Cybercrime In Aviation

The professional association for airlines, the International Air Transport Association (IATA), represents nearly 290 airlines globally, which account for 83 percent of the world’s air traffic. IATA has a bi-monthly publication called Airlines, which serves as the industry’s voice. The flagship magazine, which anyone can read online or subscribe to via the Airlines’ website, provides information on the latest developments in air transport, as well as the challenges and advances within the sector. For example, Airlines’ January 2020 issue interviewed the CEOs of airlines TAP Air Portugal and Hawaiian Airlines. The publication also served as a vehicle for discussion about diversity in aviation with Dr. Harpreet A. De Singh and about the rise in aviation cybercrime, an issue that has led airlines to ramp up cybersecurity.

The article “Taking Cybersecurity to the Next Level,” by Graham Newton, describes how the aviation industry faces threats from organized crime, individual hackers, and even state-sponsored actors. Therefore, implementing appropriate cybersecurity measures has become increasingly important for airlines. According to the text, airlines must consider cybersecurity within passenger services, operations, and aircraft control.

The area of passenger services includes every step from booking the flight to identity management and travel experience. Fraud in ticket sales is an example of one significant concern, as in a typical year it costs airlines nearly $1 billion. Some issues such as credit card crime include the exploitation of frequent flier programs and false refund claims.

After the passenger has booked the flight, airlines are also responsible for securing their data. For example, the article highlights that 88 percent of passengers share their immigration information with the airlines for expedited processing. The same research found that 73 percent of passengers are willing to share their biometric data to streamline airport processes, and more than a third (36 percent) have already experienced biometric data usage when traveling. Even though 86 percent of those using biometric data when traveling were satisfied with the experience, 56 percent of all passengers claimed they were concerned about data breaches.

Although the industry aims to simplify the air travel experience by collecting and using data, airlines must work hard to secure such information. There are several privacy laws, such as the European Union’s General Data Protection Regulation, which set high standards for data security, and processes such as biometric facilitation typically require passengers to provide key personal details. Therefore, airlines must balance data ethics and good practice, and one way to create this balance is by gathering only the needed data, which is referred to as data minimization.

The article also discusses the topic of trust in data exchange. Trust is at the heart of operational cyber issues, since data needs to go between different systems within the aviation value chain. All parties must guarantee and be ensured that the data is safe during this process.

The article concludes by sharing some industry initiatives for a common approach to cybersecurity. In line with its commitment to supporting aviation companies, IATA established the cyber management working group to analyze industry needs and offer guidance. IATA has also been working with other international industry associations to help airlines understand the risks of introducing new technologies.