An ongoing, FBI investigation has stressed the importance that cyber risk will play on the future of the airline industry and global broker Willis has backed the reports.
The FBI are currently investigating security researcher Chris Roberts, who reportedly hacked a United Airlines flight from Chicago to Syracuse, while sitting on the plane.
Wired.com reported that Roberts tweeted of his success and was then met by federal law enforcement at his arrival gate and, since the incident, Robert’s has revealed to
The Telegraph that he has hacked 15 or 20 planes throughout his career.
In April,
Insurance Business reported that attacks such as the ones exposed by Roberts are top of mind for many in the aviation industry as they could provide a way for terrorists to control planes by hacking on-board WiFi.
Peter Armstrong, executive director and head of cyber for Willis’ FINEX Global, believes that cyber provides a genuine risk for the aviation industry and that the concern will not be going away any time soon.
“Cyber vulnerabilities are a real and pervasive issue for all airline operators,” Armstrong wrote on the Willis blog.
“Threats come from nation state actors, terrorists, hacktivists (including purported safety hackers like Roberts) and organised criminals. These threat actors are interested in different data, information and access.
“It is feared that terrorists may utilise cyber vulnerabilities to enable, accelerate or amplify the existing physical threats of which the sector is aware.”
Armstrong notes that airlines offer key vulnerabilities that hackers are likely to exploit in future.
“Of particular concern is the vulnerability of aircraft platforms. The ongoing FBI investigation into whether Chris Roberts hacked into aircraft flight systems whilst in-flight clearly shows the level of platform vulnerabilities.”
Armstong warned the aviation industry that it needs to sit up and take notice of the new cyber war that could be waged against them, as risk management will prove key to ensuring the safety of all those involved.
“Simply, the risk quantification decisions and provisions you have made to date almost certainly underestimate the total exposure when cyber vulnerabilities are factored into the analysis.
“You need to ask whether your risk assessment is under–representative of the total scale of exposure in your portfolio and whether the frequency, impact assumptions of material critical risks are likely to be under–represented with the company carrying a significant unquantified and un-insured risk.
“Aviation as a sector is in the sights of the threat actors and all operators need to accelerate and amplify their response.”
