The World Economic Forum (WEF) has published a white paper calling for global collaboration to enhance cyber resilience in the aviation industry.
Some Aviation Industry Facts
The aviation sector is a massive industry. According to the Air Transport Action Group (ATAG), if the aviation industry were a country it would rank 20th in the world for Gross Domestic Product (GDP). It currently generates approximately $704.4 billion of GDP per year. The forecast is that the aviation industry will directly contribute $1.5 trillion to the world’s GDP by 2036.
In 2019, 4.5 billion passengers were carried by the world’s airlines. Furthermore, over 65 million jobs worldwide are supported in the aviation and the related tourism industries. Of this, 10.2 million people work directly in the aviation industry.
The above figures indicate how vital the aviation industry is to the world economy. Cyber security and resilience are thus critical for any stakeholder affiliated with, or dependent on, aviation and air travel. The aviation industry is very important to local national security and the global economy.
Problems in the Aviation Industry
Aviation systems are more interconnected than those in other industries. A cybersecurity issue in one area of the industry could affect many other areas. It could even affect aviation systems in other countries. Consequently, even though the digitalization of airports and aviation applications has improved the aviation industry, these have also created new far reaching vulnerabilities that need to be carefully managed.
In the aviation industry, a cybersecurity failure would have significant consequences. If cybersecurity fails in a single airline, people could die. If cybersecurity is completely compromised in one or more airports, a domino effect could impact the global industry. It could also adversely affect public safety and thus public confidence in the industry and damage the global economy.
“Compromise of aviation systems resulting in incorrect data flowing between aircraft, aircraft maintenance organizations, airports and air navigation systems could have a critical impact,” warns the WEF.
WEF’s Answer to Cyber Resilience in the Aviation Industry
The WEF has published a white paper called “Advancing Cyber Resilience in Aviation: An Industry Analysis”. It discusses how to improve cyber resilience in the aviation industry. Also included are the outcomes from interviews, surveys and workshops conducted by the WEF. These were conducted with industry participants, trade associations, regulators, air navigation service providers, airlines, airports and Original Equipment Manufacturers (OEM). Also involved were Information and Communication Technology (ICT) businesses and insurance businesses working with and supporting the aviation industry.
The paper states that the WEF’s end goal “…is resilience, which we define as the ability to quickly and efficiently identify and minimize the impact of an incident so as to allow an organization to continue its mission as effectively as possible.”
Three Primary Focus Domains
The paper identifies “three primary domains of focus where collective action can be improved to identify and manage cyber risk.” These domains are people, capital and risk management and, technology and operations.
With regards to the last domain, the WEF makes three recommendations. Firstly, enforcing security by design when developing new connected devices and systems. Secondly, taking a holistic, risk-based approach to preventing and responding to cyberattacks. Thirdly, that the aviation industry improves its understanding of “shared risk” and to promote this concept in its supply chain.
Further WEF’s Initiatives
To help the aviation industry more effectively confront cybersecurity threats in the future, the WEF’s has launched a further initiative.
Over the coming year the WEF intends to engage “a multi-stakeholder community to co-design and pilot a common approach methodology which will be shared with the Forum’s policy community.”