may have advanced cybersecurity, the same cannot always be said about the vast network of service providers and suppliers. Many of these are considered members of the maintenance, repair, and overhaul (MRO) industry that services the nation’s aircraft,« states an Oliver Wyman report dedicated to cybersecurity in aviation.

MROs are particularly vulnerable

Oliver Wyman is adamant that the MRO industry is an obvious target for cyber attack for a number of reasons. For one, they have access to major airlines and engine and component-parts makers. While the MROs themselves would not be the likely end-target of a cyber attacker, they may well be a stepping stone.

»While the carriers and OEMs may sometimes be the ultimate targets of the cybercriminals, hackers may decide that access through a vendor in the MRO supply chain may be easier to achieve. That makes all the members potential targets – even and perhaps especially small ones that don’t have the cyber preparedness of larger organisations,« the Oliver Wyman MRO report states.

MROs, increasingly embracing digitalisation and operating in a global and interconnected fashion, are open to a number of security vulnerabilities with far-reaching implications. After all, they’re part of large, global supply chains that if tampered with could disrupt international commerce.

Lufthansa Technik is at the forefront of innovation and digitisation. How is the MRO approaching the digital future and what projects are they currently focussing on?

In other words, this puts them high on hackers’ to-do lists, explains the Oliver Wyman report. And the implications of a breach could have detrimental, global implications.

»Given the role transportation and aviation play in the global economy, the cyber war against a nation’s infrastructure amounts to nothing less than a threat to national security,« claim the authors of the report.

Does the aviation industry have proper cybersecurity in place?

According to the Oliver Wyman report, the majority of players in the industry demonstrate a concern for cybersecurity. More than half of OEMs, MROs, and operators even claim to have a cybersecurity strategy in place and to have conducted training for employees in cybersecurity. The degree of their overall readiness in case of cyber attack, however, tends to vary.

For example, 67 percent of industry executives said their company was prepared for a cyber attack, however, less than half could say whether or not a cybersecurity review had been conducted over the last year.

Blockchain in the aviation industry – why it’s not just a buzzword.

Equally alarming, a large number of executives surveyed indicated that their organisations had no security standards in place for third-party vendors. For MRO providers, only 9 percent had established standards, while the number was 41 percent for airlines and 50 percent for OEMs. That’s a large chunk of third-party vendors whose security credentials have not been looked into. In other words, there are a lot of backdoors hackers could go through. 

Illustration of cybersecurity

What we can do to protect ourselves?

Several actions should be taken to ensure the cyber safety of independent organisations, as well as the industry as a whole. As a first step, companies must conduct independent audits of existing cybersecurity programs. 
»This includes looking at everything from understanding who and what have access to a company’s computer network, to whether a real-time detection process and response mechanism have been delineated, to which managers are responsible for each phase of executing cybersecurity protocol, to whether an oversight process exists to ensure procedures are followed and documented,« the report states.
Beyond this, and on a broader scale, clear frameworks must be put in place for the industry, with domain-specific steps toward mitigating and managing cyber risks. As a beginning point, Oliver Wyman recommends following the NIST Cybersecurity Framework, in which cybersecurity is broken into five phases – Identify, Protect, Detect, Respond, and Recover.

A good cyber risk management system, Oliver Wyman claim, is one with the following four key elements:
  • Adequate infrastructure for detection and monitoring
  • Processes ensuring proper procedures are being followed correctly
  • Clearly identified roles and responsibilities with built-in oversight
  • Documentation of strategy phases, ensuring »checkpoints to prevent procedures falling through the cracks.«
Above all, though, to ensure wider industry protection, companies must work together and collaborate to ensure safety.

»The industry must work across companies to fortify their information technology systems – both infrastructure and upkeep – and create a security-minded culture,« the report states and goes on:

»While no solution is guaranteed to avert any and all attacks, developing a holistic approach to the risk management of cybersecurity that’s shared across the industry – and updating it regularly – may give companies a leg up. Certainly, cybercriminals aren’t standing still.«

What does it take to make IoT a reality in the industry?