CybersecAsia: How serious are the threats of cyber-warfare, cyber-espionage and cyber-terrorism in the aviation industry?

Le Ray: There are only two types or organizations: those that have been attacked and those who do not know they have been attacked. Cyberthreats are clearly on the increase, and cyber vulnerabilities are a credible vector of all kinds of attacks: theft of personal data, state-sponsored or industrial cyber-espionage, cyber meddling, denial-of-service attacks…  No actor from the aviation industry is spared from cyberthreats, as many recent examples show. For instance, as of today, 67% of airlines have already been breached.

Not only are the attacks more frequent, but they are also becoming increasingly sophisticated (Advanced Persistent Threats) and now target a wide variety of environments, such as connected devices, network equipment, etc. As mentioned in the latest Atlantic Council report “Aviation Cybersecurity” underwritten by Thales, “although there is much industry focus on traditional IT systems for threats such as ransomware and theft of personally identifiable information or intellectual property, attacks on airport systems—like those that targeted flight-information displays at Odessa International Airport—are examples of adversarial evolution. Additionally, the increased sophistication and scale of spoofing of Global Positioning System (GPS) signals, seen recently in the maritime domain, indicate how adversary techniques are rapidly evolving”.

Those innovative attacks require advanced detection means, for instance based on artificial intelligence or behavioral analysis. Attackers are also targeting suppliers and partners to gradually infiltrate the main organization. An example is British Airways, which fell victim to an attack by hacker group Magecart, which infected the payment system on the airline’s website (developed by an external vendor) and stole the details of 380,000 customer bank cards in 2018.

As shown by The Cyberthreat Handbook recently published by Thales and Verint, the aviation industry is a primary target of attackers. This report of unprecedented scope describes the activities of about 60 particularly-significant groups, including their tactics and techniques, their motives and the sectors targeted from analysis of multiple data sources such as web and threat intelligence.

Analysts have defined four major categories of attackers based on their motives and ultimate objectives: 49% are state-sponsored groups often aiming to steal sensitive data from targets of geopolitical interest. Then 26% are ideologically-motivated hacktivists, closely followed by cybercriminals (20%) who are driven by financial gain.

In fourth position, cyberterrorists account for 5% of the groups analyzed. Out of approximately 60 major groups of attackers analyzed, 18 of them targeted aerospace across nearly a hundred geographic zones, which makes aerospace the fifth most targeted sector. Government and their defense capabilities come first, including Air Defense that is not immune from cyber-risk. For instance, in August 2019, some US Army White Hats successfully hacked an F-15 of the US Air Force, taking control of flight systems. This raises questions of operational efficiency as well as critical sovereignty issues; in the event of a takeover, this could mean system paralysis or even destruction.

With the current levels of aviation connectivity with increasingly technically-capable adversaries, one can expect attempted widescale, disruptive future attacks against aviation operations.