Aviation Industry Vulnerable to Cyber Attack

On Sunday the 12th of April, Hobart International Airport became the latest victim of cybercrime when its website was infiltrated and defaced with a statement supporting the radical group, Islamic State.

The airport’s website was shut down when police were made aware of the attack at around 3.30am on Sunday the 12th, and wasn’t back online until more than 48 hours after the incident. Australian Federal Police are investigating the incident, confirming that it replicates a number of recent attacks on other websites worldwide that use the same web hosts as the airport.

The attack on Hobart International Airport came just weeks after Peter Armstrong, head of cyber strategy for The Willis Group, presented on the matter of cyber security at the Aviation Insurance Conference in Hong Kong. Armstrong warned that the aviation sector was “particularly vulnerable in the cyber risk space,” fears that have been echoed across the Risk Management and Technology industries. IT experts, Infosec Institute have recently claimed cyber terrorism to be “replacing the bomber and hijacker and becoming the weapon of choice when it comes to attacks against the aviation industry.”

So, why has the risk increased for the aviation sector?

Cyber attacks provide a low-cost, low risk means to carry out disruptive activity with an aim to damage a business, gain financially or further a political agenda. As the aviation industry relies on integrated computer systems for almost every aspect of the business, it is more susceptible to an attack of this nature. The IT system of an aviation business hosts a wealth of private information that is extremely attractive to a hacker. Furthermore, as it is often interlinked with a variety of other systems industry wide, the sheer size and integration of the system provides cyber criminals with more scope to carry out their activities once inside.

The American Institute of Aeronautics has recently launched a cyber security framework for the sector, however Peter Armstrong warned that it’s not enough to mitigate the risk. He warned that aviation companies are only just beginning to consider cyber security to be a significant risk, which is a huge oversight that potentially leaves them open to an attack.

Risk managers within aviation organisations and indeed any organisation that holds sensitive information should work more closely with their brokers in order to gain a better understanding of cyber crime and how to reduce the likelihood of becoming the next victim.

A Cyber Insurance policy provides specific cover to businesses to protect them against cyber attacks online, such as the Hobart Airport example. Depending on the circumstances, a Cyber Insurance policy may include:

  • Privacy Protection – Third party claims from a failure to keep data secure.
  • Breach Costs – Reimbursement of your own costs when a data breach occurs.
  • Cyber Business Interruption – Compensation for lost or reduced revenue.
  • Cyber Liability – Third party claims as a result of content in email, on the intranet, extranet or website.
  • Hacker Damage – Reimbursement for costs to repair, replace or restore systems and data as a result of a hack.
  • Cyber Extortion – Payment of ransom demands, and specialist consultant fees, where a hacker holds, or threatens your network, programs or data.

For more information, speak to your PSC Connect Authorised Representative.

Disclaimer

Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy.

The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.