Havacılık Altyapısına Yönelik Siber Saldırılar: Olaylar Ve Gelecekteki Riskler

Öz

Havacılık altyapısına yönelik siber tehditler arttıkça havacılıkta siber güvenlik en önemli endişe haline gelmiştir. Siber saldırılar, uçuş programlarını bozmak, yolcu güvenliğini tehlikeye atmak ve hassas verileri ifşa etmek için veri ihlallerinden, fidye yazılımlarından ve hizmet reddi (DoS) saldırılarından havayollarının, hava trafik kontrolünün ve havalimanı operasyonlarının operasyonel sistemlerini hedef alabilmektedir. Havacılık sektöründeki siber saldırıların dikkate değer vaka çalışmaları arasında, önemli kesintilere neden olan ve bazı uçuşları ve bilet satışlarını geçici olarak askıya alan 2024'teki Japan Airlines'a yönelik DDoS saldırıları yer almaktadır. Bu son olay, havacılık altyapısının kırılganlığını ve gelecekte daha da ciddi saldırılar olasılığını vurgulamaktadır. Yapay zeka ve gelişmiş kalıcı tehditler (APT'ler) gibi giderek daha karmaşıklaşan saldırılar, havacılık sektörünün sağlam ve dinamik siber güvenlik stratejileri benimsemesini gerektiriyor. Bu stratejiler, gerçek zamanlı tehdit tespiti, proaktif güvenlik açığı yönetimi ve temel mevzuat hazırlığı, teknik eğitim ve küresel hava taşımacılığı ağlarını korumak için uluslararası iş birliğini içermelidir. Bu makale, havacılık siber güvenliğinin mevcut durumu, havacılık sistemlerini hedef alan çeşitli siber saldırı türleri, yaşanan olaylar, bunların etkileri ve gelişen siber tehditlerin oluşturduğu gelecekteki riskleri analiz eder ve havacılık altyapısına yönelik gelecekteki riskleri azaltmak için temel stratejileri ana hatlarıyla belirlemektedir.

Anahtar Kelimeler

• Havacılık Altyapısı
• Havacılık Emniyeti
• Siber Saldırılar
• Olay Analizi
• Risk Değerlendirmesi.

CYBER ATTACKS ON AVIATION INFRASTRUCTURE: ANALYZING INCIDENTS AND ASSESSING FUTURE RISKS

Abstract

The aviation industry’s increasing reliance on digital technologies has increasingly become the target of cyberattacks that can have devastating effects on safety and operational efficiency. Cybersecurity in aviation has become a top concern as cyber threats to aviation infrastructure increase. Cyberattacks can target operational systems of airlines, air traffic control, and airport operations, from data breaches, ransomware, and denial-of-service (DoS) attacks to disrupt flight schedules, compromise passenger safety, and expose sensitive data. Notable case studies of cyberattacks in the aviation industry include the DDoS attacks on Japan Airlines in 2024, which caused significant disruptions and temporarily suspended some flights and ticket sales. This recent incident highlights the fragility of aviation infrastructure and highlights the potential for even more serious attacks in the future. Increasingly sophisticated attacks such as artificial intelligence and advanced persistent threats (APTs) require the aviation industry to adopt robust and dynamic cybersecurity strategies. These strategies should include real-time threat detection, proactive vulnerability management, and basic regulatory preparation, technical training, and international collaboration to protect global air transportation networks. This article provides an analysis of the current state of aviation cybersecurity, discusses various types of cyberattacks targeting aviation systems, analyzes major incidents, their impacts, and future risks posed by evolving cyber threats, and outlines key strategies to mitigate future risks to aviation infrastructure.

Keywords

• Aviation Infrastructure
• Aviation Safety
• Cyber Attacks
• Incident Analysis
• Risk Assessment.

References

1. “Air Traffic Management: A Cybersecurity Challenge”, Eurocontrol, 2021, https://www.eurocontrol.int/sites/default/files/2021-12/eurocontrol-atm-cybersecurity-report.pdf, 20.03.2025.
2. Aslay, Fikret, "Siber Saldırı Yöntemleri ve Türkiye’nin Siber Güvenlik Mevcut Durum Analizi", International Journal of Multidisciplinary Studies and Innovative Technologies, v. 1, no. 1, 2017, p. 24-28.
3. Claburn, T., "Airline Software Super-Bug: Flight Loads Miscalculated Because Women Using ‘Miss’ Were Treated as Children", The Register, April 8, 2021, https://www.theregister.com/2021/04/08/tuisoftwaremistake/, Date of Access: 03.03.2025.
4. Duchamp, H. / Bayram, I. / Korhani, R., "Cyber-Security, a New Challenge for the Aviation and Automotive Industries," in Seminar in Information Systems: Applied Cybersecurity Strategy for Managers, 2016, p. 1–4. https://blogs.harvard.edu/cybersecurity/files/2017/01/Cybersecurity-aviation-strategic-report.pdf/, Date of Access: 12.03.2025.
5. Elmarady, Ahmed Abdelwahab / Rahouma, Kamel, "Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment", Digital Object Identifier, v. 9, 2021.
6. Freiherr, G., "Will Your Airliner Get Hacked?", Smithsonian Magazine, 2021, https://www.smithsonianmag.com/air-space-magazine/will-your-airliner-get-hacked-180976752/, Date of Access: 15.03.2025.
7. Gramatica, M. D. / Massacci, F. / Shim, W. / Tedeschi, A. / Williams, J., "It Interdependence and the Economic Fairness of Cybersecurity Regulations for Civil Aviation," IEEE Security & Privacy, v. 13, no. 5, 2015, p. 52–61.
8. Gürkaynak, Muharrem / İren, Adem Ali, "Reel Dünyada Sanal Açmaz: Siber Alanda Uluslararası İlişkiler", Süleyman Demirel Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi, C. 16, S. 2, 2011, s. 263-279.

9. Haass, J. / Sampigethaya, R. / Capezzuto, V., "Aviation and Cybersecurity: Opportunities for Applied Research", TR News, v. 304, 2016, p. 39.
10. Hardcastle, J. L., "‘Russian Hacktivists’ Brag of Flooding German Airport Sites", The Register, February 17, 2023, https://www.theregister.com/2023/02/17/german_airport_websites_ddos/, Date of Access: 12.12.2024.
11. “ICO fines British Airways £20m for data breach affecting more than 400,000 customers”, Information Commissioner’s Office, October 2020, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers/.
12. Kagalwalla, N. / Churi, P. P., "Cybersecurity in Aviation: An Intrinsic Review," in Proceedings of the 2019 5th International Conference On Computing, Communication, Control And Automation (ICCUBEA), Pune, India, 19–21 September 2019, p. 1–6.
13. Koroniotis, N. / Moustafa, N. / Schılıro, F. / Gauravaram, P. / Janicke, H., "A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports", IEEE Access, v. 8, 2020, p. 209802–209834.
14. Kurnaz, Salim / Önen, S. Mustafa, "Avrupa Birliği’ne Uyum Sürecinde Türkiye’nin Siber Güvenlik Stratejileri", International Journal of Politics and Security, v. 1, no. 2, 2019, p. 82-103.
15. "Japan Airlines Systems Back to Normal After Cyberattack Delayed Flights", Reuters, December 26 2024, https://www.reuters.com/technology/cybersecurity/japan-airlines-systems-hit-by-cyberattack-ntv-says-2024-12-26/, Date of Access: 12.01.2025.
16. Lykou, G. / Anagnostopoulou, A. / Grıtzalıs, D., "Implementing Cyber-Security Measures in Airports to Improve Cyber-Resilience", in Proceedings of the 2018 Global Internet of Things Summit (GIoTS), Bilbao, Spain, 4–7 June 2018, p. 1–6.
17. “Major Cyber Attack Disrupts Holiday Season Flights at Japan Airlines,” Euro News, December 26 2024, https://www.euronews.com/business/2024/12/26/major-cyber-attack-disrupts-holiday-season-flights-at-japan-airlines/, Date of Access: 10.04.2025.
18. Mukhopadhyay, A. / Jaın, S., "A Framework for Cyber-Risk Insurance Against Ransomware: A Mixed-Method Approach," International Journal of Information Management, v. 74, 2024, p. 102724, https://doi.org/10.1016/j.ijinfomgt.2023.102724/, Date of Access: 01.15.2025.
19. Paganini, P., "Cyber Threats Against the Aviation Industry", InfoSec Institute, 2014, https://resources.infosecinstitute.com/topic/cyber-threats/, Date of Access: 19.09. 2024.
20. Paganini, P., "Istanbul Ataturk International Airport Targeted by a Cyber-Attack," Security Affairs, 2013, https://securityaffairs.co/wordpress/16721/hacking/istanbul-ataturk-international-airport-targeted-by-cyber-attack.html/, Date of Access: 14.12.2024.
21. Pash, C., "Cyber Security Is Being Tightened at Australian Airports After an Identity Card Data Hack", Business Insider Australia, July 2018, https://www.businessinsider.com.au/identity-card-data-hack-data-breach-australian-airports-2018-7/, Date of Access: 18.01.2025.
22. Rindskopf, A., "Juvenile Computer Hacker Cuts Off FAA Tower", Irational.org, March 1998, http://www.irational.org/APD/CCIPS/juvenilepld.htm/, Date of Access: 12.12.2024.
23. Security and Facilitation Strategic Objective: Aviation Cybersecurity Strategy, International Civil Aviation Organization (ICAO), 2019, https://www.icao.int/cybersecurity/Documents/AVIATIONCYBERSECURITYSTRATEGY.EN.pdf/, Date of Access: 06.03.2025.
24. "Swiss-Based Airport Services Firm Suffers Ransomware Attack," Swissinfo, February 4 2022, https://www.swissinfo.ch/eng/sci-tech/swiss-based-airport-services-firm-suffers-ransomware-attack/47321738/, Date of Access: 05.01.2025.
25. Teichmann, F. M. J. / Sergi, B. S., / Wittmann, C., "The Compliance Implications of a Cyberattack: A Distributed Denial of Service (DDoS) Attack Explored", International Cyber Law Review, v. 4, 2023, p. 291–298, https://doi.org/10.1365/s43439-023-00090-1/, Date of Access: 12.03.2025.
26. Varshney, G. / Kumawat, R. / Varadharajan, V. /Tupakula, U., /Gupta, C., "Anti-Phishing: A Comprehensive Perspective", Expert Systems with Applications, v. 238, 2024, p. 122199, https://doi.org/10.1016/j.eswa.2023.122199/, Date of Access: 12.03.2025.
27. Wolf, M. / Mınzlaff, M. / Moser, M., "Information Technology Security Threats to Modern E-Enabled Aircraft: A Cautionary Note", Journal of Aerospace Information Systems, v. 11, 2014, p. 447–457.
28. Zamorano, M. / Fernández-Laso, M. C., / Curiel, J. de Esteban, "Smart Airports: Acceptance of Technology by Passengers", Cuadernos de Turismo, v. 45, 2020, p. 567–570.
29. Zetter, K., "Feds Say that Banned Researcher Commandeered a Plane", Wired, May 2015, https://www.wired.com/2015/05/, Date of Access: 15.01.2025.