Overcoming Aerospace Cybersecurity Challenges

FAQs

• Why is cybersecurity a significant and growing concern for the aerospace industry?

  Cybersecurity is a growing concern because the aerospace industry is transforming rapidly to meet new public and commercial demands, which introduces new vulnerabilities. The sector’s infrastructure is becoming more critical, and its data more sensitive and valuable, making it an increasingly attractive target for both criminal and nation-state attackers. The financial impact is also significant; the average cost of a data breach in the aviation industry is already about $1 million (USD) higher than in other industries. As the interconnected systems of aeronautics become more sophisticated, cybersecurity must become a central part of strategic and operational decisions to protect organisational data, systems, and key aspects of modern technology infrastructure.

• What specific types of cyberattacks are targeting the aerospace sector?

  The aerospace sector faces evolving and sophisticated cyber threats. In 2022, ransomware was the most common type of attack, accounting for over 30% of all cyberattacks on aerospace organisations. However, threats are becoming more advanced. For example, in 2023, suspected nation-state attacks used the PowerDrop PowerShell script against the US aerospace industry. This script functions as a remote access trojan (RAT), allowing attackers to execute commands remotely on victims’ networks. Other attacks include distributed denial of service (DDoS) attacks, such as one that targeted multiple airport websites in connection with the war in Ukraine. Attackers also seek to perform remote code execution, which is a particular concern for military aviation.

• How do cybersecurity challenges differ across various segments of the aerospace industry?

  Cybersecurity challenges are unique to each vertical within the aerospace industry due to their different operational focuses and the data they handle.

   

  • Commercial Air Travel: Attackers target airline networks, frequent flyer data, cabin management systems, and passenger databases for commercial or political reasons. The industry must continuously update its threat intelligence to protect both customer information and the aircraft systems themselves.
  • Military Aviation: As a critical part of national defence, military aviation requires a higher degree of cybersecurity control. An attack on a military aircraft’s mission-critical systems, such as through remote code execution, could have catastrophic consequences.
  • State-Led Space Operations: With growing government investment in space exploration, attackers may try to hijack satellite control systems, disrupt human transports, or target the ground systems that support these operations.
  • Commercial Space Activities: The rapid deployment of commercial space systems introduces new risks. Attackers may target systems like communications satellites that provide internet connectivity for businesses and consumers, creating what one official called the “soft underbelly of these global space networks“.
• What are the underlying shortcomings that make the aerospace industry vulnerable to cyberattacks?

  Several widespread shortcomings contribute to the aerospace industry’s cybersecurity vulnerabilities.

   

  • Antiquated Systems: Many aerospace systems, such as ground control systems for spacecraft, were developed decades ago without modern cybersecurity requirements in mind. These vulnerable legacy systems are expensive to replace and can be easily exploited by attackers.
  • Interconnectedness and Supply Chains: Aviation resources are often interconnected with other assets, which may have been developed by different manufacturers with varying levels of cybersecurity maturity. This creates supply chain risks, where a vulnerability in one company can have a far-reaching impact on its customers, as seen with the Safran Group.
  • Poor Data Governance: Many organisations have not implemented comprehensive data governance strategies to protect critical data from misuse.
  • Lack of Automation and Budget: Manual processes are still prevalent, and many organisations lack automated security measures that can quickly detect and respond to threats. Furthermore, budget constraints often lead to overlooking necessary upgrades for existing hardware.
• What specific technologies and strategies can help defend against these cyber threats?

  A variety of modern cybersecurity solutions are available to bolster the aerospace industry’s defences. Key examples include:

   

  • Network Security: Solutions like Secure Web Gateways (SWG) and network firewalls can protect against external threats, while Next-Gen Endpoint Protection (NGEP) can defend against internal threats like malware.
  • Authentication: Tools such as two-factor authentication or biometrics add a critical layer of security. Identity and Access Management (IAM) solutions can enforce granular access control and monitor for suspicious user activity.
  • Data Protection: Encrypting data at its source makes it difficult for attackers to access sensitive information. Tokenization tools can also replace user data with random tokens, reducing the risk of data theft.
  • Intrusion Detection: According to Forbes, a robust intrusion detection system (IDS) should be the “backbone of a cyber-resilient spacecraft”. These systems monitor user activities to detect suspicious behaviour, allowing for proactive threat response.
  • Network Segmentation: The US Transportation Security Administration (TSA) has released new requirements for network segmentation, which involves creating “walled gardens” to limit an attacker’s access to critical systems and prevent the spread of malware.
• How can an aerospace organisation begin a holistic cybersecurity transformation?

  Aerospace leaders can begin a holistic cybersecurity transformation by adopting a five-step approach, often in coordination with partners and specialist consultants.

   

  • Establish Cybersecurity as a Leadership Initiative: Security measures should be driven from the top-down, with a clear commitment from leadership to make cybersecurity a priority on the chief information officer’s agenda.
  • Develop a Risk Assessment Plan: Organisations should partner with third-party specialists to identify existing vulnerabilities in systems and data. This can involve using tools like automated vulnerability scanning solutions or network security assessments.
  • Invest in Cutting-Edge Security Technology: Based on the risk assessment, organisations should invest in the most effective tools for their unique operations, such as IAM, firewalls, data encryption, or IDS.
  • Implement Security Best Practices Among Employees: It is crucial to provide teams with cybersecurity training. This includes enforcing practices like regularly updating software, using two-factor authentication (2FA), enforcing strong passwords, and monitoring access to systems and data.
  • Commit to Recurring Vulnerability Assessments: Cybersecurity threats and organisational systems constantly change. Committing to regular assessments with a specialist partner ensures that new vulnerabilities are identified and addressed before they can be exploited.