There isn’t a year that goes by in which cybersecurity does not remain high on the agenda for the air transport industry. However, the need to ensure faster progress towards implementation of concrete cyber prevention and management initiatives remains an acute challenge.
Yes, spending and investment is increasing in this area year-on-year, reaching $3.9 billion in 2018. But is this sufficient? Our own research suggests not.
Despite seeing an uptick in the amount airlines spend, it still remains at the low rate of 9 per cent of their overall IT budget on average. The same was true of airport investment in cybersecurity last year, although rising from 10 per cent in 2017, it only stood at 12 per cent of overall IT budgets in 2018.
Also, the number of cyber threats continues to grow exponentially every year, as does the sophistication of those threats. Given the complexity and the integrated nature of the air transport industry, we need to move far more quickly in establishing proactive defences to ensure we stay ahead of the game.
Although cybersecurity isn’t getting the investment it deserves, and there’s still a way to go to effectively bolster the aviation industry’s defences, executives are working hard to prioritise detection and prevention. That’s good news.
It is a clear sign of the growing importance of protecting aviation data and systems. I am confident that the industry is taking their responsibilities towards cybersecurity seriously with greater strides being made to implement proactive cybersecurity measures. The importance of cybersecurity is well recognised and airlines and airports are investing in building a solid security foundation.
Measures include proactive network monitoring and protection, securing the extended enterprise (cloud and Internet of Things (IOT) enabled technologies) and protection from internal threats such as data leaks.
In the same research, our findings indicated that more needs to be done to raise the importance of cybersecurity as a stand-alone issue.
For example, only 31 per cent of organisations within the industry have a dedicated Chief Information Security Officer (CISO). This role is seen as crucial in ensuring the visibility of cybersecurity at an executive level, particularly when it comes to belief in its effective implementation.
Another barrier to implementation is a lack of resources, which affects 78 per cent of air transport industry organisations, along with recruitment issues. Senior executives face the serious challenge of talent retention and recruitment of specialised skilled staff and the capacity for staff training.
Moving from awareness to action can of course be challenging when it comes to cybersecurity. However, our industry is aware that greater steps need to be taken to implement proactive measures.
This means assessing and defining airport business processes and assets, to identify what’s truly critical.
Investments are being made to build a solid security foundation, but there are still obstacles to overcome to speed up progress.
That is why we have built up a portfolio of cybersecurity solutions that help air transport industry organisations monitor, detect and manage cyber risks.
It is only by collaborating as an industry that we can move forward faster and ensure our industry remains well protected and prepared.
Overall, we need to see more investments, actions and resources allocated to cyber security to ensure maximum protection for the ever-expanding aviation industry.
Jihad Boueri is Vice-President of Airports and Airlines at SITA.