Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Features
  • /
  • Is aviation taking cyber security seriously?

Features

Is aviation taking cyber security seriously?

Matthew Simpson, Head of Cyber Security at Atkins, considers whether the aviation industry is taking the issue of cyber security seriously enough.


Copyright Shutterstock

If you think cyber security in the aviation industry means merely protecting websites and online booking systems from malicious hackers, it is time to think again.

The issue is much broader, in an industry that is evolving to fully embrace the benefits of going digital, where any stage along the complex maintenance, repair and operations (MRO) supply chain is exposed to potential risk and loss of service.

Advertisement
ODU RT 2

Do you remember the original Jurassic Park film, where the lifelong dream of an eccentric genetic pioneer – to bring dinosaurs back to life – was very quickly destroyed thanks in part to the negligence of a wayward computer programmer?

Admittedly, being eaten by dinosaurs is rather an extreme example of what can happen when IT goes wrong but it nevertheless gets to the heart of the cyber security problem: any IT system, no matter how advanced, clever and complex, will only be as strong as its weakest link.

Also this issue is seriously coming to the forefront today within our industry. Sure, we know of the damage that hackers, crashed websites, and disrupted navigation systems can cause – not to mention errant drones – but bad computer security is not just about what hits the news headlines. Poor resilience in any IT system can have the knock-on effect of infecting core business operations at any level to devastating effect and the causes can come from many new places – from an infected USB stick plugged into a major maintenance database, to poor staff training.

Why resilience is a business-critical issue
So, operating in an industry where any aeroplane grounded at an airport beyond its scheduled time incurs cost, it makes plain business sense to take a step back and view the bigger picture and tighten any weak spots. Because resilience is a business-critical issue and timing is of the essence.

While aviation is increasingly embracing the digital revolution – and within the aviation MRO sector there is undoubtedly a strong pull to embrace digital systems and processes and cast old-fashioned paper systems aside – that means increasingly integrated networks will need to be opened-up for users to access processes and systems. It means that potentially thousands of people along the MRO supply chain will need to have that access, as never before. This also means there will, inevitably, be weak links and exposure to risk like never before, too.

A secure airline industry is a safe one
So, there is a lot to cover. However we have to start somewhere – and there is a willingness to learn across the sector and a general view that the only way is forward in addressing these issues.

We know that security underpins safety. By failing to address emerging cyber security risks linked to digitisation and interconnectivity, you are effectively putting the entire sector in jeopardy. However, as things stand, there are no specific cyber requirements mandated by EASA. Regulation and legislation are coming – but no official date of their arrival is yet available.

Although cyber has been a hot topic for a while now, we need to increase the pace if we are to ensure the safety of an entire industry.

Making it happen
So, how do we ensure that regulations are put in place to cover all of the ongoing and potentially upcoming cyber threats?

What is needed:

  • A broader understanding of the risks of interconnectivity to, for example, original equipment manufacturers’ IT platforms
  • A better understanding and awareness of the risk of integrating such platforms and opening them up to multiple users
  • Clarity around how systems can recover after a cyber attack
  • A better grasp of managing risk across supply chains and between companies.
Advertisement
Farsound RT 2

Also, on the horizon, we need to know how to better manage increasing connectivity. Because tackling this issue and its various complexities, is not a question of building new IT systems and processes with security added as a bolt-on.

It is about ensuring every touchpoint of IT systems can demonstrate resilience – old and new. It is about adopting a step-change in your understanding of engineering – and not merely ‘getting in cyber security experts’ to deal with the problems that will, inevitably, arise later on.

There is no doubt that the issue of cyber security in the aviation industry will be a transformative one. It has to be – it is business critical after all.

We must now fully support EASA and other accountable regulators to ensure cyber security is embedded in all systems, because if not, the results could be catastrophic. 

 

 

 

Advertisement
Advanced Navigation LB 1
Securing military connectivity in contested environments

Features

Securing military connectivity in contested environments

14 March 2024

Tristan Wood, founder of Livewire Digital, explores the power of hybrid networking and how it can underpin robust wide area networks across all arms and services, from land, sea and air.

Defining data-centric security in complex future warfare

Features

Defining data-centric security in complex future warfare

1 March 2024

John Dix, Land Communications, Thales, considers the role of data-centric security and evolving soldier systems integration, in complex future warfare.

Is Just in Time a thing of the past?

Features

Is Just in Time a thing of the past?

1 February 2024

Paul Adams, aerospace and defence sector specialist at Vendigital, explains why Just in Time production is unlikely to make a comeback anytime soon.

Could R&D tax reform have consequences for A&D supply chains?

Features

Could R&D tax reform have consequences for A&D supply chains?

11 January 2024

Jenny Tragner, Director and Head of Policy at ForrestBrown, looks at why R&D tax reform could have unintended consequences for aerospace and defence (A&D) supply chains.

Advertisement
ODU RT 2
Busting automation myths and embracing robots

Features

Busting automation myths and embracing robots

13 December 2023

Carl Patrick, Robot Sales Manager – Machine Tool Automation at FANUC UK, busts some of the myths surrounding greater automation and explains why we should be embracing robots.

Dealing with a supplier SOS

Features

Dealing with a supplier SOS

6 November 2023

Paul Adams, Director and aerospace & defence sector specialist at Vendigital, highlights the ways in which OEMs and their suppliers can proactively address critical supply chain risks.

Advertisement
ODU RT