As aviation stakeholders, including Boeing and IATA, have grown louder about cyber security threats to airlines, new preliminary data from an ongoing AirInsight study has found that 42% of airlines surveyed still do not have a cyber security plan in place for their pilots’ electronic flight bags (EFBs).
To date, 46 airlines from around the world have participated in the AirInsight survey. A total 42% of these airlines admit they do not have a cyber security plan. The study will ultimately seek to extrapolate further data concerning which of these EFBs are mobile and move around the system, and are therefore potentially more prone to attack. Prior findings about tablet-based EFBs in specific determined that most do not have cyber security protocols in place.
“If an EFB is installed, like on the Airbus A380, that device can’t be moved around or impacted as easily as a portable device. Someone would have to come to the aircraft and infect the system,” says AirInsight.
“On the other hand, the nice thing about Class 1 portable EFBs is that they’re not connected to the flight deck; there is still a human brain processing what the flight deck is saying and what the tablet is saying.”
Last week, at Aircraft Commerce magazine’s Aircraft e-enablement conference in London, Boeing chief engineer cabin and network solutions John Craig, noted that the aviation system “is extremely complex and there are lots of areas to address when it comes to cyber security”. His advice to airline chiefs is to ensure that they understand their entire systems, put in place incident response plans, develop a “security culture”, and develop and incorporate “advanced security features”.
While the above AirInsight survey results are somewhat shocking, AirInsight emphasizes that this is preliminary data and the results may change as the response rate rises.
Airlines are encouraged to participate in the survey. Anyone interested please make contact with AirInsight at this email address: info@Airinsight.com. All responses are treated with utmost confidentiality.