The ENISA Threat Landscape - Transport Sector report was recently published, focusing on the EU and four transport sectors - aviation, maritime, rail, and road. In this article, we discuss what is important for Aviation.
It should be noted that all of these sectors fall under the scope of the network and information security (NIS) directive.
When compared to 2021, there was a significant rise in incidents that were made public. Cybercriminals were responsible for more than half of the occurrences observed during the reporting period (55%).
When the transportation supply chain is targeted, cybercriminals consider it a lucrative enterprise, with customer data regarded as a commodity and extremely valuable information. This is also related to the motivation for these attacks, which is mostly financial gain (38%).
One-fourth of the attacks (23% are linked to hacktivist groups), with their attacks being motivated by the geopolitical context and aimed at operational disruption (20%) or ideological motivation (6%).
The target of attacks differs across subsectors where various authorities and bodies were targeted. Particularly in the aviation sector, airlines, and airport operators were the main targets, followed by service providers, surface transport officers, and the supply chain.
Targets (number of incidents per entity type) - Source: ENISA Threat Landscape: Transport Sector report
During ENISA’s reporting period, almost two of the total number of incidents were attributed to two sectors: aviation and road transport.
Prime threats in each sector (number of observed incidents) - Source: ENISA Threat Landscape: Transport Sector report
In 2022, there was a rise in the number of attacks involving ransomware targeting airports. Airport operators are the most vulnerable to ransomware attacks among all operators (excluding original equipment manufacturers).
This diversity of systems has major consequences for cybersecurity. Cybersecurity risks have the potential to disrupt operations and cause considerable financial harm to airlines, airports and passengers. |
According to ENISA and Eurocontrol data, airspace users/airlines are the primary targets of attacks. This is largely due to the prevalent financial incentive driving these attacks in the sector. Airlines are targeted by attacks on their systems and indirectly by attacks on their consumers (e.g., fraudulent websites).
Source: ENISA Threat Landscape: Transport Sector report
Eurocontrol reports that the key targets for January 2022 to June 2022 are airspace users (80%), airports (12%), OEMs / supply chain (6%), air navigation service providers (1%), and civil aviation authorities (1%).
The large attack surface of the aviation industry is one of the key factors leading to aviation threats. Historically, criminals found it challenging to attack aviation technology due to the extensive knowledge necessary to penetrate aviation-specific hardware and software. However, as the aviation sector has evolved, digital technologies have brought forth significant changes and new challenges. Inevitably, the outcome is a significant, complicated ecosystem in which data must be shared by diverse parties via various technologies.
There are also numerous communication protocols and techniques used between air-to-ground and air-to-air. These contain a collection of data such as aircraft communication data, voice information, and flight planning based on specific protocols. All radar detection and chasing systems, including air defense and army elements, use identical tactics.
Each component within this system requires its own security, which has a requirement to be implemented using valid and established methods.
Security in the Sky Speak with the SkyRadar team about solutions that will help your company withstand the growing threat of cyberattacks in the aviation sector. Further reading: The ICAO's Aviation Cybersecurity Strategy & ATSEP Qualification |