The Senate Committee on Commerce, Science, and Transportation convened a hearing addressing cybersecurity threats in the aviation industry on Wednesday. “The reality is stark. Our aviation industry is under constant threat from cyber attacks, up 74% since 2020,” said committee chair Maria Cantwell (D-Washington).
Cantwell began the hearing by recounting how a recent cyber attack on Seattle-Tacoma International Airport (KSEA) personally affected her. “Airport leaders…shut down various computer systems that run everything from ticketing to display boards to baggage claims, creating a confusing environment for passengers and workers and, yes, delaying flights,” she said. “The display boards were down for a week. I personally ran through the airport trying to catch a flight, not sure if I was going to the right gate.”
Lance Lyttle, aviation managing director at KSEA, said previous plans to prepare for an event helped the airport navigate the crisis. “We were fortunate that we actually did a tabletop exercise that simulated a ransomware attack in the past. I can tell you in reality it's a whole lot more complicated, but it actually helped also having continuity of operations plans in place in every department,” he said.
Meanwhile, Marty Reynolds, managing director for cybersecurity at Airlines for America and former brigadier general of the U.S. Air Force, warned that there is currently not a sufficient amount of information sharing among federal agencies in regard to aviation cybersecurity.
“Although federal agencies have made strides to improve information sharing such as multi-agency threat bulletins, information sharing among federal agencies and with the aviation sector needs improvement,” he said. “The existing information sharing processes lack the speed of relevance and do not consistently validate if existing policies and regulatory requirements are staying ahead of evolving threats.”
John Breyault, v-p of public policy, telecommunications, and fraud at the National Consumers League, also warned about the risk of cyber theft that is prevalent in the industry.
“The vulnerability of airline reward programs has the potential to affect even more consumers. The value of unused miles and passenger rewards accounts is staggering. According to one estimate, the top five U.S. airline loyalty programs ended 2020 with a combined balance of 27.5 billion in unused loyalty program miles, up 2.9 billion from 2019,” he said. “Unsurprisingly, all of those unused miles are an attractive target for cyber thieves.”