​

AIRLINE TRAVEL has exploded in the past decade, and airlines have rapidly expanded their use of IP-based networks and consumer-facing technology. As e-ticketing, self-check-in, and schedule tracking tools have proliferated, so has the need to keep a sharp eye on IT risks.

Eighty-three percent of airlines said that the pressure to respond to IT threats is increasing, according to the second annual survey by the airline communications and IT firm SITA. That’s a slight increase over last year, when 80 percent expressed that concern.

Looking at IT in general, the survey showed that security has increased in importance. As in last year’s survey, it remains the top concern—listed by 78 percent of respondents this year, compared to 68 percent in the earlier questionnaire.

Over half of the 152 airlines surveyed in the Global Airline IT Security Survey offer online check-in, and 89 percent expect to offer it within the next two years. By then, 52 percent of airlines plan to provide self-boarding kiosks, and 76 percent intend to offer check-in via cell phone.

SITA also asked respondents to name areas (with a maximum of three) that they considered a priority in managing IT security over the next 12 to 24 months. Out of six common responses, the one with the largest positive shift over 2006 was “strategic consultancy to facilitate planning.” It scored 32 percent this year compared to 23 percent in the last survey.

The area of greatest concern was “evaluation of network vulnerabilities,” followed by “securing IP-enabled networks.”

The airline industry is already one of the world’s most security-conscious, says Mark Prince, SITA’s head of consulting for security, voice, and convergence. Prince says that the increased security focus could relate to the introduction of higher-tech planes. Both Boeing’s recently introduced 787 Dreamliner and Airbus’ planned A380 will contain more software applications than their predecessors.

On landing and take-off, each craft will require 10 to 15 megabytes of data, to be transported over the airport’s IP system, he says. Plane uploads will likely include maintenance diagnostics, flight path data, and any software updates. “Plane manufacturers and owners will need to get that data to the planes as soon as possible, especially if there’s some implication regarding flight crew or safety.

Report recommendations include improving organizational goals by creating a closer relationship between the boardroom and IT security executives. SITA also advises maintaining tight control over IT outsourcing arrangements and maintaining continued vigilance of security professionals. Other recommendations include instituting a more structured and frequent IT security review process.