A wave of cyberattacks on airports and airlines have disrupted operations and exposed passenger data, raising concerns about whether aviation security can adapt to increasingly sophisticated threats.
On September 19, a cyberattack hit major European airports, including Heathrow, Brussels and Berlin.
The incident affected the multi-user system environment (Muse) software of Collins Aerospace which is used by multiple airlines at check-in desks and boarding gates. This resulted in longer queues and wait times as passengers had to be boarded manually.
The European Union Agency for Cybersecurity said the attack was caused by ransomware, software that holds data until a ransom is paid.
Over the past five months several airlines also reported cybersecurity breaches, including Air France, KLM, Qantas, Hawaiian Airlines, WestJet and SAA.
“The incidents underscore the importance of continuous collaboration across the aviation ecosystem. Stakeholder engagement on cyber risks and intelligence sharing is critical for proactive responses that minimise potential impacts on passengers and airport stakeholders,” said Acsa in response to airport cyber security risks.
Complex systems
According to Prof Basie von Solms, Professor/Director at the Centre for Cyber Security at the University of Johannesburg, the reason we are seeing more cyber incidents is due to complex and interconnected systems.
“We are computing more things and putting more systems online. Operating these systems is so complex that nobody can really test it. It is just growing and the more it grows the less control you have over it. You have to constantly patch it, because there are always vulnerabilities, and cyber criminals make it their task to find out what those are,” said Von Solms.
AI has also contributed to the increase in these incidents. “Artificial intelligence makes many of these hacks, which were more difficult in the past, easier now. It's widely reported that cyber criminals are using AI more often to identify vulnerabilities and check different systems. It is just going to get worse,” he said.
Reliance on third parties
Airports and airlines often rely on third-party software they don’t control.
“If you use any system, it's probably using four or five other software systems that are integrated into the main one,” said Von Solms.
He said companies must ensure that third-party software suppliers that linked into their system were also secure. “Very often, they become the underbelly of your system and because vulnerabilities are found in third-party supply systems, they [hackers] eventually get into your system.”
Proactive measures
To prevent similar incidents from impacting South African airports, Acsa said it continued to strengthen its cybersecurity controls to mitigate and respond to potential threats. “Acsa has established the necessary capabilities for continuous detection, protection, and response to cyberattacks.”
The company regularly reviews and enhances its cybersecurity controls in line with national legislation and international regulations. “A dedicated Cybersecurity Operations Centre (CSOC) has been established to monitor threats and drive ongoing improvements aligned with global cybersecurity standards,” the group added.
