A new study published today by the World Economic Forum (WEF) has identified the need for cybersecurity practices within the aviation sector to be unified.
The study—Pathways to a Cyber Resilient Aviation Industry—describes how airlines, airports, and aircraft manufacturers currently take different approaches to countering cyber-risks. It includes a warning that rising levels of interdependency within the industry "can lead to systemic risks and cascading effects."
To guard against these risks, the WEF connected with leaders from 50 organizations, including ACI, EASA, IATA, and Eurocontrol, to determine how the aviation sector can prepare against future security incidents and cyber-attacks.
The coalition urged the global adoption of nine principles it came up with to unify security requirements across the industry.
On an international level, the coalition would like to see regulations aligned globally and the development of international information-sharing standards. It also called for the creation of an impartial assessment and benchmarking framework and a baseline of cyber-resilience across the supply and value chain.
Nationally, the group want re-skilling to be enabled and more-open communication regarding aviation incidents to be rewarded.
Organizational priorities expounded upon by the coalition were the integration of cyber-resilience in business resilience practices, the improvement of collaboration, and the need to ensure risk assessment and prioritization around cybersecurity.
“The aviation industry has developed a strong track record of safety, resilience and security practices for physical threats and must integrate cyber risks into this culture of safety and resilience,” said Georges De Moura, head of industry solutions, Center for Cybersecurity, World Economic Forum.
“A common understanding and approach to existing and emerging threats will enable industry and government actors to embrace a risk-informed cybersecurity approach to ensure a secure and resilient aviation ecosystem.”
Chris Verdonck, partner at Deloitte, Belgium, said that creating trust between cross-sector organizations and national and supranational authorities, as well as adopting a collaborative cyber-resilience stance, would be a "logical yet challenging next step" for the aviation industry.
He added: “However, if the effort is not collective, cyber risks will persist for all. Further solidifying an extensive and inclusive community and developing and implementing a security baseline is key to adapt to the current digital reality.”