As the MRO and aviation industry, in general, become increasingly digitised and connected, the risk of potentially devastating cyber attacks increase. What are the implications? How is the industry currently protecting itself? How can we take steps toward better protection against cyber attacks? We’ll take an in-depth look.
Cybersecurity has been a top-of-mind concern of late for companies, industries and governments . In an increasingly digitised world, cyber attacks and their crippling effects have become all the more prevalent. Already we’ve seen high-profile cases of cyber attack take entire industries and even governments by a storm.
These incidences have rippling effects on a global level. In order to protect against such attacks, the aviation industry needs to think critically about cybersecurity and put forth a consolidated effort within the sector to protect against it.
Join us for a deep dive into the state of cybersecurity, how it affects the aviation industry and what we can do to protect ourselves.
Cybersecurity has been a major concern showing up on the radar for a number of companies across industries—and rightly so. Over the last five years, we’ve seen a number of cyber attacks on a global scale, rendering whole industries helpless.
Entities that we think of as secure from cyber attacks are being readily infiltrated through overlooked vulnerabilities by cyber attackers that make it their job to look for said vulnerabilities.
Often it’s not even the company the attackers are after that gets initially infiltrated, but a third-party vendor, or another kind of stepping-stone company that can give access to the prime target.
What are the greatest risks facing the aviation industry?
This case isn’t unique. It’s happening more and more. In fact, according to the Oliver Wyman MRO survey 2018, hacking has actually readily become an organised industry.
»In some countries, hackers work out of regular offices and get paychecks to spend their workday looking for vulnerabilities in organisations’ digital networks, lying in wait for holes to develop through which they can penetrate and steal information or worse,« states the report.
Experts estimate that there are around 300,000 hackers worldwide, typically originating from places, such as Russia, China, Eastern Europe and North Korea.
The industry is a lucrative one too. Oliver Wyman even goes so far as to call it a ‘growth industry’.
»Globally, hacking has become a highly profitable industry, costing economies around the world more than half a trillion US dollars annually – a sum that has been increasing every year,« the report shows.
According to multinational professional services network, PWC, the cost of data breaches alone can reach a staggering $2 trillion by 2019 and, in general, cybercrime costs businesses about $400 billion annually. And these numbers are expected to grow, along with the frequency and sophistication of cyber attacks.
»Consider the greatly expanded use of cloud and mobile devices. Businesses are embracing these tools to connect their internal staff and operations. They’re also accelerating usage to connect externally—with strategic partners, customers, and a multitude of other third parties. These efforts are serving to enhance efficiencies, collaborations, and competitiveness. But along with these benefits, new vulnerabilities have emerged,« a report by PWC states.
The threat of the hacking industry is becoming all the more real as we see hackers targeting national infrastructure.
LEARN MORE ABOUT:
Achieving the connected aircraft: What does it take and what are the potential yields?
For example, an alert from the United States Computer Emergency Readiness Team—a Department of Homeland Security (DHS) unit—stated that a group of foreign hackers have been targeting the American electricity grid, along with other major infrastructure industries, such as water, nuclear, energy, critical manufacturers and even aviation. The alert stated that this has been going on since at least March 2016.
»The risk of breaches is real – as we’ve witnessed for more than a decade in industries from banking, to healthcare, to retail – and the threat is growing for the MRO industry as it strives to digitise,« the Oliver Wyman report concludes.
More recently, some high-profile cases have hit a bit closer to home, certainly catching the eye of the MRO industry. Some notable examples are Maersk and FedEx, who were victim to wiper ransomware, NotPetya, which infected computer systems around the world.
The airline industry is increasingly embracing digital connectedness, and the new technologies that enable it, to offer greater efficiencies and a better customer experience—and for good reason.
Unfortunately, though, these advancements also leave airlines more open and vulnerable to attack. Further, it can potentially mean that when cyber attacks do occur, there’s a greater chance they’ll have more severe, widespread and even global implications.
That’s because when security breaches happen, they mean the loss of data—be it customer records, personal financial details of customers or even details about their business dealing. Above this, though, cyber attacks in aviation would actually mean the ability to disrupt flight paths and cause a real threat to passenger safety.
The good news is the industry is taking the cybersecurity risk seriously. Most regulatory bodies take a stance on cybersecurity, regularly address it and seem to be working toward better industry standards and opportunities for industry players to get educated on the subject, though there is no current uniform benchmark.
IoT is slowly but surely taking off in the aviation industry. Read along, as we explore the benefits of a highly connected industry.
Oliver Wyman is adamant that the MRO industry is an obvious target for cyber attack for a number of reasons. For one, they have access to major airlines and engine and component-parts makers. While the MROs themselves would not be the likely end-target of a cyber attacker, they may well be a stepping stone.
»While the carriers and OEMs may sometimes be the ultimate targets of the cybercriminals, hackers may decide that access through a vendor in the MRO supply chain may be easier to achieve. That makes all the members potential targets – even and perhaps especially small ones that don’t have the cyber preparedness of larger organisations,« the Oliver Wyman MRO report states.
MROs, increasingly embracing digitalisation and operating in a global and interconnected fashion, are open to a number of security vulnerabilities with far-reaching implications. After all, they’re part of large, global supply chains that if tampered with could disrupt international commerce.
In other words, this puts them high on hackers’ to-do lists, explains the Oliver Wyman report. And the implications of a breach could have detrimental, global implications.
Lufthansa Technik is at the forefront of innovation and digitisation. How is the MRO approaching the digital future and what projects are they currently focussing on?
Does the aviation industry have proper cybersecurity in place?
According to the Oliver Wyman report, the majority of players in the industry demonstrate a concern for cybersecurity. More than half of OEMs, MROs, and operators even claim to have a cybersecurity strategy in place and to have conducted training for employees in cybersecurity. The degree of their overall readiness in case of cyber attack, however, tends to vary.
For example, 67 percent of industry executives said their company was prepared for a cyber attack, however, less than half could say whether or not a cybersecurity review had been conducted over the last year.
Equally alarming, a large number of executives surveyed indicated that their organisations had no security standards in place for third-party vendors. For MRO providers, only 9 percent had established standards, while the number was 41 percent for airlines and 50 percent for OEMs. That’s a large chunk of third-party vendors whose security credentials have not been looked into. In other words, there are a lot of backdoors hackers could go through.
READ MORE ABOUT:
Blockchain in the aviation industry – why it’s not just a buzzword.
»This includes looking at everything from understanding who and what have access to a company’s computer network, to whether a real-time detection process and response mechanism have been delineated, to which managers are responsible for each phase of executing cybersecurity protocol, to whether an oversight process exists to ensure procedures are followed and documented,« the report states.
What does it take to make IoT a reality in the industry?
Join our newsletter
This blog is driven by Satair Marketing & Communication with input from both internal and external contributors.
Satair is a world leading provider of aftermarket services and solutions for the civil aerospace industry. Satair is a stand-alone company and Airbus subsidiary.