AM EDITORIAL: Need For More Training, Measures Against Cyber-security Threats In Africa’s Aviation Sector

“Its worth to note that the latest concern in the industry is cyber-security. With increasing reliance on digital platform, cyber security threats are becoming a major concern, requiring proactive cyber-security measures.”

These were the words of Dr. Harold Demuren, former Director-General, Nigeria Civil Aviation Authority (NCAA) and President, ICAO 37th General Assembly. In his keynote speech at Aviation Security High-Level Stakeholders’ Symposium with the theme, “Fundamentality Of Aviation Security In Achieving The Safe-Skies Goal”, organized by NCAA, Demuren noted that “we now live in a time where there are new and emerging threats to civil aviation” that pose significant risks to civilian aircraft due to potential threats. He stated that terrorists are usually ahead and have edge over security operatives because they spend enough time to plan and train, have enough money and are ready to die, and recommended training and capacity building as part of the major solutions.
We see two major needs for cyber-security knowledge and consciousness. They are humanly generated insider threats and systems’ compromise or manipulation. There is a new AI Generator that emerged a few weeks ago, which develops semblance of existing humans carrying out actions that they may never have done. This is an example of a potential threat to authenticity and integrity of information involving humans. Even organizations may soon be vulnerable.

Today, people have different religious beliefs, political differences, money problems and outright greed. In Africa particularly, joblessness has also become a major issue.

With advancements in positive technological inventions, so many threats have been developed. They include Malware (Malicious Softwares) designed to harm or exploit computer systems, networks, or users; Viruses, a malicious code that attaches itself to a host programme and spreads when the infected programme is executed, for instance, opening an infected file.

There are also Worms, a self -replicating malware that can spread across networks without needing a host programme or user intervention, capable of consuming bandwidth and resources, causing system slowdowns; Trojans, malicious programmes disguised as legitimate software and can perform various harmful activities, such as stealing data, installing backdoors, or granting unauthorized access once executed.

There is also Ransomware, a malware that encrypts a victim’s files and demands a ransom (usually in crypto-currency) for their decryption, capable of crippling individuals and organizations; Spyware, which secretly monitors a user’s computer activity without their knowledge and can collect sensitive information like browsing history, passwords, and financial details; Adware, an aggressive advertising software which is sometimes less overtly malicious and can be intrusive, displaying unwanted advertisements, redirecting browsers, and sometimes bundling other unwanted software.

According to Information Security Consultant, Engr. Yakubu Usman of Nigeria College of Aviation Technology, Zaria, insider threats include Phishing and Social Engineering that manipulate people into divulging confidential information or performing actions that

compromise security. Deceptive emails, messages, or websites are used to trick individuals into revealing sensitive data like passwords, credit card numbers, or personal identification information. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks, aim to disrupt the availability of a service, website, or network by overwhelming it with a flood of traffic or requests, making it inaccessible to legitimate users. An attacker here can use a single computer to send a large number of requests to a local business’s website causing it to slow down or crash. This could also be launched from a multiple compromised devices, spread across different locations, making it harder to block the attack source.

There is also Man-in-the-Middle (MitM) Attack where an attacker intercepts communication between two parties without their knowledge, following an eavesdrop on communication or stealing of data.

SQL Injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field such as a login form for execution and if the application’s input validation is weak, the attacker can gain unauthorized access to the database, modify data, or even execute commands on the server.

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts (usually JavaScript) into websites viewed by other users and when a victim visits the infected page, the script executes in their browser, potentially stealing cookies, redirecting them to malicious sites, or defacing the website.

These and several other emerging threats call for establishment of cyber security controls in form of human collaborations, systems administrative processes and human capacity building. Airports and other aviation organizations across Africa require  Surveillance Systems (CCTV) Cameras and recording equipment used to monitor activities and provide visual evidence in case of security breaches, Biometric Scanners that use unique biological characteristics such as fingerprints and facial recognition to control access, Security Awareness Training involving education of users about security threats, Best Practices, and Organizational Security Policies to help stakeholders recognize and avoid security risks, Risk Assessment and Management involving process of identification of potential security risks, analyzing their likelihood and impact, and implementing controls to mitigate those risks, Incident Response Planning involving development of a documented plan that outlines the steps to be taken in the event of a security incident such as data breach and malware infection, including identification, containment, eradication, recovery, and lessons learned.

The threats to civil aviation that need to be countered by cyber-security measures include persons, weapons, drugs trafficking, contraband goods conveyance, chemical threats and cyber-attacks in form of biological and radiological threats from violent extremism in form of  perimeter breaches, unruly behaviour and airport disruptions, communication of false information, Man Portable Air Defense (MANPADs) and conflict zones risks.

This period in the history of Africa’s air transport is not a time to compromise enforcement of constant profiling, regular background checks, adequate remuneration, timely payment of salary, training and capacity building and timely sharing of Sensitive Security Information (SSI).

Aviation security is the responsibility of everyone and continuous training and awareness in oversight and implementation agencies must be prioritized.

It is also very important to  solidify continuous collaboration and cooperation among the security agencies involved in the aviation sector to avoid  rivalry that destroy the synergy required in mitigating the threat against civil aviation.AM

Spread the love
Avatar photo

Albinus Chiedu

Albinus Chiedu is a journalist, aviation media consultant, events management professional, and author. He has practiced journalism since 2000.

AM EDITORIAL: Airlines’ Financing Constraints Being Tackled In Nigeria

AM EDITORIAL: A Nigerian Senator As An Unruly Passenger?

AM EDITORIAL: What Nigeria’s Government Can Still Do To Help Aviation Industry Growth

AM EDITORIAL: How Collaboration, Cooperation, Synergy Can Improve Nigeria’s Aviation Security

AM EDITORIAL: Respect For Institutional Processes, Standards In Nigeria’s Aviation Industry

AM EDITORIAL: Alternative Aviation Fuel In Africa?

Leave a Reply

Your email address will not be published. Required fields are marked *