Security the Winner as Airlines Plan Big Investments

Security the Winner as Airlines Plan Big Investments

Some 91% of airlines plan to invest in cybersecurity over the next three years as IT budgets rise and planes become more connected than ever before, according to a major new study.

SITA’s annual Airline IT Trends Survey features the opinions of senior IT decisions makers in each of the world’s top 200 passenger carriers.

The majority expect budgets to increase over the coming year, up from just one-third last year, with software development moved in-house and operations increasingly outsourced.

Also, the number of respondents who claimed they’re making “advanced preparations to manage cyber risks” jumped from 47% to 91%.

The focus on security can be linked to the uptick in Internet of Things (IoT) development in the industry, as more and more aircraft are fitted with embedded computing systems to support things like media streaming to passenger devices and internet connectivity.

Over two-thirds (68%) of airlines are investing in IoT programs in the next three years, up from 57% this time last year. 

As aircrafts become ‘smarter’ and more connected, the chances of them being hacked increases, so it’s right that IT bosses are focusing on cybersecurity.

Security researcher Chris Roberts has done a lot of work in this area.

Last year the FBI famously accused him of effectively hacking a plane, enabling him to make it fly sideways for a period.

Roberts was also detained for questioning after sending a now infamous tweet about his activities which got him kicked off a United Airlines flight in April.

However, manufacturer Boeing claimed in a statement that what he’s accused of doing is impossible, because the plane’s flight and navigation systems are separated from its in-flight entertainment computers – through which he's said to have gained access.

Many of the security issues associated with embedded computing could be solved by cryptographically signing the chip firmware and anchoring it in the silicon so it can’t be wiped or over-written.

Source: Information Security Magazine