22 July 2024: The European Air Traffic Management Computer Emergency Response Team (EATM-CERT) supports EUROCONTROL services and products, as well as ATM stakeholders, in protecting themselves against cyber threats that could impact the confidentiality, integrity and availability of their operational IT assets and data. Its 2024 report has now been published.

The report offers an in-depth analysis of the evolving cyber threat landscape in aviation, marking a notable increase in both the number and variety of reported cyber events. This uptick is attributed to enhanced contributions from a broader range of stakeholders, with a significant rise in incidents detected. Reports from the aviation supply chain increased from 164 in 2022 to 225 in 2023, though airspace users remain the primary targets.

The report identifies the preferred methods of cyber attacks, including fraudulent websites, phishing, DDoS, malware, hacking and ransomware. Certain patterns emerge, revealing that specific categories of stakeholders are more affected by particular attack vectors, such as DDoS attacks on airports and ransomware targeting the supply chain. Financial gain continues to be the primary motivation behind these cyber attacks, with the severity of incidents rising significantly. In 2023, 35 per cent of the events fell under medium, high or critical categories, a notable increase from 23 per cent in 2022. Importantly, no reported cyber events have impacted flight safety.

A surge in ideologically driven cyber attacks, influenced by global conflicts like those in Ukraine and between Hamas and Israel, has also been observed. Despite a slight drop in percentage from 12 per cent in 2022 to 8 per cent in 2023, the actual number of such events rose significantly. The report underscores the critical importance of the supply chain's cyber resilience and highlights the need for future efforts to focus on enhancing security by default for products, services and systems.

The aviation industry faces threats from various actors, with cybercriminal organisations being the most significant, responsible for 50.8 per cent of total incidents. These organisations are primarily motivated by financial gain and data theft. Hacktivist groups, driven by political, social or religious ideologies, account for approximately 8 per cent of incidents. State-sponsored attacks, though fewer, are strategically significant, aiming to gather intelligence and disrupt aviation operations for political and economic reasons.

Emphasising the necessity of vigilance against these persistent cyber threats the report also highlights the need for sustained investment in people, processes, and technology to enhance cybersecurity and maintain the resilience of the aviation sector.

The report is available to download from the top of this page.

ERA will be holding a technical workshop on cybersecurity in aviation during the upcoming General Assembly in Seville, and we are delighted that Patrick Mana, EATM-CERT Manager will be present to go into further detail and take questions from members.