A panel debating the increasingly important topic of cybersecurity at the 72nd IATA AGM in Dublin agreed that awareness of the potential for breeches was the starting point. Airlines have to make their plans on the assumption that they will suffer from a cyberattack.

Alan Pellegrini, President and CEO of Thales USA warned that as aircraft become more connected, so they become more vulnerable. “We need to get ahead now to prevent issues in the future,” he said.

Anja Kaspersen, Head of International Security at the World Economic Forum suggested that thinking like an attacker would be a “mind-opening” experience and provide the basis for a good cybersecurity strategy. That strategy should include a security operations center working 24/7, dealing with everything from such daily problems as forgotten passwords to high-level threats. Having that structure, it was advised, would allow an airline to constantly evolve its security processes.

And all agreed that security was a process and there was no silver bullet technology waiting in the wings that would nullify all attempts to hack into airline systems.

Calin Rovinescu, Air Canada’s President and CEO, said his carrier has a high awareness of the risks involved and was continuously looking at cybersecurity from as many angles as possible.

“You can never think you’ve done it,” he said. “We have benchmarked ourselves against financial institutions as well as other airlines. But next year and in five years’ time, it will be different. It is very dynamic.”

The key takeaway from the session was the need for partnership. The FBI’s Kurt Pipal candidly expressed a wish for an open, sharing environment, saying he didn’t want to be “met at the door by the Corporate Counsel” when investigating cybersecurity issues.

“Anyone could hold the critical piece of information so it is crucial to share,” concluded Major General Linda R. Urrutia-Varhall. “It is the only way to figure out the threat and get to grips with the problem.”