Cybersecurity is a method of defending networks and systems from digital attacks, which are described as cyberattacks. Some malignant hackers try to access or destroy sensitive information by operating cyberattacks. These attacks can cause tremendous damage to either small business or the entire industry. Following the fact that aviation is mainly based on computer and information technology systems, it is apparent that the risk of cyber attacks exists.
In 2019, the SITA report Air Transport IT Insights showed that airlines spent 7% of their IT budget on cybersecurity in 2017 and 2018, and it has risen up to 9.64% in 2019. With a reason to show a prevention of cyber threats, get to know the public cyber attacks that happened in aviation. The article presents four different types of cyberattacks such as malware, hacking/phishing, denial-of-service (DoS) and human error by giving examples of different cyber accidents in aviation.
The chaos in Istanbul airports (Malware)
Malware is defined as a virus that can destruct computer-based and information technology systems and replicate themselves once a system is settled.
In 2013, cybercriminals attacked airports in Istanbul, Turkey. The cyberattack happened in at the departure terminals at both Istanbul Ataturk and Sabiha Gokcen airports. This accident led to the closing of the passport control systems in both airports. This cyberattack caused the delay of many flights.
The hacker attack at airports of Vietnam (Hacking/phishing)
Hacking and phishing are often related to obtaining information. There is only one difference between of mentioned cyber attacks that “in a hack” hacker involuntarily extracts the sensitive information by forcing the perpetrator to first take over the computer system. In another case, a phish can also be described as a hack, but this cyber attack occurs when the user is baited with an email or call and tricked into “voluntary” responding with information meaning hacker gets the necessary information from the user.
In 2016, cybercriminals hit the two largest airports in Vietnam. Pro-Beijing hackers on Friday defaced the website of Vietnam Airlines and flight information screens at two major airports in Ho Chi Minh City and the capital, Hanoi, displaying messages of supportive China’s maritime claims in the South China Sea. Right after the accident, the operators in Ho Chi Minh and Hanoi City were forced to stop all electronic check-ins. The accident at both airports of Vietnam was associated with hacking attack.
Polish Airlines faces the denial-of-service attack (DoS)
The denial-of-service attack is defined as one more type of cyber attack, where cybercriminal aims to render a computer or other information technology unavailable to its intended users by interrupting the regular functioning of the system. Commonly, cybercriminals flood the targeted system with requests until it becomes unable to process.
In 2015, cybercriminals attacked the LOT Polish Airlines flight-plan systems at the Warsaw Chopin airport. The attack made LOT’s system computers unable to send flight plans to the aircraft. The flight plan includes very sensitive data as aircraft details, route, weather, etc. Knowing that without the flight plan aircraft can’t take off and as a consequence, 10 airplanes were grounded and around 1,400 passengers were stranded after the accident, which was associated with DoS attack.
Human error causes the IT chaos at British Airways (Human error)
In the cybersecurity context, human error is known as intentional or unintentional behavior by employees and/or users that cause, spread, or allow a security breach to take place.
In 2017, the British flag-carrier computer systems failed. The mentioned failure was caused by two human errors from a contractor. As a consequence, over 75,000 passengers were stranded and British Airways experienced enormous reputational damage. After the investigation, it was found that the accident was caused by the engineer, who disconnected and then reconnected the data-center power supply. It caused the power flood that led to the failure of computer systems.