Airline cybersecurity: What happens when prevention fails?

December 6, 2016

Post image for Airline cybersecurity: What happens when prevention fails?

By Jonathan Kletzel, US Transportation & Logistics Leader

In my last blog post on airline cybersecurity, I talked at length about how to minimize the possibility of a cyberattack. But no plan is foolproof. So I can’t overstate the importance of having effective defenses when an attack occurs. Note, I said “when,” not if, because attacks are inevitable. But airlines can help reduce any damages by identifying attacks early—sometimes even at inception. What is clear is that the earlier one detects an intrusion, the more likely the damage can be contained. Intrusions that go on for months can give an attacker an opportunity to dive deep into the organization and disrupt operations and steal critical data.

What does it take for an airline to build a good defensive system? In part 3 of our Aviation perspectives: Cybersecurity and the airline industry, we take a look at some of the key building blocks. We’ve learned from doing post-mortem analyses of incidents that clients can lack monitoring processes and tools. If those exist, and are effective, there can still be issues with communicating the threat and related protocols. In many cases, we’ve found that tools being used are rudimentary and can’t correlate data across multiple systems and events.

This is hardly surprising. Technology-savvy hackers are always looking for ways to initiate an attack. So detection protocols have to be one step ahead. That takes funding. Unfortunately, it is often harder to get funding for detection efforts than for prevention. Prevention measures, such as encryption and access control, are tangible and easier to comprehend. Detection, on the other hand, involves generally unknown actors, uncertain penetrations, and unpredictable timing. It can be hard to build—and maintain—a leading-edge detection system.

Airlines have to be especially vigilant in maintaining their detection systems. Aviation, by its very nature, is such a highly interconnected industry. Many different systems and players have to work cooperatively, from billing and reservation systems to aircraft engine telemetry. That brings lots of benefits but also more risks. One weak link is all it takes to allow an attacker access to a core system.  Recently, we saw that an attack on an organization’s air conditioning vendor allowed hackers to penetrate the corporate network. It’s just this kind of weakness in a third party that can lead to trouble.

Leading airlines include detection as part of their cyber programs. It enables them to react so fast to attacks that response times are virtually instantaneous. Because they can move decisively and swiftly, they can limit (even prevent) losses and stop an intruder from hiding in the enterprise’s networks and damaging them later. Certainly, it’s best to be able to prevent an attack, but the next best thing is to make sure you have secure defenses when an attack occurs.


©2016 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.  This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.


Print Friendly, PDF & Email

Previous post:

Next post: