While the recent massive failure of IT systems at British Airways (BA) has largely been blamed on a power surge so strong that it rendered the back-up system ineffective, the symptoms and catastrophic after-effects of the incident are not far from what could reasonably be expected from a coordinated cyber attack.
Massive disruption to flight schedules, thousands of passengers stranded in various parts of the world, and tens if not hundreds of millions of dollars foregone as a result of cancelled departures and arrivals. This incident is yet another example of how the increasingly connected digital world that continues to develop and drive efficiency gains all around us, is at the same time widening the surface for cyber attack.
There are few industries in the world that are as reliant on interconnectivity and digitisation as the aviation sector, and few for which the consequence of system failure are so grave. Beyond the corporate financial and reputational losses that can occur as a result of a well-orchestrated cyber incident, the potential loss of life from such undertakings looms ever present. Additionally, the airline databases contain the personal information of hundreds of millions of people – an attractive target for terrorists, cyber criminals and other miscreants.
Vulnerabilities to aviation digital systems and their interconnected devices and sensors remain a clear and present danger, and the industry needs to pro-actively address this issue head-on, or risk a catastrophic cyber-related incident. It is estimated that several million lines of computer code control the operation of a commercial aircraft from take-off to landing, and the plane itself is only the most visible piece of a hugely complex digital ecosystem ranging from global air traffic control systems and international logistics to on-board communications and entertainment – all of which have been shown to have security defects.
The increased collaboration and information sharing amongst airlines, airports and air traffic management companies demands that more robust cyber security measures be implemented, end-to-end and internationally. A standard methodology to planning, preventing, detecting and protecting, and ultimately responding to any cyber threats in real-time is essential, with the exchange of vulnerability and breach data and responses shared in a timely and transparent fashion in order for industry-wide resilience to be raised and maintained.
On this particular occasion, the BA IT system failure lacked the element of a determined threat actor, though this incident ought to be viewed as a wake-up call to the industry to ensure policies, procedures, technologies and people are in place to actively and continually monitor digital systems for any anomalous activity. Robust incident response plans should be institutionalised and ready for roll out instantaneously should any threat or vulnerability activity be detected.
(By Eddie Schwartz, Executive Vice President of Cyber Services at DarkMatter. He may be contacted on Twitter @EddieSchwartz)