Cybercrime has become a significant issue and a real-time threat in the recent decades. Vulnerability towards digital infrastructure has been observed due to the rampant use of technology and increased dependence on data. Cybersecurity can be classified as more insidious than the already present physical and safety threats. The attackers of cybercrime can be present anywhere in the world and can attempt to strike at any time, thereby compromising the information systems and the operational technology. Ransomware and intelligence or spying objectives can be categorized as the two main reasons of cyber-attacks.

The digital era has essentially given rise to cyber-attacks in amongst almost all sectors. One of it being - the aviation industry.

Cybercrime and Aviation Industry
In the last few years, the aviation industry has been growing and evolving exponentially. The industry can be classified as one of the most necessary infrastructure, considering its global migration network and technological systems. In addition to this, it also interacts with other important subjects like defense and national security. Keeping in mind the nature of this sector, susceptibility to be struck down by various cybersecurity attacks is soaring, putting the air operations and data of the passengers at a huge peril.

Almost all aspects of aviation infrastructure are receptive to cyber threats. Cyber attackers have the capability to take advantage of the internet connectivity at airports and even Wi-Fi technology on-board aircraft in mid-flight and exploit and corrupt the systems thereby gaining unlawful and forced access to the data of the aviation industry. If successful, the attack leads to causing data breaches by having access to sensitive information and personal data of passengers. It may also generate air traffic disruptions, catastrophic accidents, and can even have a negative impact on safety and security of people and services.

Role of International Organizations
The civil aviation sector has a global interconnectivity of chains and arrangement. Aviation industry works on sophisticated and inter-related technology systems as a result of which computer systems and data of commercial airlines have become more vulnerable to cyber-attacks with the passage of time. Subsequently, to counter cyber-attacks and to be resilient in addressing them, the International Civil Aviation Organization (ICAO), an international agency of the United Nations (UN) responsible for aviation, has been set up to coordinate international cooperation.

The ICAO assists in analyzing the types of attacks and recommends and safeguards the aviation sector by implementing measures to counter cyber-attacks. It analyses the potential threats, weaknesses and vulnerabilities that can be exploited to achieve mischievous aims, so as to try and mitigate or prevent the cyber-attack. In October 2019, the ICAO published its "Strategy Report" to combat and acknowledge the threat to aviation cybersecurity, which highlighted the need for - international cooperation among states, accountability standards in the industry, fixed legislation and regulations, stringent cybersecurity policies, contingency plans to ensure continuity of services in case of a cyber-attack, and capacity building and training to withstand future attacks.

Similar to the ICAO, the International Air Transport Association (IATA) is a body which supports the airline industry against the ever-evolving cyber-security threat. In furtherance of this, the IATA promotes the industry-wide cybersecurity strategy in the aviation sector alongside the ICAO.

Nevertheless, Eurocontrol (a pan-European, civil-military organization dedicated to supporting European aviation) in July 2021 published a report showing that cyber-attacks across the aviation industry had risen from 2019 to 2020 in all threat categories, with 530% year-on-year rise. 61% of cyber-attacks in aviation industry in the year 2020 were targeted towards airlines. Furthermore, the data in EATM-CERT (European Air Traffic Management Computer Emergency Response Team) aviation cyber event map published by Eurocontrol shows that Ransomware, Data Breach, Phishing and Distributed Denial of Service (DDoS) Attack, were most type of attacks seen in the year 2020, 2021 and 2022.

Recent significant and biggest cyber-attacks on the aviation industry in India
The DDoS attack: On 8th April, 2023, Anonymous Sudan, a hacker group targeted six major Indian airports and launched a coordinated cyber-attack. Delhi, Mumbai, Hyderabad, Goa and Kochi airports were targeted specifically. The Distributed Denial of Service (DDoS) Attack lasted for 9 hours.

Ransomware Attack on SpiceJet: In May 2022, SpiceJet Airlines without disclosing the extent of the cyber-attack, reported that its system had faced an attempted ransomware attack due to which several aircrafts were delayed and passengers were stranded at airports. Even after SpiceJet had clarified that the situation had been rectified, the ransomware had an adverse effect causing disruptions to the airlines flight schedule even thereafter.

The SITA attack: On 19th March, 2021, Air India announced that their Passenger Service System, SITA, had succumbed to a highly sophisticated cyber-attack as a result of which personal data and information of 4.5 million Air India's passengers from August 2011 to February 2021 had been compromised and stolen.

Other passenger airlines like Finnair, Japan Airlines, Singapore Airlines, Malaysian Airlines, Lufthansa, and more who were associated with the Star Alliance Network (who is the client of SITA) were also affected by the attack.
These cyber-attacks are examples of how critical and dangerous these threats can be. If one analyses the statistics, majority of the cyber attacker's aim at stealing extremely sensitive data of passengers, like credit card information, passport details and such.

In a recent development, in India, on 13th March, 2023, the Parliamentary Standing Committee on Transport, Tourism and Culture asked the Ministry of Civil Aviation (MoCA) to set up an absolute mechanism to withstand cyber-attacks in the aviation sectore. Considering the increase in incidents of cyber-attacks in the aviation sector, the Committee was of the opinion that airlines are vulnerable to cyber security threats.

The Committee maintained that it would want to be informed of the measures taken by the Airport Authorities to counter cyber-attacks. In addition to this, the Committee also wanted the details of the 13 instances of cyber-attacks reported with Airport Authority of India (AAI) in the past five years and the action taken by the ministry against the same. Suggestions were also made to look into the possibility of adding a separate budget head to recognize the hardships with respect to cyber-security.

Legal Remedies
Cybercrime being a newly specialized field, there is no comprehensive cybersecurity legislation. To combat the ever rising issue of cybercrimes, India enacted the Information Technology Act, 2000 ("IT Act" or "Cyber Laws") to regulate the same. Thereby, entities must adhere to the various provisions of the IT Act as far as cybercrimes in India are concerned.

Under these laws, a victim of cybercrime has the right to pursue legal action against the attacker. Section 43A of the IT Act which was inserted by the amendment in 2008, includes fines and compensation for offences such as "damage to computer, computer systems and computer networks, etc", and gives the victim an opportunity to file a case to receive compensation for the harm suffered. Section 43A of the IT Act, 2000 states as follows:

Compensation for failure to protect data
43A. Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. […]"

Further, Section 65 of the IT Act states as follows:
Tampering with computer source documents

65. Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both."

Conclusion
With the rise of globalization and digital revolution, the aviation sector has been rapidly advancing towards adopting cyber technology in practically all its aspects. For every new advancement, cyber criminals have the opportunity to exploit the technology for reasons stated earlier. With time and modernization, airlines are facing a rising wave of cyber-attacks. To combat the sophistication of the cyber attackers, an adhesive consolidated method needs to be identified. Inadequacies in implementing cyber-security policies can lead to a downfall.

In addition to the already existing provisions of cybercrime laws in the IT Act as mentioned above, experts believe that to build a well-protected cybersecurity network for the aviation industry, international organizations like the International Civil Aviation Organization (ICAO) and International Aviation Transport Association (IATA) should make and implement stringent policies and strict regulations, along with overlooking onto the same, without which there would be relatively annihilating and unpleasant consequences.