As Nigeria’s aviation sector embraces digital transformation, from online bookings to remote tower operations and airport IoT infrastructure, the risks of cyberattacks are becoming more pronounced. But in the face of these growing threats, a crucial question arises: Are aviation regulators, airport authorities, and airlines investing adequately in cybersecurity training, monitoring, and incident response?
Globally, the aviation industry has suffered several high-profile cyber incidents that have served as wake-up calls. In 2020, British budget airline EasyJet revealed a breach affecting over 9 million passengers. The same year, a ransomware attack targeted SITA, a major IT service provider to airlines, compromising sensitive data from carriers worldwide, including Air India and Lufthansa.
While Nigeria has not yet recorded a large-scale public cyber breach in aviation, experts warn that vulnerabilities abound. The increasing reliance on digital platforms for passenger check-ins, baggage systems, aircraft maintenance logs, and flight planning creates multiple potential entry points for cybercriminals.
FAAN’s Role in Cybersecurity Infrastructure
The Federal Airports Authority of Nigeria (FAAN), responsible for managing the country’s airports, has gradually deployed digital tools to enhance passenger processing, security screening, and operational logistics. However, cyber resilience in its infrastructure remains uneven. While some airports have basic firewall and malware protection, there is limited evidence of a centralized cybersecurity operations center or a sector-wide early warning system for detecting cyber threats in real-time.
Security experts say FAAN needs to go beyond hardware procurement and invest in staff training, periodic vulnerability assessments, and robust incident response protocols to defend against increasingly sophisticated attacks.
NCAA’s Oversight and Regulatory Mandate
The Nigerian Civil Aviation Authority (NCAA), the sector’s primary regulator, holds a critical mandate to enforce safety and security standards, including cybersecurity. In line with the International Civil Aviation Organization’s (ICAO) guidelines, the NCAA has issued advisories urging stakeholders to prioritize cyber risk assessments and adopt mitigation measures.
However, implementation remains weak across many operators. Most airlines and airport concessionaires reportedly lack internal cybersecurity policies or designated Chief Information Security Officers (CISOs). Routine audits for digital safety are still rare, raising concerns about compliance enforcement and preparedness.
“The NCAA must do more than issue guidelines. It must enforce them with measurable benchmarks and penalties for non-compliance,” says a senior ICT consultant in the aviation sector.
Airlines and the Vendor Risk Factor
Local carriers such as Air Peace, Ibom Air, and others are increasingly dependent on web-based booking engines, digital payment systems, and electronic flight bag (EFB) tools used by pilots. While these systems offer operational efficiency, many are outsourced to third-party vendors, raising the issue of supply chain cybersecurity risk.
A breach in a vendor’s system could easily cascade into airline operations, compromising passenger data, disrupting flights, or even endangering safety. Industry watchers warn that airlines must now carry out regular third-party security audits, conduct penetration tests, and train staff to recognize phishing, spoofing, and other social engineering attacks.
A Sector at Risk, A Sector with Opportunity
The aviation industry is one of 16 critical infrastructure sectors globally classified as high-risk targets by cybersecurity authorities. Yet, in Nigeria, cybersecurity investment has not matched the level of digital adoption in aviation.
With the federal government pushing for a $1 trillion economy and growing aviation’s contribution to GDP, experts say there must be deliberate budgetary allocations to enhance cyber resilience. This includes:
- Establishing a National Aviation Cybersecurity Coordination Centre.
- Ensuring cross-agency collaboration with the Office of the National Security Adviser (ONSA) and Nigerian Computer Emergency Response Team (ngCERT).
- Mandating cyber incident drills involving FAAN, NCAA, airlines, and other stakeholders.
Nigeria’s aviation sector is at a crossroads. The benefits of digital transformation are clear, but without adequate cybersecurity infrastructure, training, and governance, the industry risks becoming a soft target for cybercriminals.
For FAAN, NCAA, and airlines alike, the time to act is now. Cybersecurity must be viewed not just as an IT concern, but as a strategic pillar of aviation safety and national security.
Until then, the industry remains digitally exposed—flying high, but not yet fully secured.
Stay informed, stay ahead with The Ameh News
Discover more from Ameh News
Subscribe to get the latest posts sent to your email.
