The civil aviation industry is data rich. Its operations has IP networks of flights. It interacts with Air Traffic Controls (ATCs). ATC connects with planes in flight and gives orders about flight path, landing and take off schedules. It has traffic management systems. In-flight, it has fleet and route operating systems and fly-by-wire control systems on plane. There are cockpit systems to track and manage loading status and fuel level, navigational systems, plane monitoring systems and engine function systems. On marketing side, it has passenger reservation systems, flyer programmes and travel portals or ticket portals. Such portals have credit card and bank details, contact numbers, addresses of passengers and so on. On HR side, they use internal systems to manage duty rosters. They track planes. Airports have also systems to track parked planes.
If the systems get hacked, there would be serious physical risk. ATC hack could become a nightmare. There would be risks of collisions. In the world, so far, such a cyber-attack has not happened.
Hackers introduce ransomware — a malicious software which would lock out owners/users. Such hackers demand payments to decrypt the system and allow the users access to their own system. They threaten to delete the data or brick the system altogether.
Civil aviation is 24×7 industry. It has to work on time. It has lot of data as we have seen. Malfunction put human like at risk.
Swissport has suffered ransomware disruptions. SpiceJet too has suffered r-ware attack. Discount airlines have suffered hack-related disruptions. SITA, Geneva has been hit in 2021. Some airlines lost customer records. Some lose credit card data.
Airlines must make their systems secure. They must make on-board systems secure. Others too must co-operate, in this endeavour. The government agencies, must formulate standards for cyber security. It means to make data stored on cloud secure. The systems must be firewalled. There should be multi-factor authorisation to access sensitive networks.