Findings from PA Consulting Group’s research ‘Overcome the silent threat’ are reported in Air Cargo Eye in an article by Thelma Etim, warning that large numbers of international air cargo hubs are fatally-equipped to handle the fast-evolving threat of cyber attacks.
PA’s research finds that although many airport operators have a range of safety strategies in place to thwart such terrorist attacks, they are far less prepared for a hacking incident.
David Oliver, global transport security representative at PA Consulting Group, is quoted in the article and acknowledges the vulnerability of airfreight throughput. “The increasing levels of cargo connectivity is indicative of the wider trend around [technological] connectivity discussed in the 24-page report.”
David continues: “As cargo becomes increasingly connected to the airport infrastructure, care needs to be taken to ensure the system is secure by design and default.”
The article notes that PA study highlights some well-publicised incidents in 2017, where hackers used ransomware (malware in which data on the victim’s computer is locked and then usually encrypted) to attack systems and then demand that organisations pay up to recover their data and regain access.
Thelma mentions that LATAM Airlines had data encrypted by WannaCry, and Ukraine’s Boryspil International Airport lost access to its systems after the intervention of NotPetya. PA’s report notes that “these cyberattacks were not targeting aviation – yet they resulted in interruptions to airport services.”
She goes on to write that in 2013, a sophisticated virtual spying operation directly affected 75 airports in the United States. “This intrusion happened via an advanced persistent threat attack, which means an intrusion was carried out by top-tier hackers who are generally funded by a nation-state,” PA’s report asserts. “The airport hackers could have been driven by a desire to know who would be on certain flights, as well as the cargo [airlines] would be carrying.”
Thelma questions why airports are vulnerable to cyberattacks. One main contributory factor, she notes in PA’s report, is the air transport industry is becoming increasingly reliant on technology in almost every area of operations.
Another major factor Thelma notes from PA’s research is “one of the most problematic elements of cyber security – such as the fast and constant evolution of the threats themselves”. As stated in PA’s report: Traditionally, airports focus on the biggest known threats, such as physical terrorism, hi-jackers, thieves, fraudsters etc. “But this approach cannot handle the demands of the current ever-changing environment.”
Thelma notes that cyber threats come in many forms and vary in their level of sophistication and motivation. “They range from low-skilled ‘script kiddies’ (a script kiddie or skiddie is an unskilled individual who uses scripts or programmes developed by others to attack computer systems, networks and disfigure websites) to highly- skilled and motivated nation states.”
Between these two extremes are other threat actors that can cause harm to an airport, including criminal organisations, disgruntled employees and so-called hacktivists, PA’s study explains.
These typically affect the confidentiality, integrity and availability of systems and data that can result in the release of sensitive information. In addition, operational technology can be affected, potentially leading to the disruption of services or safety incidents.
Thelma’s article notes that PA collaborated with four leading airports to produce the research, and uncovered seven key trends which make air cargo hubs especially susceptible to cyberattacks.
She goes on to add: “Among them are the generally increased use of technology, including big data; in-house and outsourced analytics; and the greater reliance on data-link-messaging between air traffic control towers and aircraft rather than traditional radio voice communications, for example.” PA’s research says that data-sharing is also another dangerous trend, with air navigation service providers increasingly under pressure to reduce charges and to integrate and harmonise national airspace and air navigation services.
The article notes that PA gave System Wide Information Management as an example of a company integrating cyber security into day-to-day processes and says it has evolved into a global concept that has been adopted by the International Civil Aviation Organisation to facilitate greater sharing of air traffic management system information.
Mega hubs are particularly vulnerable. As airports become larger, collaborative decision-making technologies and processes are commonly implemented to share greater data flows between the different stakeholders involved in airport operational processes. “These airports are then more exposed to attacks, and their iconic status makes them more appealing [targets] for attackers,” the report argues.
Thelma notes that PA asserts that major air cargo hubs cannot afford to ignore a number of fundamental practical steps if they are to have any chance of thwarting the nefarious ambitions of cybercriminals. Among these steps, cyber security should be integrated into day-to-day processes and procedures.
In Thelma’s article she notes that PA suggests if holistic – and an easily maintained minimum number of software and hardware installations – risk assessments are conducted during the early stages, they can help hubs gain a rapid insight into the risks they face from cyber-security threats. They also provide a summary of specific areas that need to be addressed, she adds.
PA says that by moving away from the outdated concept that cyber security is purely an IT function, airports will gain a shared understanding of the risks that can then be managed by all areas of the business. This concept also applies to the supply chain, where any weaknesses in the level of cyber security could lead to a cyber-related incident affecting the airport, the airline, the forwarder.
With this approach, Thelma notes, establishing an essential security monitoring and incident response capability becomes achievable. “Fundamentally, the focus on physical security needs to be applied with the same rigour in the cyber arena if airports are going to build resilience to potentially catastrophic cyberattacks,” David Oliver concludes. “If the industry does not act now, it will find itself at increased vulnerability to cyber attacks as new technologies increasingly become a part of their everyday operations,” he adds.
Read the full article on Air Cargo Eye