Aviation Cybersecurity—Finding Lift, Minimizing Drag, authored by Pete Cooper and underwritten by Thales Group, examines the nexus of cybersecurity and the aviation industry. The report unpacks critical cybersecurity challenges facing the aviation industry and analyzes major vulnerabilities in aircraft, air traffic management, airports, and the supply chain.
The aviation industry faces a complex and critical challenge to get its cybersecurity right. Adding to this is an increasing number of reported vulnerabilities, claims, counter claims, and attacks that give the impression of an escalating problem. As a central component of commerce, trade, and transportation infrastructure, the aviation industry is indispensable for the global economy. The consequences of failure would carry direct public safety and national security implications. This important report puts forward logical next steps and policy recommendationsfor achieving a safe and prosperous aviation industry.
Below are quotes from the report:
QUOTE: "The speed of innovation, technological advancement, and adversary capability is potentially outstripping policy and regulatory development in many areas of the aviation ecosystem."
QUOTE: "History is replete with examples of ‘secure’ systems from all sectors being critically compromised by adversaries in some form."
QUOTE: "The strengthened security of military aircraft and systems may motivate threat actors to target commercial systems due to their perceived comparative weakness."
QUOTE: "As technology radically transforms design, production, operation, and maintenance of aircraft, models of safety and security must change to keep alignment and demonstrate their efficacy to the public."
QUOTE: "The diversity, complexity, and responsiveness of global supply chains is at odds with the agility needed to address cybersecurity risks across the design and manufacturing processes."
QUOTE: "Aviation industry adversaries have had a relatively steep learning curve due to the obscurity of access and knowledge. However, increases in interoperability, corporate IT practices and technologies, and convergence of networks may quickly erode 'security through obscurity."