Printed headline: Don’t Be The Weak Link
The aviation MRO industry could be vulnerable to cyberattacks—and given that this is a global, interconnected business that increasingly is becoming more digital—the pain could be felt by many—and quickly.
While the issue is “top of mind” and many experts are addressing it, “they feel a bit behind the learning curve,” according to Brian Prentice, an Oliver Wyman partner. “I think there is a bit of a rush to catch up, harden systems and understand where the risks and vulnerabilities may be,” he says.
To assess cybersecurity preparedness in the aviation aftermarket, the consultancy queried airlines, OEMs and aftermarket service providers as part of its MRO survey released last month.
While 67% of respondents believe their company is prepared to handle cybersecurity threats related to operations and maintenance, only 47% of all respondents indicated that their company had reviewed its security plan in 2017, while 19% said it had not. That means 34% said they were unsure if their company completed a review. Even if they all had said yes, that group of nearly 20% who had not reviewed their plans should concern the industry.
Why? Because the industry is only as strong as its weakest link.
One of the challenges will be understanding the vulnerabilities of the whole supply chain—airlines, manufacturers, suppliers and MROs, “as well as anyone who has access or interfaces with systems and/or components and/or aircraft. We need to understand the current state and have a clear framework for mitigating risks, and having as much process and control in place as possible,” says Prentice.
The aviation industry is built around a safety mindset; but now it is imperative to adopt a security mindset too. As we must be vigilant about safety breaches and reporting potential problems, the same holds true for potential security problems so they are mitigated efficiently and effectively.
Oliver Wyman’s survey found that having a cybersecurity strategy was the top safeguard for 68% of the OEMs, MROs and operators who responded. That is followed by cybersecurity training (49%), security standards for third-party vendors (39%), active monitoring of cybersecurity intelligence (41%) and hardening of communications networks (40%). Airlines generally scored higher than OEMs and MROs in each category—except for OEMs garnering a higher score for security standards for third-party vendors and hardening of communications networks. MROs ranked the highest for actively monitoring cybersecurity intelligence.
“By focusing on this and by putting attention at the highest levels, in 2019 we’ll be more prepared than we are in 2018,” says Prentice. This means 2018 could be the year of cybersecurity focus and upgrades (or cyber MRO).
We see cyber-breaches in our personal lives as retailers, restaurants and government agencies are hacked. Adopt a security mindset—it’s good for our personal and professional lives.