NZALPA is calling for the government to ensure that a mandatory reporting system is in place to record cyber-attacks and strengthen aviation-related cyber security.

“As well as the use by pilots of electronic flight bags (EFBs), which are replacing paper copies of operational documents, other advances in digital technology on-board, such as in-flight entertainment systems and improved access to Wi-Fi connectivity for passengers, are greatly increasing the threat of a major cyber attack,” says NZALPA Senior Technical Officer, David Reynolds.

NZALPA considers cyber attacks a significant threat to the safety of aviation and an issue that must be addressed in a coordinated manner by industry stakeholders, safety regulators and government.

Not limited to on-board connectivity, cyber attacks can threaten aviation ground facilities and other critical aviation infrastructure such as navigation and communications services.

“The threat aviation is facing is not just from those that intentionally want to bring an aircraft down, directly, but significantly from ‘malware’ or software that was designed for disruptive or alternative purposes, such as that which corrupts navigation,” Reynolds says.

According to Price Waterhouse Coopers’ (PwC’s) 2015 Global Airline CEO Survey, 85 percent of airline CEOs (who participated in the study) viewed cybersecurity as a significant risk, likely reflecting the highly sensitive nature of flight systems and passenger data.  This is in comparison to 61 percent of CEOs in other industries who consider cybersecurity a risk.

“As airlines adopt advanced and on-board consumer-led technologies, they themselves must also upgrade their security procedures to allow for the safe introduction and use of this innovation,” Reynolds says.

The industry continues to see major technological advances that contribute to the complexity and the need for the protection of both data and assets.  As well as inflight entertainment and Wi-Fi connectivity systems (IFECs) popular with passengers, tablet-based electronic flight bags (EFBs) are particularly popular and in widespread use by pilots and have replaced the heavy paper binders that pilots used to carry on board for operational purposes.

“Developments in IFEC systems pose a threat, as although they are physically segregated from the pilot’s cockpit systems, they can still be connected via an aircraft’s on-board systems.

“There are now also large numbers of vendors and technologies involved within both the aircraft and its entertainment systems, which can also create further opportunities for hacking,” Reynolds says.

As noted in PWC’s 2016 special report series Aviation perspectives: Cybersecurity and the airline industry, another potential cyber issue is the Federal Aviation Administration’s (FAA) modernisation of air traffic control. In the US, notably the Next Generation Air Transportation System or NextGen is replacing the current 40-year-old system that relies on radar and provides only limited connectivity.

NextGen seeks to improve network efficiency by using GPS (global positioning system) that is software based and connected to the internet. While it’s widely accepted that this transition is needed to modernise air traffic control systems, the US’s General Accounting Office has voiced concern that implementing a system with internet connectivity brings with it greater threats to security.

The issues and challenges faced by the introduction in the US of NextGen are not isolated. These are also being faced globally by the introduction of such systems.

NZALPA agrees with IFALPA call to establish regulations to set the minimum requirements that the aviation industry should meet. Such regulations should not only provide technical requirements, but contingency planning too, and compliance audited by the authorities.

IFALPA maintains that much of the technology currently in use was developed at a time when aircraft were relatively unconnected to the outside world, and therefore most of the systems are not designed to protect the information that they carry. Furthermore, most communications between systems cannot be checked for integrity and completeness.

“As IFALPA outlined in a recent briefing, an Information Security Management System (ISMS) should be established to define a system of processes to protect the aircraft, its passengers and data,” Reynolds says.

“As technology progresses, it’s even more important that we have the correct security management and reporting processes in place to prevent or deal with a cyber threat to our systems.”

NZALPA is currently preparing a briefing document to discuss with the CAA and Ministry of Transport its concerns and intends to also discuss the issue with airlines.

To view the PWC Aviation Perspectives special report, visit http://www.pwc.com/us/en/industrial-products/publications/airline-industry-perspectives-cybersecurity.html

For the full IFALPA Cyber Threat briefing see http://www.ifalpa.org/about-us/ifalpa-committees/security-sec/briefing-leaflets.html