posted on 2022-03-17, 16:40authored byElochukwu Ukwandu, Mohamed Amine Ben Farah, Hanan Hindy, Miroslav Bures, Robert Atkinson, Christos Tachtatzis, Ivan Andonovic, Xavier Bellekens
The integration of Information and Communication Technology (ICT) tools into mechanical
devices in routine use within the aviation industry has heightened cyber-security concerns. The
extent of the inherent vulnerabilities in the software tools that drive these systems escalates as
the level of integration increases. Moreover, these concerns are becoming even more acute as the
migration within the industry in the deployment of electronic-enabled aircraft and smart airports
gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over
the last 20 years provides a mapping of the trends and insights that are of value in informing on
future frameworks to protect the evolution of a key industry. The goal is to identify common threat
actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures
most commonly subject to persistent attack campaigns. The analyses will enable an improved
understanding of both the current and potential future cyber-security protection provisions for the
sector. Evidence is provided that the main threats to the industry arise from Advance Persistent
Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual
property and intelligence in order to advance their domestic aerospace capabilities as well as monitor,
infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry
commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of
attack being malicious hacking with intent to gain unauthorised access. The analysis of the range
of attack surfaces and the existing threat dynamics has been used as a foundation to predict future
cyber-attack trends. The insights arising from the review will support the future definition and
implementation of proactive measures that protect critical infrastructures against cyber-incidents that
damage the confidence of customers in a key service-oriented industry.
Funding
The research is supported by the European Union Horizon 2020 Programme “FORESIGHT (Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments)” under Grant Agreement No. 833673.
Ukwandu, Elochukwu, Mohamed A. Ben-Farah, Hanan Hindy, Miroslav Bures, Robert Atkinson, Christos Tachtatzis, Ivan Andonovic, and Xavier Bellekens (2022) "Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends" Information 13, no. 3: 146. https://doi.org/10.3390/info13030146