Cybersecurity has rapidly emerged as one of the most pressing concerns for the business aviation sector, reflecting broader trends across various industries. With the stakes at hand considerably high, industry experts are sounding alarms about the increasing frequency and sophistication of cyber threats. Diego Magrini, co-founder of NERD.aero, emphasizes the importance of safeguarding data, encouraging stakeholders to regard cybersecurity less as the work of shadowy figures and more as integral to their operations. When we think about cybersecurity, a lot of people think about the guys in the hoodies behind the screen somewhere in the basement. But, we need to think about safeguarding our data, anything we have which is digital, he notes.
According to Josh Wheeler, senior director at Satcom Direct, the threat is ever-evolving. The cybersecurity threats for business aviation are constantly changing, he asserts, highlighting the concerning trend of over five billion malware attacks reported last year alone. Shockingly, Satcom Direct blocks around 10,000 attempted malware attacks daily on its customers' assets, underscoring the vulnerabilities within this domain.
Maxim Schelfhout, CEO of Skylegs, another significant player, points out the risks tied to the sensitive information frequently exchanged within business aviation. This sensitive information can be used against the company, the individuals working for the company or the passengers, he elaborates, stressing the need for stringent security protocols. With many aviation operations involving informal communication methods like WhatsApp or Telegram, the potential exposure of personal and operational data to hackers becomes alarmingly viable.
This casual approach to data transmission poses significant risks. Magrini warns, When I speak about information security, I strongly emphasis ... it’s really the human aspect. The human factor encompasses the need for proper training and awareness, urging companies to integrate cybersecurity training programs within their human resources policies.
While modern operations thrive on web-based technologies, the industry must recognize the risks of inefficient data management practices. Magrini explains, Modern operations have become very efficient by relying on web-based and connected technologies. If any of these software fail, it has a large impact on the safe operation of the flight.
Wheeler elaborates on the variety of cyber threats operators face, including social engineering tactics like phishing. Social engineering is still a common strategy, using cheaply acquired software readily available online to manipulate user behavior, he explains. Phishing schemes continue to rise, employing fraudulent emails and deceptive tactics, making everyday users vulnerable.
The average cost of cyber data breaches reached approximately US$4.45 million in 2023, excluding reputational damage. Wheeler points out the sobering statistic of the average detection time for these breaches, which can be as long as four months. With 53% of users not changing their passwords regularly and 57% openly writing them down on sticky notes, vulnerabilities multiply rapidly. Wheeler adds, While these numbers do not represent pure aviation incidents, it’s important to understand if your airframe is connected to your organization’s internal network ... your passengers are as vulnerable on the aircraft as if they were sitting in a coffee shop.
He warns operators about the dangers of connecting unsecured devices to public Wi-Fi, admitting, This is when malware can be downloaded and subsequent threats released. Employees who routinely overlook unusual emails or fail to verify attachments risk exposing their company to dire threats.
For effective cybersecurity measures, Wheeler advises aviation organizations to fuse their efforts with connectivity providers to lower risk. There is no one size fits all, he cautions, noting the importance of industry-specific solutions. Operators should establish cyber-specific policies within their standard operating procedures (SOPs) to cultivate a security-first mindset.
He also suggests simple password prerequisites. Using passwords to protect cabin Wi-Fi is obvious, Wheeler mentions, asserting many operators neglect this simple defense under perceived inconvenience to passengers.
Magrini believes cybersecurity training needs to engage more effectively. He states, We are working on building training modules together with dispatch and other aviation academies. It’s pivotal for training to resonate with aviation personnel and operators alike, so they acknowledge potential risks pre-emptively.
Echoing this view, Wheeler emphasizes the importance of awareness, vigilance, and education on protecting aviation assets. Organizations must invest properly to manage risks. “Operators need to discuss all these elements with their connectivity provider to reduce risk,” he insists.
Emerging technologies, such as AI and machine learning, pose both threats and opportunities for the aviation sphere. Wheeler states, Cybersecurity is a dynamic sector... it really is a game of cat and mouse. The threats introduce challenges as well as innovative methods for fortifying defenses.
To bolster defense against these cyber threats, organizations must stay committed to constant education and training. Despite the challenges, the fight against cyber threats requires harmonizing knowledge with effective tools and proactive strategies. Continuous adaptation to the threat spectrum will be key to securing the sector’s future.