NEW DELHI: The recent hacking of Air India's frequent flyer programme miles has brought to focus the cyber threats to the aviation industry which depends substantially on sharing of information over the Internet.
"Every flight that takes off or lands is the result of working together and information sharing among many different entities such as airlines, airports and air navigation service providers (ANSPs). Yet the very nature of this collaboration also enables potential cyber vulnerabilities," top cyber security experts have said. Like Air India, there have been recent cyber attacks on some major airlines, including one in Canada, and a global airlines alliance.
At a recent conference of the International Air Transport Association (IATA), these experts debated the critical issue and reviewed how a harmonised approach could be achieved in meeting these threats by working with governments across the world, as has been the case of decades of government-industry cooperation on aviation safety matters.
Alarmed at the growing terrorist threat to aviation, the IATA has also stressed heightened coordination with governments and their agencies across the world for counter- measures and sharing of intelligence and information.
The cyber security specialists who took part in the discussion in Dublin included Maj Gen L R Urrutia-Varhall, Executive Director of the US National Aviation Intelligence Integration Office, Anja Kaspersen, Head of International Security of World Economic Forum, Alan Pellegrini, President and CEO of Thales USA, Matthew Finn MD of cyber firm Augmentiq and FBI's Assistant Legal Attache in UK Kurt Pipal.
These top experts pointed out that the cyber attacks could range from taking over of aircraft-to-ground communications to theft of information like that of credit cards or frequent flyer programmes and document frauds which could financially hit the aviation industry.
Pointing out that an estimated 13 per cent of hacking or phishing came from "insiders" in a company, FBI's Pipal asked how many companies have "hacking drills" like the hold fire- drills in their offices. Asserting that there was "no way you can completely prevent hacking", Maj Gen Urrutia-Varhall and Kaspersen sought preparedness and regular upgrade of cyber security measures and reporting of information by the industry to governments and security agencies.
Pellegrini and Finn suggested the urgency of making of laws to fight these threats, but said on the positive side, "the technology exists to counter them". The panelists noted that no business was immune to cyber threats, but aviation was a "specific target" for those intent on doing cyber mischief and theft or something worse. They said the airline industry should seriously examine how best to address the threats of "a constantly shifting cyber arena and identify actions that they can take to be prepared against cyber-security attacks."
At the IATA's recent annual meeting in Dublin, the airline industry pledged that their companies would uphold strict aviation security standards, remain vigilant and ensure the highest levels of preparedness against such acts. Their resolution came in the backdrop of the Brussels airport attack and the bombings of Russia’s Metrojet airline passenger plane in October 2015 and an aircraft of Somalia's Daallo Airline in February this year.
"These are grim reminders that aviation is vulnerable. Airlines rely on governments to keep passengers and employees secure as part of their responsibility for national security. And we are committed to working with them in that challenging task," IATA Director General and CEO Tony Tyler said.
The resolution noted that air transport remained "a target for terrorists, exemplified by a series of recent tragic attacks on aircraft and aviation infrastructure to which terrorists have laid claim," and expressed concern that current conflicts around the world could lead to further terrorist activities, against airlines and the travelling public.