As attackers change their techniques to infiltrate systems and networks, cyber-attacks against critical infrastructure continue to bring risk to the air transport network. Aviation presents unique challenges due to the interconnected components within its ecosystem of airlines, airports, air traffic control, flight operations, air navigation services, maintenance, the supply chain, vendors, manufacturers, etc. Additionally, the aviation sector has become increasingly dependent on various technological advancements to ensure the safety and efficiency of its operations. The adoption of new technologies and increased connectivity presents several challenges that increase the risk of cyber-attacks.
Although hackers and other external parties can initiate cyber-attacks to exploit vulnerabilities within these systems, there are also insider threats and hazards posed by untrained employees, disgruntled personnel, and third-party access throughout the aviation supply chain. Consequently, various points of entry can make these systems vulnerable. Cyberattacks affect all connected systems and third parties. Any incident could have severe consequences that may result in the disruption of businesses, financial losses, reputational damage, compromised flight safety, and/or decreased trust in the aviation sector.
Aviation practitioners need to understand the risks and manage the challenges associated with a mix of legacy and new technologies, inefficient processes, and untrained personnel. Cybersecurity includes information technology (IT) and operational technology (OT) systems that can impact flight safety and routine operations. Cybersecurity affects all areas of an enterprise it is important that all employees understand and contribute to best practices. This includes board members, executives, and all management levels.
To address the importance and urgency of protecting civil aviation’s critical infrastructure against cyber threats, Embry-Riddle Aeronautical University, in collaboration with ICAO, designed a 40-hour foundational course to introduce aviation practitioners to the domain of cybersecurity — focusing on the aviation field. During the first 16 hours, students will receive an introduction to core concepts and principles. Then the course will divide into two tracks 1) Leadership and 2) Technical Management. The leadership track focuses on governance and risk management, organizational resilience and incident response. The Technical Management track focuses on securing various organizational assets and systems and building resilient systems. Participants are encouraged to select the path that aligns with their respective roles and responsibilities. Both tracks are taught for another 16 hours, with all attendees coming together for the remaining eight hours to focus on various exercises that put their knowledge into practice.
Click here for more information on the upcoming sessions of the Foundations of Aviation Cybersecurity Leadership and Technical Management course.