Aviation regulators and industry officials are calling for
greater coordination between governments and airlines to protect
global flying from cyberthreats amid concern that national efforts
could create vulnerabilities in a global industry.
Ministers in charge of security from European Union member
states, during a meeting in Luxembourg on Thursday, were briefed on
aviation cybersecurity concerns by the head of the European
Aviation Safety Agency, a European Union spokesman said.
The meeting comes just weeks after LOT Polish Airlines
operations at its Warsaw Chopin Airport hub were disrupted last
month by what the carrier said was a cyberattack on its flight
planning computers. Ten flights were canceled and other
delayed.
Aviation regulators and industry officials around the world are
studying the risks to commercial flying from potential
cyberattacks. The U.S. Federal Aviation Administration, Britain's
Civil Aviation Authority and the French aviation regulator are
among those looking into potential vulnerabilities on the ground
and in the air.
Tony Tyler, director general of the International Air Transport
Association on Thursday said that regulators need to share
information beyond their own borders.
"It is not acceptable that one airline may have access to
information and best practices regarding appropriate cyber measures
and potential vulnerabilities, while another carrier doesn't,
simply because it is based in a different country," he said
according to his prepared remarks at the Civil Aviation Cyber
Security Conference in Singapore.
Some regulators have already started working together. France
and the U.K. are exchanging information on cybersecurity concerns,
said Eric Plaisant, deputy for security at the French civil
aviation authority DGAC.
The European Aviation Safety Agency also held a cybersecurity
workshop in May. The participants, that included European Union
representatives, those from member states and industry, concluded
that "cybersecurity incidents are increasing in frequency and
magnitude, and becoming more complex," the Cologne-based
organization said.
Countries have historically struggled to share often sensitive
threat information to commercial aviation. The shooting down of
Malaysia Airlines Flight 17 over eastern Ukraine occurred after
some airlines avoided the region. Since then the International
Civil Aviation Organization, the United Nations' air safety arm,
has set up a mechanism for greater information exchange between
countries.
Mr. Tyler said the downing of Flight 17, which killed all 298
people onboard, showed that "the significant risks of not sharing
information demand more progress in this area."
A recent report provided to IATA by a cybersecurity firm
suggested "airlines are the highest value target for swindlers and
close to 50% of all phishing attempts are made against airlines and
airline passengers," Mr. Tyler said.
The trade group that represents more than 200 carriers operates
a clearinghouse for airline ticketing that processes more than $388
billion worth of transactions a year. Mr. Tyler said that, in
March, the organization blocked 80,000 suspicious connections to
its computer systems a day and was subjected to five "brute
forcing" attempts to connect to its accounts.
An Air France official said the carrier has also seen attempts
to penetrate its reservation systems.
Write to Robert Wall at robert.wall@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires