ABSTRACT
With the rapid increase in digitization, the digital section of aviation faces multiple challenges in safeguarding sensitive information of its sector and its customers. This Research Paper conducts the detailed analysis of cybersecurity threats in aviation sector, it focusses on multiple sources of threats and will make the readers aware about various types of cyber threats they could suffer and this paper also discusses about implementation of various methods of cyber security in order to prevent such cyber frauds Air traffic control (ATC), airlines, airports, and military systems worldwide must prioritise various cyber security measures in light of current technological developments.. The study revolved around various recent cases of Cyber threat in and even discussed in detail how fraudsters manage to commit such Cyber threat and the paper even make its reader aware about the, guidelines by Minister of Civil Aviation for any Cyber Fraud happened.
KEYWORDS
Cyber-security, Civil Aviation, Airlines, Airports, Air Traffic Control
INTRODUCTION
Cyber threats are attempts to corrupt or steal data in a computer system. These cyber threats are originated from various sources like websites or computer system. The main task of Cyber threats is to obtain crucial information through online channels from many sectors through illicit means. Cyberattacks on all industries have been on the rise recently. Like other industries, aviation is very complex and interconnected, receives a lot of media attention, and plays a crucial role in the economic and social development of states.
Hence, the International Civil Aviation Organisation (ICAO) serves as the optimal platform for the global air transport community to foster international collaboration in order to ensure that endeavours to tackle aviation cybersecurity are uniform, synchronised, encompassing all aviation sectors, and aligned with the key objectives of international civil aviation.
The aviation is a key part of global transportation because it moves people and goods all over the world. As technology keeps getting better, the business relies more and more on digital systems and connections. Many good things come from this digital change, but it also brings big cybersecurity problems. There are special risks in the aviation industry because of how important its processes are, how many people have a stake in it, and what could happen if someone hacks into it.
The aviation industry covers a broad spectrum of stakeholders, including airlines, airports, technology providers, etc. It is one of the most important critical infrastructures, with all its network, assets, and systems. It also interacts with various essential infrastructure verticals, including defense and national security, transportation, communication, banking, and energy
Objectives of Research
- To study the categories of Cyber threat in Aviation
- To analyse the Current security systems for Digital Aviation
- To analyse solution for the eradication of Cyber Attack in Digital Aviation sector.
Some Sources from where such Cybersecurity Threats originates
-
- Hostile Countries: Some enemy countries or aggressive countries might threat the Cybersecurity in cyberspace by performing cyber attacks on local companies and institution in order to cause them damage through stealing of data or disturbing the communication.
- Terror Groups: Many a times the terror groups threats the cybersecurity by launching a cyber attacks that harms the national security and disrupts economies and might cause bodily harm to citizens.
- Criminal Groups: These criminal organizations commit the cyber attacks and use the sensitive data for extortion, theft and online scams.
- Hackers: These individuals do the cyberattack for personal gain, revenge, financial gain or political activity. These hackers often develop new threats to improve their personal standing in the hackers communit
Some Cyber Security Breach in Aviation Industry in India
Given the growing number of flights, it is absolutely necessary for India to establish cyber security measures in the aviation industry. India is a country that possesses a tremendous amount of potential.
- AIR INDIA CYBER BREACH
In May 2021, the data from Air India airline was breached and over 4.5 million passengers personal data was compromised. The leaked data was collected between Aug 2011 and Feb 2021. The incident was revealed by the airline data service provide SITA .Passengers didn’t hear about the incident till that. The attack on SITA Passenger service system did not only affected Air India but also airlines such as Malaysia Airlines etc..
- AKASA AIR CYBER BREACH
This happened in 2022 as there was a data breach at Akasa airline, and it is possible that the personal information of passengers, including details such as names, gender, email addresses, and phone numbers, may have been disclosed to “unauthorised individuals.
- SPICE JET AIR BREACH
A low price SpiceJet, an Indian airline, was hit or has been the targeted of an ransomware attack, which caused some of its systems to undergo disruptions and has resulted in delays on flight departures.
- IGI AIRPORT CASE
The passenger at IGI Airport were left stranded on 29th July 2011 as flights on T3 were delayed as Check-in system was done manually which caused delay. This incident covered almost 50 flights impacted owing to failure of CUPPS(Common use Passenger Processing Systems) as the domain didn’t work for around 12 hours. This was later on restored by ARINC (Aeronautical Radical INC) and Wipro.
CBI said that this simple technical failure was a virus attack on the system . later on a case was registered under the Indian IT Act where the investigation revealed that a malicious code was used and that too from unknown remote location
Types of cyberattacks that can affect the aviation industry;
Ransomware
In these what happens is thieves obtain access to a portion or the entirety of the airline’s computer systems and hold it hostage until a ransom is paid. In order to prevent catastrophic damage to flight operations, it is of the utmost importance that access to vital data and system controls be restored as soon as possible. Because the loss of data will have a significant impact on flight operations and the continuity of business, it is also vital to take measures to reduce the risk of data loss.
Data Theft
Cyberattacks that involve the unauthorised copying, viewing, or transmission of information are known as data theft attacks.These attacks continue to be the most common type of cyberattack in the aviation industry. In 2021, a worldwide information technology provider that served many airlines was the victim of a significant security breach. The unauthorised individual gained access to the information of millions of passengers, which included details such as login information, names, home addresses, credit card information, and other information.
DoS attacks (Denial Of service)
Dos attacks are one of the types of cyberattack in aviation which is also known as DDoS attacks, are both types of hostile cyberattacks that aim to overwhelm the network of the victim with undesired internet traffic. Because of this, the typical operation of an online service, network resource, or host machine is disrupted, and the service, resource, or host machine becomes inaccessible. The most recent instance of a denial of service attack on the aviation industry took place in October 2022, when the websites of airports in, among other places, Chicago, Los Angeles, and New York were rendered inaccessible to travellers who were looking for information regarding their flights and other details.
Phishing
Hackers often surpass the system’s spam and malware filters in order to get network access. Phishing attacks allow hackers to acquire access to networks. Since the COVID-19 outbreak, these attacks have been increasingly widespread. In these attacks, the perpetrators pretend to be airlines and trick passengers into believing that they are offering reimbursements for flights that have been cancelled.
Avionics and other systems through hacking
According to what was stated previously, the avionic systems that are utilised on the aircraft consist of a variety of devices that control communication, navigation, flight controls, anti-collision systems, and other similar systems. If you make any attempt to hack these, the consequences could be extremely severe.
NATIONAL REGULATION
Due to its recent emergence as a specialised subject, there is currently no all-encompassing legislation specifically addressing cybercrime and cybersecurity. In order to address the increasingly prevalent problem of cybercrimes, India implemented the Information Technology Act, 2000 (“IT Act” or “Cyber Laws”) to oversee and control such activities. Hence, companies are required to comply with the several requirements of the IT Act regarding cybercrimes in India.
According to these regulations, a person who has been targeted by cybercrime has the entitlement to initiate legal proceedings against the perpetrator. Section 43A of the IT Act, which was added by an amendment in 2008, imposes penalties and requires compensation for violations such as causing harm to computer systems, networks, etc. It also allows the victim to submit a case in order to collect compensation for the damage they have incurred. Section 43A of the Information Technology Act, 2000 specifies the following:-
Remuneration for the inability to safeguard data
43A states that if a corporation, which owns, controls, or operates a computer resource, possesses, deals with, or handles sensitive personal data or information, fails to implement and maintain reasonable security practices and procedures, and as a result causes harm or financial gain to any individual, the corporation will be held responsible and must pay compensation to the affected person.
Section 65 of the IT Act states as follows:-
Tampering with computer source documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
NATIONAL CYBER SECURITY POLICY 2023
The objective of this policy is to safeguard both information and the infrastructure in cyberspace. It seeks to establish the capabilities needed to prevent and respond effectively to cyber threats, as well as to minimise vulnerabilities and mitigate the impact of cyber Incidents.
This will be achieved through a combination of institutional structures, skilled individuals, established processes, advanced technology, and collaborative efforts.
The Approach Taken by the Airline Industry to Addressing Cybersecurity Issues
The aviation sector has been confronted with a variety of cyber security issues over the course of the past few years. These issues have included data breaches, attempts to hack into the system, and virus distribution. Several different techniques have been implemented by the industry, which has resulted in tremendous progress being made in tackling these concerns.
Through the establishment of a cyber security team within the organisation, the first approach that is being utilised to address the issue of cyber security is being implemented. In the event that the company’s information technology department identifies any possible dangers, this team will be responsible for monitoring those threats and responding to them. The utilisation of technology to establish more effective defences against cybercriminals constitutes the second technique that is being utilised. The third tactic that airlines are employing is to ensure that they have a plan in place in the event that something goes wrong.
CONCLUSION
The aviation industry is highly susceptible to cybersecurity threats and hacking. The aviation business is a market valued at $4 trillion, with a workforce of over 15 million individuals.The aviation industry is a highly significant sector in our society. As globalisation and the digital revolution have grown, the aviation industry has been quickly embracing cyber technology in almost every facet. Cybercriminals are able to take advantage of new technological advancements for the reasons mentioned above. A growing wave of cyberattacks is confronting airlines as a result of modernization and time. It is necessary to find an adhesive integrated method to counter the cyber attackers’ sophistication. A decline may result from inadequate cyber-security policy implementation.
Experts believe that in order to create a well-protected cybersecurity network for the aviation industry, international organisations like the International Civil Aviation Organisation (ICAO) and International Aviation Transport Association (IATA) should create and implement strict policies and regulations, as well as oversight of the same. Without oversight, there would be relatively dire and unpleasant consequences. These provisions are in addition to the cybercrime laws already in place in the IT Act, as previously mentioned. Ensuring the safety and security of passengers is of utmost importance to airlines and aviation authorities. Nevertheless, due to the surge in cyberattacks, this industry has been progressively susceptible to hacker assaults that can result in disastrous outcomes.
“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal falls into the category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”
WRITTEN BY: ABHIJEET KUMAR
