Trends to minimize threats in aviation IT and security

The challenges of interoperability

Strategies in favor of securitization of data require a higher level of ingenuity every day as the demand of sharing data and therefore connectivity and system integration as per the aviation industry requirements is increasing. Consequently the number of cyberattack threats is growing continuously.

Data analytics and modelling tools for big data, including artificial intelligence tools, are a reality and a market that is evolving and improving aviation-processes – from advances in air traffic management, to higher efficiency in airport processes, to improvements for the passenger experience. Likewise information security engineering is evolving and new strategies are being researched in order to avoid potential breaches in such a complex interconnected industry.

This current race we are in, in an industry that demands further interoperability every day, is also a risk. If this growth is not controlled and properly secured, it becomes an opportunity for a cyberattack to succeed. This threat could become a catastrophic event and even lead to a complete shut-down of an airport or a catastrophic accident. Systems and data in an enterprise could be compromised by a hacker entity. The hackers may even press enormous amounts of money from airports to handback control of the systems.

The Information Security Hub (ISH) brings together IT experts from Munich Airport and specialists from high-profile tech companies to test defensive strategies and look for new solutions in the fight against cyber-criminals.
Having a detailed strategy, required tools and a specialized cyber security team in place is key.

Preparation is key

Such incidents that occur by a malicious entity taking over control of a corporation, could be avoided by being conscious and putting the right protective measures in place. Airports already take responsibility and awareness of the risks that a fire or an emergency can represent to its operation and implemented emergency plans, trainings and specialized teams. Cyber threats should be treated in the same way. Risks coming from a more and more digital airport environment and inter-connected world can be minimized if not revoked by having a proper cyber strategy, the right tools and a specialized team in place.

New strategies are under research in order to rethink and improve layered and scalable secure solutions, exploring as well the benefits of clustering several airports to define a robust, certain, and reliable system architecture.

Blockchain has been identified as one of the technologies that could enable a reliable exchange of valuable information across digital channels. It was developed in order to secure the exchange of financial value assets. The blockchain technology principles and its application in aviation IT, are currently under research. Prototypes have been developed and tested. Although this technology is a promising solution, many challenges regarding governance and cost of operation are still to be sorted out.

Create awareness

Other initiatives to support and ease the growth of interoperability in the industry are in place as the System-Wide Information Management (SWIM). A technology program addressed by the International Civil Aviation Organization (ICAO) and developed in the framework of SESAR (Single European Sky ATM Research), aimed to set common standards for data exchange. Several ATM and airport sources provide a flexible and scalable architecture that will ensure consistent information for improved planning and operation.

Investments in improving and securing the company's IT landscape are as essential as having relevant measures in place, which prevent the company from losing the overall system control due to a cyberattack. This does not only refer to operations, but also to sensitive data and third party information which could imply a threat to our trustable parties. Identifying cyberattacks as early as possible and mitigating the risks are key success factors of a secure and trustable performance of the systems within an enterprise.

Besides the engineering strategies and tools, a cyber security department has an additional decisive task: promoting a conscious cyber security culture across the company. Awareness and training are essential to minimize risks and keep all employees up to date on possible threats.

It is important to create a conscious cyber security culture across the whole company.