At least that’s the prediction of security researchers in aviation following the cyber attack on Polish airline LOT that led to the cancellation of nearly a dozen flights.
On a grander scale, the cyber incident reflects the rate at which attackers are escalating their activities and expanding into industries and sectors not usually within their spectrum of targets in the past. Therefore, it puts in question the safety of airline passengers in the future as aviation systems depend increasingly on cyber-based technologies for operation.
Indeed, the LOT hack is a harbinger of bad things to come to the aviation industry in terms of cybersecurity.
At the backbone of the aviation communication is satellite communications. This infrastructure has become vulnerable to hacker manipulations that employ backdoor access, unprotected protocols, poor encryption strength and hardcoded credentials. What brings about all these vulnerabilities is an out of date firmware and security holes in the design of the infrastructure.
Even now, investigators have yet to establish the means with which the cyber attack on POL occurred or how far ranging its scope is. If there is one thing that is clear right now, it is that the aviation industry looks to be the next big target of cyber crooks.
In the case of the POL cyber attack, hackers were successful in infiltrating the passenger processing system of the airline, thus causing the planes to hold up departure and even cancel for some. Luckily for the outgoing aircraft, the safety system had not been affected, though it was alarming because safety is a cardinal requirement for aviation.
At the onset of the attack, which was not detect at first, flight personnel were unable to create flight plans, suggesting that back office nodes were in trouble. Consequently, this has caused a major economic damage on the part of the Polish airline, not to mention the tainted image it now has because of the incident.
Whether we’ll see more of this kind of attack in the near future is highly likely. So how could the airline companies gird for future cyber attacks? For one, security experts recommend that airliners adopt robust security measures for their information systems in order to allay as much damage as possible.
Oftentimes, these vulnerabilities are yet again caused by the human factor that is considered the weakest link in the security chain. This also calls for proper information dissemination and training for employees.
In particular, it is highly recommended that airlines secure their ground systems and communication links.