Cybersecurity – your enabler to the resilience of sky operations
By nature, the aviation sector is composed of complex systems of stakeholders including Airlines, Airports, Air Traffic Management, Unmanned Traffic Management, etc. The sector is undergoing major digital transformation with increased inter connectivity and dependency. As a result, new cyber threats and security breaches are emerging, requiring a more holistic approach covering proactive and reactive cybersecurity. While in other sectors the impact of cybersecurity incidents is essentially financial, in the aviation sector it has the potential to impact key aspects such as operations, compliance, reputation, or even safety.
Cyber threats are growing faster than ever, aviation is not spared
Cyber threats are in the news daily, as monitored by Thales Cyber Threat Intelligence. The aviation sector is not spared and is becoming a rising concern for cyber attackers: EUROCONTROL, EATM CERT reports on cyber in aviation (www.eurocontrol.int) note a rise in reported cyber attacks of 530% between 2019 and 2020, the number also doubling between 2020 and 2021.
Not all cyber-attacks are successful, but each one has important implications. An incident carries two potential costs: investigating the loophole and addressing the vulnerabilities exploited by the attacker. A successful cyber-attack also has significant financial implications that stem from severe service disruption, the need to rebuild more protected systems and, potentially, paying a fine for lack of adequate protection in the first place.
Cyber regulation is strengthening with additional compliance requirements by 2025
ICAO adopted Assembly Resolution A40-10-Adressing Cybersecurity Civil Aviation- during its 40th Assembly, announcing steps for improvements for all aviation stakeholders. “The resolution addresses cybersecurity through horizontal, cross-cutting and functional approach, reaffirming the importance and urgency of protecting civil aviation critical infrastructure systems and data against cyber threats, and calls upon States to implement the ICAO Cybersecurity Strategy.”
Following this strategy, in Europe, EASA presented a new cyber regulation that was adopted by European Parliament in 2022, as known as Part-IS, which will be added to nearly all existing aviation safety regulations by 2025, for them to consider cyber risks and manage them through a certified information security management system.
In addition to the above, many countries’ aviation organizations and systems have also to comply with national cybersecurity standards, especially those that are destined for critical systems.
Selecting the right partner
Cybersecurity is a central concern for aviation, regardless of the progress of their digital transition.
Protecting those systems requires building up protections adapted to aviation constraints – long certification cycle, cost savings, safety DNA – and maintaining their resilience over the time despite the evolution of threats.
Addressing these issues need not be daunting. Basic steps can be taken to protect Information Technologies (IT) and infrastructure, addressing only the most common weaknesses generally related to industry standard components - such as data networks and appliances or operating systems. However, where Operational Technologies (OT) are considered, elaborating responses to the malicious acts that are threatening them requires more than all-purpose cybersecurity knowledge; it requires area-specific expertise that Thales can bring.
To build a future we can all trust, Thales will be your strategic partner
Thales is a worldwide leader in cybersecurity. In this area, we draw on the skills of 3,500 expert engineers in cybersecurity. Today, around the world, there are nearly 50 countries, including NATO members, who use our security products and solutions as well as 9 out of 10 global Internet giants. We also give our customers access to our six cybersecurity operational centers (CSOCs) worldwide. Furthermore, Thales specializes in providing cybersecurity in critical environments including not only Aviation, but also Transportation, Space, Industry, Defence and Government.
With cyber expertise that has been recognized by IATA, as Cyber Strategic Partner for aviation stakeholders, Thales delivers cybersecurity and enables the implementation of new concepts of operations for efficiency gains. Thales has the knowledge of aerospace operational and safety constraints, strengthened by the knowledge and participation in the elaboration of the cyber regulations standard (ICAO, European Union Part-IS, European Union NIS 2, EASA, EUROCAE, NIST and local regulations).
This unique combination of Cyber expertise and Aviation expertise provides Thales with a unique position of Trusted Partner to aviation stakeholders.