Why Airlines Are Boosting Their Investment in Cybersecurity

As one of the globe’s most highly regulated industries, the aviation sector is widely admired for its safety record when it comes to the stipulations placed on its aircraft, passenger accommodations, and security protocols – especially since September 11, 2011.

But when it comes to travelers’ digital safety, strict security procedures have been few and far between. Cybersecurity has been an unfortunate vulnerability area in many airlines’ operations, but according to new data airlines are finally stepping up their protections: 91 percent of airlines recently surveyed by SITA said they plan to invest in cyber security programs within the next three years.

Quite frankly, it’s about time – especially considering that only 24 percent of airlines surveyed by SITA considered themselves “robustly prepared” to deal with any type of cyber attack. While that total is far more than the 5% who felt that way in 2013, it’s still troublingly low. With cybercriminals today looking to exploit each and every security vulnerability of neglectful companies – especially large organizations – it’s no longer a question of if airlines and airports will be hacked, it’s a matter of when.

Listening to consultants’ and consumers’ call to arms

Security experts have been sounding alarm bells at airlines over cybercrime threats for years. One consultant was even pulled from a United Airlines flight – and questioned for hours by the FBI – for tweeting from his seat about how easily he could hack into the plane’s satellite communications system.

His claim: That any sophisticated cybercriminal could plug a laptop into the box underneath the seat and access key controls in the plane – think engines, cabin lighting, and oxygen.

In addition, reports dating back as early as 2008 show that the computer systems and credentials of the Federal Aviation Administration (FAA) have been compromised by hackers – showcasing just how easy it might be for air-traffic control systems to be maliciously infiltrated.

Beyond the equipment, consumer protection issues related to cybersecurity have also raised eyebrows. Hackers recently managed to steal $24,000 worth of Air India frequent flyer miles, and similar issues have plagued United Airlines and American Airlines in recent years. Plus, thanks to the influx of in-flight entertainment options and aircraft maintenance networks, most airliners are in constant contact with the ground – making airline payment systems vulnerable to cyberattacks from other passengers on the plane’s wi-fi (according to Samsung Insights).

Lastly, considering how much sensitive and private data is housed within airports’ and airlines’ IT systems, it’s high time for very robust protections – and thankfully, industry executives are finally seeing the light and beginning to work together for more standardized security protocols.

Helping airlines change course on cybersecurity

In April 2016, Senator Ed Markey introduced the Cybersecurity Standards for Aircraft to Improve Resilience Act (or Cyber AIR Act) which will require the FAA to develop cybersecurity guidelines and protections for in-flight networks and computer systems industry. In addition, the Act will require airlines to report cyberattacks to the government.

Yet while the bill is certainly a step in the right direction, but it will be up to the private companies in the sector – the 91% planning to invest in security – to protect consumers (and their bottom lines) in the short term by bolstering their security measures and improving industry-wide collaboration.

“Our electronically connected world is vulnerable to hackers bent on causing chaos. We are all vulnerable and there is no guaranteed way to stay a step ahead,” said Tony Tyler, Director General and CEO of the International Air Transport Association (IATA) in a recent report. “That makes real time collaboration and information exchange with governments and across the industry critical.

“Make no mistake. We face real threats. Government and industry must be nimble, share information, use global standards and keep a risk-based mind-set when developing counter-measures,” Tyler continued.

Perhaps worst of all, if Tyler’s colleagues don’t take his advice the entire industry will see its declining trust among consumers if security issues continue. Amid mergers, shrinking margins, and TSA-related traveler woes, airlines’ investment in cybersecurity will protect more than their IT systems – it will protect their brands and their reputations.

For more on how to protect your airline brand’s reputation, contact ThinkInk.