ANC Talks: SITA brings cybersecurity to the discussions

Conversations with SITA, as part of an ongoing series of discussions that bring the industry and aviation stakeholders together to discuss different topics on the future of aviation.


Within their efforts to engage with the industry and other stakeholders,  SITA, a global specialist in air transport communications and information technology, visited the Air Navigation Commission to discuss data governance, cybersecurity, and the importance of using current technologies such as artificial intelligence or blockchain to enhance processes in the aviation sector and ultimately improve the passenger’s experience.

Today, businesses are embracing cyber tools to connect their internal staff and operations. Civil aviation relies more than ever on cyber-enabled technologies to increase air transport safety and efficiencies. As companies embark in this digital revolution, they are more exposed to the external world and the threats that are part of it. Although this digital revolution also brings with it increased vulnerability to cyber threats, the implementation of solid cybersecurity mechanisms has the capacity to effectively avoid or mitigate such threats.

Discussions centred on providing an appreciation of the challenges and opportunities related to cybersecurity. They were also aimed at promoting an understanding of the role of companies specializing in information technology (IT) and communications for airlines, airports, air navigation service providers, and other players of the aviation industry. In essence, companies offering IT services in the aviation industry are typically required to handle huge amounts of data, and then transform that data into relevant information and/or products designed to improve connectivity and interactions both internally and for customers. Leveraging the acquired knowledge and experience to the aviation sector can be attained by building resilient and effective communication systems.

Data is becoming the core corporate asset because it has the potential to determine the success of a business in the ways data has the potential to be exploited. To achieve a successful digital transformation, companies and organizations have been establishing data governance structures. The challenge has been to implement data governance frameworks that fit with the objectives and business model of the entity. These frameworks have the capacity to control the data standards needed while delegating roles and responsibilities within the company or organization, and in relation to the company ecosystem in which it operates.

Artificial intelligence has emerged as a prominent technology in cybersecurity applications and is set to play a major role in the security architecture of future enterprise networks. AI has the potential to improve the accuracy of threat detection, it can help cybersecurity teams to eliminate false positives, and to a larger extent, it helps improve security and efficiency. While this enhanced communication and integration is essential for the improvement of financial and operational performance, it does provide more opportunities for those seeking to exploit these advances.

As the aviation sector increasingly adopts advanced technologies, it also responsibly upgrades security procedures to allow for safe innovation. Overall, security procedures to date have been effective, safely integrating many technological advances introduced to aircraft and airlines. The industry continues to see major technological advances that contribute to the complexity of protecting data and assets.

When dealing with a cyber incident, organizations often discover that there were signs of an intrusion long before the breaches were identified. During this time, an attacker has the opportunity to identify critical systems, locate valuable data, and execute the most devastating attacks. This is why SITA insisted during these discussions that early detection, along with a clearly defined set of operational processes to quickly address an attack, is vital to reducing the consequences. Part of the challenge of detecting security breaches involves keeping up with the constantly evolving set of threat actors, targets and vectors.

Detection, on the other hand, is a moving target with generally unknown actors, uncertain penetrations, and unpredictable timing. Since attacks are so varied, it can be hard to build a leading-edge detection system.  Aviation industry players face an additional burden in that they have extensive third party networks. And to add on to these challenges, companies in the field have to deal with an ever-increasing interconnectedness that provides operational efficiencies simultaneously, but also introduces further risk to its users.

It is certain that cyber-attacks will continue to happen and grow in number, cost and sophistication. These threats will certainly be varied in nature, but their impacts, when not countered on time, could have devastating consequences for a company. They could affect their information technology systems internally, as well as with external entities, and break, as a consequence the linkages that ensure the seamless communication among interconnected parties. This is why IT companies typically establish a cybersecurity team to monitor the possible emergence of such threats that is responsible for detecting, protecting and also reacting in case of attack.

With increased interconnectivity both within airlines and between airlines and other aviation industry stakeholders, the importance of a good detection programme has become increasingly important. An additional measure aimed at maintaining communication within all of the systems interacting with each other, IT companies also have redundancy or recovery plans to ensure that the business will continue its activities and depending on the severity of the attack, a civil option is available. A team is available 24/7 to ensure that internal as well as partner and customer data is still available to seamlessly flow information and that it remains secure.

To mitigate threats that come hand-in-hand with the inevitable increased accessibility of data, companies need to reassess all facts of their business and establish internal protocols to effectively manage them. One important point that SITA mentioned during the ANC Talk was the importance of educating partners and employees on the existence of potential threats like spoofing, and to keep them informed on any possible threats by adopting a transparent approach to internal, as well as external relations, ensuring a collaborative approach to address such threats.

To conclude, it was suggested during the discussions that a standard on cybersecurity needed to be adopted, specifically because aviation is a global and interconnected human activity and harmonizing cybersecurity practices will undoubtedly reduce the risk on failures. The resolution A40-10 – Addressing Cybersecurity in Civil Aviation has been adopted during the 40th session of ICAO Assembly. The resolution addresses cybersecurity through a horizontal, cross-cutting and functional approach, reaffirming the importance and urgency of protecting civil aviation’s critical infrastructure systems and data against cyber threats and calls upon States to implement the ICAO Cybersecurity Strategy. More details on ICAO’s cybersecurity initiatives are available on the Organization’s public website here.

After the ANC Talk, Nabil Naoumi, the President of the ANC and Jean Paul Isson, Chief Data Science and Artificial Intelligence Officer at SITA, had a short discussion on the outcome of the ANC Talks. Excerpts from this are shared in the video below.


About the authors

Dunia Abboud is Associate Analysis Officer in the Air Navigation Bureau at ICAO. Her work focuses on the advancement of data-driven decision making around the world, and she is now increasingly involved in innovation initiatives at ICAO.

Nabil Naoumi was elected President of the ICAO Air Navigation Commission for the year 2020 after serving on the ANC and as the Alternate Representative of the Federal Republic of Germany on the Council of ICAO since May 2016. Prior to that, he worked in several departments of the German Federal Aviation Office where his many tasks included the approval and oversight of production and maintenance organizations.