The cyber threat against the Danish aviation sector

The purpose of this threat assessment is to provide an outline of the cyber threat to the Danish aviation sector. The assessment can form part of the sector’s risk assessment efforts. Target audiences of the threat assessment are executives and IT staff working in Danish air traffic control and aviation authorities, airports, airline companies, and sub-suppliers to aircraft manufacturers.

Key assessment:

The threat from cyber crime against the Danish aviation sector is VERY HIGH, reflecting the general cyber threat level against Denmark. As a result, private companies and public authorities in the Danish aviation sector will highly likely become targets of cyber crime attempts.

The threat from cyber espionage against the Danish aviation sector is VERY HIGH, meaning that private companies or public authorities in the Danish aviation sector are highly likely to become targets of cyber espionage attempts.

The threat from cyber activism has been raised from LOW to MEDIUM. The CFCS has raised the threat level due to activist cyber attacks against European NATO countries triggered by the war in Ukraine. It is possible that pro-Russian hackers in particular will be focusing their efforts on targets in Denmark, including in the aviation sector.

The threat from destructive cyber attacks against the Danish aviation sector is LOW. However, the Danish aviation sector may be affected by destructive cyber attacks abroad.

The threat from cyber terrorism against the Danish aviation sector is NONE.

Revision history:

The threat assessment was first updated in June 2020 with changes to the chapter on cyber terrorism following a raising of the threat level in the annual national threat assessment the ”Cyber threat against Denmark” published in 2020, and the addition of a threat level to the chapter on destructive cyber attacks. No other changes were made to the June 2020 edition.

The threat assessment was re-updated in September 2021 with adjustments to the chapter on cyber espionage. The threat level of cyber espionage was raised to VERY HIGH. No other changes were made to the September 2021 edition.

The threat assessment was updated in June 2022 with adjustments to the chapter on cyber activism in consequence of the raising of the cyber activism threat level as outlined in the CFCS assessment ”The CFCS raises the threat level of cyber activism against Denmark from LOW to MEDIUM” published on n 18 May 2022.

The most recent update was made in March 2023 with an added note to reflect that CFCS raised the threat level for cyber activism from MEDIUM to HIGH. The rest of the threat assessment remain unchanged. No other changes have been made to the present edition.