ERA holds Cybersecurity workshop

15 October 2024: On the sidelines of the General Assembly, ERA held a workshop on cybersecurity with expert speakers from EUROCONTROL, TAP Portugal and the Aerospace, Security and Defence Industries Association (ASD) presenting their insights and providing an overview on the latest cybersecurity issues and trends, best practices and the regulatory landscape. 

As cyber threats in the aviation industry continue to escalate, the need for strong, collective action is more critical than ever. At ERA’s recent cybersecurity workshop, experts emphasised that collaboration is the cornerstone of building greater cyber resilience. With 85 per cent of cyber attacks involving human error, whether through phishing or data mishandling, the role of people in cybersecurity is undeniable.

Kicking off the workshop, Patrick Mana, Manager of EUROCONTROL’s EATM-CERT, provided an overview of the latest trends in the cyber threat landscape, noting that the aviation industry is currently facing an average of two ransomware attacks per week, with two thirds targeting supply chains with fraudulent aviation websites also surge during peak travel periods, such as the holiday season.

Mana highlighted the pivotal role of EATM-CERT in safeguarding the industry, offering services like penetration testing, credential leak detection, anti-DDoS solutions and phishing awareness campaigns. He also showcased the European Aviation Common PKI (Public Key Infrastructure), a digital ‘passport’ designed to ensure secure and verified data exchanges.

Nuno Baptista, Cybersecurity Director at TAP Portugal, shared insights into the company’s journey toward strengthening its cyber defences. His focus was on addressing the fundamentals, with multi-factor authentication (MFA) identified as a key defence strategy. However, Baptista acknowledged the challenges of navigating complex regulations, building effective teams and maintaining regular cybersecurity exercises to ensure preparedness.

With the upcoming implementation of Part IS regulations, Vanessa Rullier-Francaud, Senior Manager for ATM & New Technologies at ASD voiced concerns about regulatory overlap and inconsistent frameworks. She stressed the importance of collaboration between national authorities and the need for a globally harmonised standard for aviation cybersecurity. Rullier-Francaud also called for greater clarity in managing cybersecurity risks within the supply chain, which is often viewed as the sector’s weakest point.

Overall, the workshop highlighted the essential role of trust, collaboration, and proactive preparation in building a resilient aviation sector. Information sharing and addressing vulnerabilities in the supply chain remain critical to staying ahead of evolving cyber threats.

For further information and access to the presentations, please contact nick.rhodes@eraa.org. 

22 July 2024: The European Air Traffic Management Computer Emergency Response Team (EATM-CERT) supports EUROCONTROL services and products, as well as ATM stakeholders, in protecting themselves against cyber threats that could impact the confidentiality, integrity and availability of their operational IT assets and data. Its 2024 report has now been published.

The report offers an in-depth analysis of the evolving cyber threat landscape in aviation, marking a notable increase in both the number and variety of reported cyber events. This uptick is attributed to enhanced contributions from a broader range of stakeholders, with a significant rise in incidents detected. Reports from the aviation supply chain increased from 164 in 2022 to 225 in 2023, though airspace users remain the primary targets.

The report identifies the preferred methods of cyber attacks, including fraudulent websites, phishing, DDoS, malware, hacking and ransomware. Certain patterns emerge, revealing that specific categories of stakeholders are more affected by particular attack vectors, such as DDoS attacks on airports and ransomware targeting the supply chain. Financial gain continues to be the primary motivation behind these cyber attacks, with the severity of incidents rising significantly. In 2023, 35 per cent of the events fell under medium, high or critical categories, a notable increase from 23 per cent in 2022. Importantly, no reported cyber events have impacted flight safety.

A surge in ideologically driven cyber attacks, influenced by global conflicts like those in Ukraine and between Hamas and Israel, has also been observed. Despite a slight drop in percentage from 12 per cent in 2022 to 8 per cent in 2023, the actual number of such events rose significantly. The report underscores the critical importance of the supply chain's cyber resilience and highlights the need for future efforts to focus on enhancing security by default for products, services and systems.

The aviation industry faces threats from various actors, with cybercriminal organisations being the most significant, responsible for 50.8 per cent of total incidents. These organisations are primarily motivated by financial gain and data theft. Hacktivist groups, driven by political, social or religious ideologies, account for approximately 8 per cent of incidents. State-sponsored attacks, though fewer, are strategically significant, aiming to gather intelligence and disrupt aviation operations for political and economic reasons.

Emphasising the necessity of vigilance against these persistent cyber threats the report also highlights the need for sustained investment in people, processes, and technology to enhance cybersecurity and maintain the resilience of the aviation sector.

The report is available to download from the top of this page (locked for members only) or can be requested at eatm-cert@eurocontrol.int. 

ERA will be holding a technical workshop on cybersecurity in aviation during the upcoming General Assembly in Seville, and we are delighted that Patrick Mana, EATM-CERT Manager will be present to go into further detail and take questions from members.