Airlines, are you reacting too slowly to cyberattacks?

May 4, 2017

Post image for Airlines, are you reacting too slowly to cyberattacks?

By Jonathan Kletzel

The speed at which an airline reacts to a cyberattack is critical. We now know that it takes an average of 6-18 months to detect an intrusion. That’s a long time for a hacker to be hunting around your organization. So it makes it extremely important that you have a rapid response that completely eliminates the threat from your environment – not just temporarily, but for good.

Quick reactions require a lot of careful planning and practice. Some airlines assume they’ve safeguarded themselves with prevention and detection procedures and so they don’t see the attacks that get through those defenses – until after they occur.

How do you create an effective reaction strategy that minimizes damage? In part 4 of our Aviation perspectives: Cybersecurity and the airline industry, we discuss some of the essential elements. Here’s a brief outline:

  • Define parameters and protocols. This step lays the foundation for the strategy by categorizing the severity of attacks according to potential impact. Severity level includes an assessment of potential financial exposure and the number and type of systems involved. Once an attack is categorized, your plan should trigger notifications inside and outside the organization.
  • Create response structures. Airlines should have three distinct types of incident response structures: for information technology incidents, for natural disasters or other major disruption, and for cyber incidents. These structures should work together to capture all incidents so that no information falls through the cracks.
  • Establish regional capabilities. With attacks liable to happen at any time (often when you least expect it), global airlines need to have resources in different parts of the world skilled to deal with those attacks.
  • Develop the three-legged stool. This refers to the core team responsible for dealing with an attack: team members from information or cyber security, legal and corporate communications. A leading practice is to form a working group with permanent representatives from these three groups who are responsible for creating, reviewing, updating and incorporating lessons learned from cyber incidents.
  • Adequately fund and staff. At least one person should be dedicated to the incident response role. But that’s generally not enough: airlines should retain specialized help that is integrated into the organization’s cyber program to supplement skills that might be lacking.
  • Simulate and practice. Airlines can use simulation exercises to help them prepare for cyber incidents by walking through plans and procedures. The more airlines practice, the quicker and more adept they become at reacting to an attack.
  • Capture and apply lessons learned. Once an incident is dealt with, the natural tendency is to move on. But attacks are valuable learning opportunities, if analyzed properly. By looking at what worked and what didn’t, airlines can improve protocols and tactics and strengthen their overall cybersecurity strategy.
  • Report threats. The Aviation Information Sharing and Analysis Center is chartered to allow airlines to proactively and confidentially share information. This helps all airlines get a better handle on the current threat environment so they can respond to attacks.

This is my fourth blog based on our report series discussing cyber security in the airline industry. We’ve devoted a lot of attention to this topic because cybercrime is a growing problem in our society at large, and global and regional airlines will continue to be targeted in new, innovative ways. There are no easy solutions, and so airlines will need to dedicate the same kinds of leadership, drive, strategy and investment to cybersecurity as they do to running their other business operations.

©2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

Print Friendly, PDF & Email

Previous post:

Next post: