Cyber Incident Victim: רשות שדות התעופה בישראל
Date:
Jan 2020
Location:
Israel
Summary
Cyberattacks targeted an Israeli international airport and the aircraft of visiting world leaders during a high-profile diplomatic event, aiming to disrupt flight paths for over 60 planes carrying heads of state. The attacks, originating from Iran, China, North Korea, Russia, and Poland, involved at least 800 distinct attempts but were all successfully repelled by national cyber defenses. Preparations for the event included specific countermeasures against such threats, leveraging prior security enhancements that placed aviation infrastructure under a centralized cyber authority's protection. A dedicated initiative focused on aviation cybersecurity, operational since 2017, contributed to mitigating risks through research, international collaboration, and specialized personnel training.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
Between January 20-23, 2020, during Israel's hosting of the World Holocaust Forum in Jerusalem, the Israel Airports Authority faced a concentrated wave of cyberattacks targeting Ben Gurion International Airport and the aircraft transporting visiting world leaders. Over 800 distinct cyberattacks occurred on January 23 alone, coinciding with the arrival flights of more than 60 heads of state, including US Vice President Mike Pence and Russian President Vladimir Putin. The attacks originated from threat actors in Iran, China, North Korea, Russia, and Poland, according to Israeli cyber defense officials. The primary objective was to disrupt critical aviation systems, specifically aiming to interfere with the flight paths of the dignitaries' aircraft through compromise of airport networks and onboard systems. All attacks were successfully neutralized by Israel's cyber defenses without operational disruption to air traffic or diplomatic activities.
The incident response leveraged extensive preparatory measures implemented for the high-security diplomatic event. Israel's National Cyber Security Authority (NCSA), operating under the Prime Minister's Office, had activated enhanced protective measures following a January 12, 2020 cabinet decision placing aviation infrastructure under its direct oversight. This coordination enabled real-time mitigation of the attacks through the "Hercules" aviation cybersecurity initiative launched in 2017. The Hercules framework provided threat modeling, specialized personnel training, and international collaboration mechanisms specifically designed to counter aviation cyber threats. No system breaches or flight deviations occurred, though the scale of attacks highlighted vulnerabilities in networked aviation systems including air traffic control, airport operations, and aircraft navigation. The incident accelerated implementation of Hercules-developed protocols for pilot training and emergency response procedures during cyber-physical threats to flight operations.