Back
About RSIS
Introduction
Building the Foundations
Welcome Message
Board of Governors
Staff Profiles
Executive Deputy Chairman’s Office
Dean’s Office
Management
Distinguished Fellows
Faculty and Research
Associate Research Fellows, Senior Analysts and Research Analysts
Visiting Fellows
Adjunct Fellows
Administrative Staff
Honours and Awards for RSIS Staff and Students
RSIS Endowment Fund
Endowed Professorships
Career Opportunities
Getting to RSIS
Research
Research Centres
Centre for Multilateralism Studies (CMS)
Centre for Non-Traditional Security Studies (NTS Centre)
Centre of Excellence for National Security
Institute of Defence and Strategic Studies (IDSS)
International Centre for Political Violence and Terrorism Research (ICPVTR)
Research Programmes
National Security Studies Programme (NSSP)
Social Cohesion Research Programme (SCRP)
Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
Other Research
Future Issues and Technology Cluster
Research@RSIS
Science and Technology Studies Programme (STSP) (2017-2020)
Graduate Education
Graduate Programmes Office
Exchange Partners and Programmes
How to Apply
Financial Assistance
Meet the Admissions Team: Information Sessions and other events
RSIS Alumni
Outreach
Global Networks
About Global Networks
RSIS Alumni
Executive Education
About Executive Education
SRP Executive Programme
Terrorism Analyst Training Course (TATC)
International Programmes
About International Programmes
Asia-Pacific Programme for Senior Military Officers (APPSMO)
Asia-Pacific Programme for Senior National Security Officers (APPSNO)
International Conference on Cohesive Societies (ICCS)
International Strategy Forum-Asia (ISF-Asia)
Publications
RSIS Publications
Annual Reviews
Books
Bulletins and Newsletters
RSIS Commentary Series
Counter Terrorist Trends and Analyses
Commemorative / Event Reports
Future Issues
IDSS Papers
Interreligious Relations
Monographs
NTS Insight
Policy Reports
Working Papers
External Publications
Authored Books
Journal Articles
Edited Books
Chapters in Edited Books
Policy Reports
Working Papers
Op-Eds
Glossary of Abbreviations
Policy-relevant Articles Given RSIS Award
RSIS Publications for the Year
External Publications for the Year
Media
Cohesive Societies
Sustainable Security
Other Resource Pages
News Releases
Speeches
Video/Audio Channel
External Podcasts
Events
Contact Us
S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
Nanyang Technological University Nanyang Technological University
  • About RSIS
      IntroductionBuilding the FoundationsWelcome MessageBoard of GovernorsHonours and Awards for RSIS Staff and StudentsRSIS Endowment FundEndowed ProfessorshipsCareer OpportunitiesGetting to RSIS
      Staff ProfilesExecutive Deputy Chairman’s OfficeDean’s OfficeManagementDistinguished FellowsFaculty and ResearchAssociate Research Fellows, Senior Analysts and Research AnalystsVisiting FellowsAdjunct FellowsAdministrative Staff
  • Research
      Research CentresCentre for Multilateralism Studies (CMS)Centre for Non-Traditional Security Studies (NTS Centre)Centre of Excellence for National SecurityInstitute of Defence and Strategic Studies (IDSS)International Centre for Political Violence and Terrorism Research (ICPVTR)
      Research ProgrammesNational Security Studies Programme (NSSP)Social Cohesion Research Programme (SCRP)Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      Other ResearchFuture Issues and Technology ClusterResearch@RSISScience and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      Graduate Programmes OfficeExchange Partners and ProgrammesHow to ApplyFinancial AssistanceMeet the Admissions Team: Information Sessions and other eventsRSIS Alumni
  • Outreach
      Global NetworksAbout Global NetworksRSIS Alumni
      Executive EducationAbout Executive EducationSRP Executive ProgrammeTerrorism Analyst Training Course (TATC)
      International ProgrammesAbout International ProgrammesAsia-Pacific Programme for Senior Military Officers (APPSMO)Asia-Pacific Programme for Senior National Security Officers (APPSNO)International Conference on Cohesive Societies (ICCS)International Strategy Forum-Asia (ISF-Asia)
  • Publications
      RSIS PublicationsAnnual ReviewsBooksBulletins and NewslettersRSIS Commentary SeriesCounter Terrorist Trends and AnalysesCommemorative / Event ReportsFuture IssuesIDSS PapersInterreligious RelationsMonographsNTS InsightPolicy ReportsWorking Papers
      External PublicationsAuthored BooksJournal ArticlesEdited BooksChapters in Edited BooksPolicy ReportsWorking PapersOp-Eds
      Glossary of AbbreviationsPolicy-relevant Articles Given RSIS AwardRSIS Publications for the YearExternal Publications for the Year
  • Media
      Cohesive SocietiesSustainable SecurityOther Resource PagesNews ReleasesSpeechesVideo/Audio ChannelExternal Podcasts
  • Events
  • Contact Us
    • Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
      rsisvideocast
      school/rsis-ntu
      rsis.sg
      rsissg
      RSIS
      RSS
      Subscribe to RSIS Publications
      Subscribe to RSIS Events

      Getting to RSIS

      Nanyang Technological University
      Block S4, Level B3,
      50 Nanyang Avenue,
      Singapore 639798

      Click here for direction to RSIS

      Get in Touch

    Connect
    Search
    • RSIS
    • Publication
    • RSIS Publications
    • CO15187 | Cybersecurity in Civil Aviation: Need for Industry-wide Approach
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • RSIS Commentary Series
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • Future Issues
    • IDSS Papers
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers

    CO15187 | Cybersecurity in Civil Aviation: Need for Industry-wide Approach
    Tan E Guang Eugene

    01 September 2015

    download pdf

    Synopsis

    Civil aviation is rapidly embracing newer technologies to enable operations to be more efficient. However, ease of use and data availability in civil aviation may pose potential cybersecurity risks to the industry with international implications.

    Commentary

    ON 7 AUGUST 2015, it was disclosed that the databases of American Airlines (AA) and Sabre Corp., one of the largest clearing houses for travel reservations, were hacked. Taken together with the hacking of United Airlines in July 2015, this revelation shows that the civil aviation industry is increasingly prone to cyberattacks, and contains cybersecurity lapses that need to be addressed.

    However, passenger data theft may just be the tip of the iceberg when it comes to cybersecurity in the civil aviation sector. Revenues in the industry top US$388 billion, presenting a tempting target for potential cyber criminals. Revenue streams are not the only target for hackers. The civil aviation industry is also a treasure trove of data, with flight data and personal data being collected by both the airlines and regulators’ servers.

    Next generation air transportation system

    While this data is collected to ensure the physical safety of passengers by securing and verifying the identity of the passenger, the concern is that data collected by hackers could be misused in many ways, including espionage, identity theft and credit card fraud.

    In April 2015, the General Accountability Office (GAO) released a study advising the Federal Aviation Administration (FAA) to take a more comprehensive approach towards cybersecurity as it moves toward a NextGen Air Transportation System. The report singled out three main areas for improvement: air traffic control (ATC), avionics, and the roles and responsibilities among FAA offices. These are long term issues that need to be addressed going forward, but with the advance in and the changing nature of information and communications technology (ICT), these are also urgent issues that need robust and present solutions.

    Integrated nature of civil aviation

    The civil aviation industry is a large and international industry that encompasses many stakeholders, including regulators, airport operators, aircraft and engine manufacturers, and airlines. The industry employs up to 58 million people worldwide in associated jobs, and generates about US$2.2 trillion in GDP yearly. The different sectors in the civil aviation industry are also closely knit, relying on each stakeholder to accurately provide information and services for efficient air operations.

    However, as seen in the AA and Sabre cyberattacks, hackers can strike at different stakeholders in the industry. Therefore, the civil aviation industry in Singapore needs to recognise the industry-wide nature of the challenge cybersecurity poses. Parallels to the civil aviation industry can be drawn from the cyberattack on Target in November 2013 where credentials from an air-conditioning vendor were used by hackers to access the Target network, enabling hackers to install undetected malware, and collect credit card details from cashier terminals.

    As a large department store, Target handles many transactions daily from both customers and vendors, much like the civil aviation industry with its multiple stakeholders and customers, who may not understand cybersecurity risks. Similarly, with multiple payment and vendor systems in the civil aviation industry, the industry is only as resilient to cyberattacks as its weakest link.

    Increasing sophistication of civil aviation technology

    The increasing sophistication of ATC systems and aircraft has benefited the civil aviation industry, but has also raised potential threats to the civil aviation industry. Technological advances have made planes much easier to fly, with improved avionics on-board to help with landings and take-offs. Conversely, overreliance on on-board avionics can also cause tragedy in civil aviation.

    Newer aircraft are also equipped to provide Internet connection to passengers. While having Internet on-board is a boon for passengers living in the digital age, it is a possible security situation for airlines and regulators. The possibility of unauthorised personnel connecting to an aircraft avionics system through Wi-Fi in the plane was flagged as a potential blind spot in a GAO report published in April 2015 on the FAA’s approach toward NextGen cybersecurity.

    Increasingly, air traffic control systems are also modernising to complement and communicate better with aircraft. Improved NextGen systems allow more data to be collected; enable data sharing between air traffic control and aircraft; allow flights to be better routed; and provide more efficient airport management.

    The downside of NextGen technology is the magnitude of air service disruption should the system fail. For example, a computer glitch at an air traffic centre in Virginia caused more than 440 flights to be cancelled along the East Coast of the United States in August 2015. While not a cyberattack, this incident showed the vulnerability of NextGen technology in civil aviation.

    Implications for regional civil aviation industry

    As an international aviation hub, Singapore has kept these cybersecurity threats and blind-spots in view, but challenges remain. Although a small state, Singapore’s flight information reporting zone extends well into the South China Sea, making technology vital to Singapore’s ATC systems.

    NextGen technology – LORADS III – is helping Singapore create a more efficient air traffic management system, especially with planned increases in capacity in the near future. However, ATC systems need to be resilient against cybersecurity threats to ensure the verity of the data produced and provided is not compromised.

    While Singapore can afford these advanced systems, other states in the region may not have such capabilities in aircraft monitoring. This asymmetry in capabilities may pose difficulties toward air traffic growth in the wider region and raises questions on the ability to process and provide data to aircraft passing through the region. These are security questions that need to be addressed as a region, and with the ASEAN Single Aviation Market (ASAM) scheduled to be rolled out by the end of 2015, ASEAN needs to ensure that these air traffic monitoring systems are also adequately protected against cyber mischief.

    In conclusion, the challenge posed by cybersecurity to the civil aviation industry is massive, and with ASAM becoming a reality by the end of 2015, the civil aviation industry must recognise that the responsibility of cybersecurity is indivisible and becoming more international in nature.

    About the Author

    Eugene EG Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University in Singapore.

    Categories: RSIS Commentary Series / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Terrorism Studies / Southeast Asia and ASEAN / Global

    Synopsis

    Civil aviation is rapidly embracing newer technologies to enable operations to be more efficient. However, ease of use and data availability in civil aviation may pose potential cybersecurity risks to the industry with international implications.

    Commentary

    ON 7 AUGUST 2015, it was disclosed that the databases of American Airlines (AA) and Sabre Corp., one of the largest clearing houses for travel reservations, were hacked. Taken together with the hacking of United Airlines in July 2015, this revelation shows that the civil aviation industry is increasingly prone to cyberattacks, and contains cybersecurity lapses that need to be addressed.

    However, passenger data theft may just be the tip of the iceberg when it comes to cybersecurity in the civil aviation sector. Revenues in the industry top US$388 billion, presenting a tempting target for potential cyber criminals. Revenue streams are not the only target for hackers. The civil aviation industry is also a treasure trove of data, with flight data and personal data being collected by both the airlines and regulators’ servers.

    Next generation air transportation system

    While this data is collected to ensure the physical safety of passengers by securing and verifying the identity of the passenger, the concern is that data collected by hackers could be misused in many ways, including espionage, identity theft and credit card fraud.

    In April 2015, the General Accountability Office (GAO) released a study advising the Federal Aviation Administration (FAA) to take a more comprehensive approach towards cybersecurity as it moves toward a NextGen Air Transportation System. The report singled out three main areas for improvement: air traffic control (ATC), avionics, and the roles and responsibilities among FAA offices. These are long term issues that need to be addressed going forward, but with the advance in and the changing nature of information and communications technology (ICT), these are also urgent issues that need robust and present solutions.

    Integrated nature of civil aviation

    The civil aviation industry is a large and international industry that encompasses many stakeholders, including regulators, airport operators, aircraft and engine manufacturers, and airlines. The industry employs up to 58 million people worldwide in associated jobs, and generates about US$2.2 trillion in GDP yearly. The different sectors in the civil aviation industry are also closely knit, relying on each stakeholder to accurately provide information and services for efficient air operations.

    However, as seen in the AA and Sabre cyberattacks, hackers can strike at different stakeholders in the industry. Therefore, the civil aviation industry in Singapore needs to recognise the industry-wide nature of the challenge cybersecurity poses. Parallels to the civil aviation industry can be drawn from the cyberattack on Target in November 2013 where credentials from an air-conditioning vendor were used by hackers to access the Target network, enabling hackers to install undetected malware, and collect credit card details from cashier terminals.

    As a large department store, Target handles many transactions daily from both customers and vendors, much like the civil aviation industry with its multiple stakeholders and customers, who may not understand cybersecurity risks. Similarly, with multiple payment and vendor systems in the civil aviation industry, the industry is only as resilient to cyberattacks as its weakest link.

    Increasing sophistication of civil aviation technology

    The increasing sophistication of ATC systems and aircraft has benefited the civil aviation industry, but has also raised potential threats to the civil aviation industry. Technological advances have made planes much easier to fly, with improved avionics on-board to help with landings and take-offs. Conversely, overreliance on on-board avionics can also cause tragedy in civil aviation.

    Newer aircraft are also equipped to provide Internet connection to passengers. While having Internet on-board is a boon for passengers living in the digital age, it is a possible security situation for airlines and regulators. The possibility of unauthorised personnel connecting to an aircraft avionics system through Wi-Fi in the plane was flagged as a potential blind spot in a GAO report published in April 2015 on the FAA’s approach toward NextGen cybersecurity.

    Increasingly, air traffic control systems are also modernising to complement and communicate better with aircraft. Improved NextGen systems allow more data to be collected; enable data sharing between air traffic control and aircraft; allow flights to be better routed; and provide more efficient airport management.

    The downside of NextGen technology is the magnitude of air service disruption should the system fail. For example, a computer glitch at an air traffic centre in Virginia caused more than 440 flights to be cancelled along the East Coast of the United States in August 2015. While not a cyberattack, this incident showed the vulnerability of NextGen technology in civil aviation.

    Implications for regional civil aviation industry

    As an international aviation hub, Singapore has kept these cybersecurity threats and blind-spots in view, but challenges remain. Although a small state, Singapore’s flight information reporting zone extends well into the South China Sea, making technology vital to Singapore’s ATC systems.

    NextGen technology – LORADS III – is helping Singapore create a more efficient air traffic management system, especially with planned increases in capacity in the near future. However, ATC systems need to be resilient against cybersecurity threats to ensure the verity of the data produced and provided is not compromised.

    While Singapore can afford these advanced systems, other states in the region may not have such capabilities in aircraft monitoring. This asymmetry in capabilities may pose difficulties toward air traffic growth in the wider region and raises questions on the ability to process and provide data to aircraft passing through the region. These are security questions that need to be addressed as a region, and with the ASEAN Single Aviation Market (ASAM) scheduled to be rolled out by the end of 2015, ASEAN needs to ensure that these air traffic monitoring systems are also adequately protected against cyber mischief.

    In conclusion, the challenge posed by cybersecurity to the civil aviation industry is massive, and with ASAM becoming a reality by the end of 2015, the civil aviation industry must recognise that the responsibility of cybersecurity is indivisible and becoming more international in nature.

    About the Author

    Eugene EG Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University in Singapore.

    Categories: RSIS Commentary Series / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Terrorism Studies

    Popular Links

    About RSISResearch ProgrammesGraduate EducationPublicationsEventsAdmissionsCareersVideo/Audio ChannelRSIS Intranet

    Connect with Us

    rsis.ntu
    rsis_ntu
    rsisntu
    rsisvideocast
    school/rsis-ntu
    rsis.sg
    rsissg
    RSIS
    RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    Getting to RSIS

    Nanyang Technological University
    Block S4, Level B3,
    50 Nanyang Avenue,
    Singapore 639798

    Click here for direction to RSIS

    Get in Touch

      Copyright © S. Rajaratnam School of International Studies. All rights reserved.
      Privacy Statement / Terms of Use
      Help us improve

        Rate your experience with this website
        123456
        Not satisfiedVery satisfied
        What did you like?
        0/255 characters
        What can be improved?
        0/255 characters
        Your email
        Please enter a valid email.
        Thank you for your feedback.
        This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
        OK
        Latest Book
        more info