Drawing inspiration from the latest cyberattack, this time targeting the Australian airline Qantas (see AVIONEWS), a much broader threat landscape to the air transport sector is taking shape: the FBI has indeed turned the spotlight on groups such as Scattered Spider, responsible for already targeting several North American carriers. However, attention now shifts to a far more critical scenario: what would happen if these digital threats struck the beating heart of the system, the air traffic control centers, combining with technical failures and unforeseen events that already put the sector's resilience to a severe test?

If already known and problematic events such as fires (see AVIONEWS), technical malfunctions (see again AVIONEWS and related links), radar data transmission failures, defects and criticalities (see AVIONEWS 1) or even solar storms (as seen in Sweden in 2015) were to be combined with targeted cyberattacks on IT providers, subcontractors, or directly on air traffic management entities (European or global), the potential impact on air traffic would be unprecedented in scale.

Past incidents such as those at Milan-Linate (radar system failure, links above, Editor's note), Nats Swanwick in Hampshire (software failure), Deutsche Flugsicherung in Langen, Germany (software issue), and France (IT system and communication failure in 2019), severely compromised air traffic in several key control areas with repercussions also on connections with Spain and the United Kingdom, have already demonstrated the intrinsic fragility of complex and interconnected systems. These events, despite being "only" failures or malfunctions, caused airspace closures, flight cancellations lasting days, and enormous disruptions for millions of passengers. Economic damages resulted.

A cyberattack, especially if conducted by sophisticated groups, could not only replicate these disruptors but exponentially amplify them. Imagine scenarios where:

- Air traffic control systems are blocked or manipulated: no longer a mere malfunction, but an intentional interruption that could jeopardize flight safety or render traffic management impossible.

- Air-to-ground communications are interrupted or falsified: pilots could lose contact with controllers or receive erroneous information.

- Radar data is corrupted or inaccessible: controllers would lack a clear picture of the air situation.

- Backup systems are compromised: if attacks also targeted reserve systems (in cases of “duplication of the same vulnerable system” rather than true redundancy), recovery would be extremely slow or impossible.

- Global cascading effect: given the interconnection of air traffic management systems across Europe and worldwide, an attack in one region could quickly propagate, paralyzing vast airspace areas and triggering a domino effect on airports and airlines globally.

In summary, the situation would escalate from "local" and "temporary" disruptions to a potential extended and prolonged paralysis of air transport, with devastating economic consequences, significant safety issues, and enormous social impact on the mobility of people and goods.

How to protect against this? What measures should authorities implement? To mitigate these risks and reinforce the global air system’s resilience, national and international authorities (such as Enav in Italy, Nats in the UK, Eurocontrol at the European level, and ministerial and security bodies) should urgently implement the following measures:

1) True system redundancy: mere duplication of the same system is not enough. It is crucial to have backup systems that differ in architecture, software, and infrastructure so that an attack or failure affecting the primary system cannot easily compromise the backup as well. This also includes diversification of IT suppliers.

2) Regular testing and emergency simulations: frequently conduct exercises and simulations that include cyberattack scenarios, complex failures, and communication interruptions. These tests should involve all stakeholders (controllers, pilots, ground personnel, cybersecurity teams) to evaluate response readiness and identify weaknesses.

3) Greater automation in emergency responses: develop and implement systems capable of automatically reacting to certain anomalies or attacks, isolating threats, and activating emergency procedures with minimal human intervention, thereby reducing reaction times.

4) Strengthened collaboration and information sharing:

- Among air traffic control centers: encourage immediate and structured cooperation between different control centers (also at the European and global level) to redistribute traffic during critical moments, relieving affected areas.

- Between authorities and the private sector: create rapid and effective channels for sharing cyber threat intelligence among government agencies (FBI, national cybersecurity agencies), civil aviation authorities, and airlines, including their IT providers.

- Shared security standards: develop and enforce rigorous and uniform cybersecurity standards for all actors in the aviation sector, including subcontractors and critical service providers.

5) Continuous investments in cybersecurity: allocate significant resources to personnel training, updating cybersecurity defense technologies, and researching new solutions to counter increasingly sophisticated threats.

6) Supplier risk assessments: authorities and airlines must conduct thorough cybersecurity evaluations of all suppliers and subcontractors with access to critical systems, ensuring they also meet high standards.

Only a holistic and proactive approach, considering cybersecurity as a fundamental pillar of flight safety, can protect air traffic from a future that is increasingly complex and threatened.

2) The end