Cybersecurity risks in aviation: Building a cyber-resilient future
02 May 2021
The role of the aviation industry in commerce, trade and transport makes it indispensable to the global economy. The consequences of any major failure would incur direct and high public safety and national security implications and costs.
Air transport is a vital industry that contributes substantially to economic development and improved living standards. According to the International Civil Aviation Organization (ICAO), the 4.3 billion passengers transported in 2018 are expected to grow to around 10 billion by 2040 despite the consequences of the COVID-19 pandemic.
Along with other industries, the aviation sector must respect the safety of its passengers and employees. A cyberattack could quickly result in serious loss of life and utter catastrophe. It could potentially destroy trust in a single company and have cascading dire effects on the entire industry.
In Pathways Towards a Cyber Resilient Aviation Industry, a new study released by the World Economic Forum, the aviation industry is called upon to unify its approach to preventing potential cybersecurity shocks. Airlines, airports and aircraft manufacturers comprise a complex infrastructure that must be protected both holistically and in each of its individual parts.
"Any exchange of information digitally across the aviation community needs to be resilient to security threats, which have consequences on the safety of flight and airspace."
What's the challenge?
The aviation industry has developed a strong track record of safety, resilience and security practices over decades to withstand and recover from terrorist, physical security threats and extreme climate events. However, businesses and governments have struggled to keep up with the pace of change and prepare for future challenges.
According to the International Data Corporation, transport ranks third among the industries that will spend the most on Industrial Internet of Things solutions, after the manufacturing and consumer industries. As all these technologies become more embedded in airline services, airports and aircraft manufacturing, tackling cyberthreats rapidly becomes increasingly critical
The probability and impact of a cyberattack on different segments of the aviation domain vary considerably – for instance, airports may be more vulnerable to a cyberattack than airlines, and unmanned aircraft systems are presenting new threats and challenges for the industry.
Our Cyber Resilience in Aviation initiative is enabling organizations to actively coordinate and respond to current and future cybersecurity risks through collaboration across a trusted network of leaders.
It convenes over 80 global experts from more than 50 organizations across global aviation and technology companies, international organizations, trade associations and national government agencies.
"The work of the World Economic Forum on aviation cyber resilience is another excellent example of the importance of broad-based international collaboration among public and private stakeholders."
The recommendations and principles developed by the community have been published in a series of reports, allowing companies around the world to learn from their insights and develop their own policies to ensure cybersecurity in aviation.
The first white paper, developed in collaboration with Willis Tower Watson raised awareness about the challenges to cyber resilience in the aviation industry, identifying the areas that warrant special attention from public- and private-sector leaders.
This report, developed in collaboration with Deloitte, outlines ways for the industry to work together – from airlines and airports, to manufacturing and the supply chain. It focuses on mitigating the impact of potential future digital threats on multiple levels:
International – Aligning regulations globally
– Establishing a baseline of cyber resilience across the supply and value chain
– Designing an impartial assessment and benchmarking framework
– Developing international information-sharing standards
National – Enabling reskilling
– Rewarding more open communication on aviation incidents
Organizational – Integrating cyber resilience in business resilience practices
– Ensuring risk assessment and prioritisation
– Improving collaboration
"Cyber attacks do not recognise boundaries or geography so international cooperation on cyber security is critical for staying ahead of evolving threats."
The Forum works with global Partners in the aviation, travel and tourism industries to respond to the challenges and drive innovation in the sector. Businesses and international organizations can partner with us, across our Platforms and projects focused on cybersecurity and aviation, to make a true difference worldwide.