Cybersecurity risks in aviation: Building a cyber-resilient future

Published
02 May 2021

The role of the aviation industry in commerce, trade and transport makes it indispensable to the global economy. The consequences of any major failure would incur direct and high public safety and national security implications and costs.

The impact.

Air transport is a vital industry that contributes substantially to economic development and improved living standards. According to the International Civil Aviation Organization (ICAO), the 4.3 billion passengers transported in 2018 are expected to grow to around 10 billion by 2040 despite the consequences of the COVID-19 pandemic.

Along with other industries, the aviation sector must respect the safety of its passengers and employees. A cyberattack could quickly result in serious loss of life and utter catastrophe. It could potentially destroy trust in a single company and have cascading dire effects on the entire industry.

In Pathways Towards a Cyber Resilient Aviation Industry, a new study released by the World Economic Forum, the aviation industry is called upon to unify its approach to preventing potential cybersecurity shocks. Airlines, airports and aircraft manufacturers comprise a complex infrastructure that must be protected both holistically and in each of its individual parts.

To help guard against cyber risks and create a streamlined approach with civil aviation authorities, the Forum launched the Cyber Resilience in the Aviation Industry initiative in collaboration with Deloitte and more than 50 companies and international organizations, including ICAO, NCSC UK, EASA, IATA, ACI, EUROCONTROL and UK CAA.

"Any exchange of information digitally across the aviation community needs to be resilient to security threats, which have consequences on the safety of flight and airspace."

Patrick Ky, Executive Director, European Aviation Safety Agency (EASA)

What's the challenge?

The aviation industry has developed a strong track record of safety, resilience and security practices over decades to withstand and recover from terrorist, physical security threats and extreme climate events. However, businesses and governments have struggled to keep up with the pace of change and prepare for future challenges.

According to the International Data Corporation, transport ranks third among the industries that will spend the most on Industrial Internet of Things solutions, after the manufacturing and consumer industries. As all these technologies become more embedded in airline services, airports and aircraft manufacturing, tackling cyberthreats rapidly becomes increasingly critical

The probability and impact of a cyberattack on different segments of the aviation domain vary considerably – for instance, airports may be more vulnerable to a cyberattack than airlines, and unmanned aircraft systems are presenting new threats and challenges for the industry.

Barriers to cyber security and resilience | Source: Deloitte

Our approach.

Our Cyber Resilience in Aviation initiative is enabling organizations to actively coordinate and respond to current and future cybersecurity risks through collaboration across a trusted network of leaders.

It convenes over 80 global experts from more than 50 organizations across global aviation and technology companies, international organizations, trade associations and national government agencies.

"The work of the World Economic Forum on aviation cyber resilience is another excellent example of the importance of broad-based international collaboration among public and private stakeholders."

Dr. Fang Liu, Secretary-General, International Civil Aviation Organization (ICAO)

The recommendations and principles developed by the community have been published in a series of reports, allowing companies around the world to learn from their insights and develop their own policies to ensure cybersecurity in aviation.

2020. Advancing Cyber Resilience in Aviation: An Industry Analysis

The first white paper, developed in collaboration with Willis Tower Watson raised awareness about the challenges to cyber resilience in the aviation industry, identifying the areas that warrant special attention from public- and private-sector leaders.

2021. Pathways to a Cyber Resilient Sector

This report, developed in collaboration with Deloitte, outlines ways for the industry to work together – from airlines and airports, to manufacturing and the supply chain. It focuses on mitigating the impact of potential future digital threats on multiple levels:

International
– Aligning regulations globally
– Establishing a baseline of cyber resilience across the supply and value chain
– Designing an impartial assessment and benchmarking framework
– Developing international information-sharing standards

National
– Enabling reskilling
– Rewarding more open communication on aviation incidents

Organizational
– Integrating cyber resilience in business resilience practices
– Ensuring risk assessment and prioritisation
– Improving collaboration

"Cyber attacks do not recognise boundaries or geography so international cooperation on cyber security is critical for staying ahead of evolving threats."

Paul Maddinson, Director of National Resilience and Strategy, UK National Cyber Security Centre (UK NCSC)

How can you get involved?

The Cyber Resilience in Aviation is an initiative of the Centre for Cybersecurity and the Platform for Shaping the Future of Internet of Things and Urban Transformation.

The Forum works with global Partners in the aviation, travel and tourism industries to respond to the challenges and drive innovation in the sector. Businesses and international organizations can partner with us, across our Platforms and projects focused on cybersecurity and aviation, to make a true difference worldwide.

Centre for Cybersecurity

Learn more about the Centre's activities

Internet of Things and Urban Transformation

Learn more about the Platform

Get involved with the Forum

Contact us