Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Aerospace
  • /
  • Bridewell Consulting reports on aviation's cyber security vulnerability

Aerospace Security

Bridewell Consulting reports on aviation's cyber security vulnerability

Eighty-eight percent of UK aviation organisations have detected cyber attacks on their Operational Technology (OT) or Industrial Control Systems (ICS) in the last 12 months, with 95% of these encountering at least one successful attack, according to new research from independent cyber security services company, Bridewell Consulting.

Image courtesy Bridewell Consulting

These findings come despite over three-quarters (78%) of organisations saying they are confident that their OT systems are protected from cyber threats, highlighting a degree of misplaced confidence in CNI cyber security in the sector.

The research, which surveyed 250 UK IT decision makers in the aviation, chemical, energy, transport, and water sectors, found aviation to be one of the most confident sectors when it comes to cyber security, despite detecting the highest volume of attacks.

Advertisement
ODU RT 2

Aviation organisations are facing increasing risks posed by ageing legacy infrastructure that is becoming increasingly connected. The majority (88%) rely on OT systems that are between 6-20 years old, with over half (52%) between 11-20 years old. Systems are also increasingly accessible with 88% confirming that OT / ICS environments are accessible from corporate networks. Whilst over half (52%) say systems are currently not accessible from the Internet, of those, 54% plan to make them accessible in the future, potentially widening the attack surface and introducing new threats.

The research also reveals aviation organisations believe third party suppliers and partners pose the lowest risk. This is despite the National Cyber Security Centre (NCSC) and revisions to the NIS Directive (NIS 2) identifying the supply chain as a significant area of risk for CNI organisations, indicating a possible educational challenge over certain cyber threat vectors in the sector.

“The report highlights some nuances between how some organisations in the aviation sector perceive their cyber security posture versus reality” said Scott Nicholson, Co-CEO at Bridewell.

“Security vulnerabilities, whilst challenging to remediate within some CNI organisations, could have serious implications, not just in terms of substantial monetary fines but also risks to public safety and even loss of life, so organisations simply cannot afford to be complacent.”

Covid-19 has also intensified cyber threats with nearly half (45%) of UK aviation organisations experiencing increased attacks since the pandemic began. Yet over a quarter (28%) have reduced cyber security budgets in response. This is putting increasing pressure on IT and security teams with 82% agreeing they have felt an increasing pressure to improve cyber security controls for the OT / ICS environment in the last 12 months.

Advertisement
ODU RT

Encouragingly, 98% of organisations are carrying out some form of security assurance activities. However, less than half (44%) carry out penetration testing and only 37% conduct red, blue or purple team exercises, vital activities that can identify vulnerabilities and reduce the likelihood of attacks.

This could be due to mounting pressures, with understanding regulation cited as the top challenge facing teams today (cited by 34% of respondents), followed by a lack of knowledge/skills (32%). While 86% believe they currently have the right skills in place to maintain and secure their OT environment, worryingly 84% agree the UK’s CNI industry will be impacted by a critical cyber security skills shortage in the next three to five years.

“Aviation remains one of the most targeted sectors and while legislation like the NIS Directive and regulations has certainly helped to improve cyber security in the sector, there’s still room for improvement. Proactive cyber security activities such as vulnerability management, penetration testing, patching and threat assessments should be standard practice across the industry. This can be a challenge when balanced against the operational demands of the business, but the bad guys don’t care, so steps need to be taken to improve security before it’s too late,” concluded Nicholson.

 

Advertisement
Northrop Grumman 2 Northrop Grumman 2
Rolls-Royce’s Edward Prince to join UKEF Executive Team

Aerospace

Rolls-Royce’s Edward Prince to join UKEF Executive Team

20 December 2024

Senior Rolls-Royce plc executive Edward Prince has been appointed as Director of Large Corporates & International at UK Export Finance (UKEF).

NATS publishes Responsible Business Report

Aerospace

NATS publishes Responsible Business Report

19 December 2024

UK air traffic control service provider, NATS, has published its latest Responsible Business Report, which outlines the tangible progress made in all areas of sustainability for the year ended 31st March 2024.

Stansted to introduce barrier free system at forecourt drop off area

Aerospace

Stansted to introduce barrier free system at forecourt drop off area

18 December 2024

London Stansted is to introduce a new barrierless system for vehicles dropping off passengers at its Express Set Down (ESD) area as part of the airport’s £1.1 billion transformation programme.

GACA appoints CAAi to harmonise safety regulatory framework with EASA

Aerospace

GACA appoints CAAi to harmonise safety regulatory framework with EASA

17 December 2024

The General Authority of Civil Aviation (GACA) of Saudi Arabia has appointed CAA International (CAAi) - the UK Civil Aviation Authority’s technical cooperation arm - to harmonise Saudi Arabia’s aviation safety regulatory framework with the European Union Aviation Safety Agency (EASA).

Advertisement
ADS S &P RT
RTX

Aerospace

RTX's Collins Aerospace upgrades King Air and Hawker aircraft avionics

17 December 2024

RTX's Collins Aerospace has announced a comprehensive avionics upgrade and modernisation programme for Beechcraft King Air and Hawker aircraft, spanning Collins' Pro Line Fusion and Pro Line 21 advanced avionics systems.

RTX

Aerospace

RTX's Pratt & Whitney GTF engine gains FAA certification for A321XLR

16 December 2024

RTX's Pratt & Whitney announced today that it has received US Federal Aviation Administration (FAA) certification for the GTF engine that will power the Airbus A321XLR aircraft.

Advertisement
ODU RT