The Senate Committee on Commerce, Science and Transportation, and committee Democrats have said there is a need to invest in resilient and redundant information technology systems at airports and airlines to better protect against cybersecurity threats.
Last month, Sea-Tac International Airport was hit by a ransomware attack from the Rhysida Group, forcing the airport to shut down various computer systems, including its internal email and website. Gate display boards went dark, employees used paper signs to direct passengers to gates, airlines issued paper tickets and customers waited at baggage claim while airport staff manually sorted thousands of checked bags. The attack group, believed to be a Russian organization, has threatened to release personal identifiable information of airport employees unless the airport pays US$6m worth of Bitcoin ransom.
At a hearing on September 18, committee chair Senator Maria Cantwell said the aviation industry is under constant threat from cyberattacks, which are up 74% since 2020.
The committee heard testimony from Seattle-Tacoma International Airport aviation managing director Lance Lyttle regarding last month’s cyberattack, as well as Airlines for America managing director for cybersecurity Marty Reynolds, and National Consumers League (NCL) vice president of public policy, telecommunications and fraud, John Breyault.
Lyttle called for more information sharing. “Airports can learn from other airports,” he said. “We can also learn from the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency in terms of the information they are gathering and seeing out there, sharing this information immediately with the aviation industry.”
Breyault warned about the emerging threat of AI. “We are very concerned at NCL that the bar to entry for cyber thieves to conduct these ransomware attacks is really going to be dramatically lowered because of the ability of AI to make it easier for people – who may not have the same skill set you may have needed five or 10 years ago to commit a ransomware attack – to commit one. The number of threat actors out there, we fear, is only going to multiply. The kind of investment that we need in cybersecurity resiliency is more urgent now than ever.”
The European Union Aviation Safety Agency cited cybersecurity as one of the key risks to airport operations and passenger safety in its 2024 safety plan. Read more about it here.