Cybersecurity challenges – ‘The Growing Threats’

The future of business aviation security depends on our ability to adapt and innovate in response to evolving cyberthreats, warned Cyviation.

In an era where digital connectivity reigns supreme, business aviation passengers are benefiting from the integration of cutting-edge technology, writes Afema Ronnie.

This is bringing to the skies connectivity standards previously only enjoyed in the home or office. However, it also offers its own unique set of challenges. Business aviation finds itself at the forefront of a pressing cybersecurity battle that demands immediate attention, according to aviation cybersecurity specialist Cyviation.

“Cybersecurity in aviation is no longer an option but a necessity,” Aviel Tenenbaum, CEO, Cyviation, told Corporate Jet Investor. He divides business aviation cybersecurity risks into two areas: financial and reputational and threats to life.

In our highly interconnected world, hackers can impact an aircraft in various non-lethal but highly damaging ways. This could range from the relatively trivial, such as compromising in-flight entertainment systems, to the much more serious – spreading viral messages to passengers’ devices, tarnishing the operator’s reputation. The financial impacts could include severe impacts on stock prices to altering passengers’ booking decisions.

Even more worrying is the threat to life. Terrorist threats pose a grave concern, according to Tenenbaum. Terrorists may try to gain control of an aircraft, potentially leading to catastrophic consequences. This risk could reshape the business aviation landscape, similar to how the 9/11 attacks transformed global aviation security perceptions, he said. With the world locked seemingly in intensified conflict, it’s a threat Tenenbaum believed can only intensify in the years ahead. These risks often stem from political disputes or conflicts between countries or entities with commercial or terror-related interests. It could be motivated by an attempt to exploit what criminals see as a money-making opportunity.

On a more operational level, business jets could be subject to flight seizure, where a cyberattack could force an entire fleet to abort take off due to perceived threats. In another scenario, GPS spoofing, or sending counterfeit signals during navigation or landing, could cause go-arounds, increased fuel costs, delays, and missed connections. The cumulative impact of these disruptions could cost business aviation hundreds of thousands of dollars, in addition to the safety risks, underscoring the need for robust cybersecurity measures.

One practical example of cyberattacks came this summer with the data breach suffered by American Airlines and Southwest Airlines. Hacking a third party’s software company reportedly compromised personal details such as names and social security numbers for pilot and cadet applicants. The latest attack, the second in the past year, was said to result in the disclosure of more than 8,000 applicants’ personal details.

Mitigating these risks by enhancing on board cybersecurity measures is Cyviation’s mission. Tenenbaum highlighted the importance of analysing every aspect of an aircraft’s systems, including conducting vulnerability assessment to identify and mitigate possible cyber risks. But there is a catch, he explained. Most aircraft systems were designed decades ago, long before the concept of cyber threats emerged. It is only recently that business aviation has begun to comprehensively address these cybersecurity concerns. So, assessing and enhancing cybersecurity in business aviation faces a significant challenge.

Cyviation’s solution to the complex challenges posed by these threats is mapping vulnerability, mitigation where possible, increasing cyber awareness, providing tools and knowledge to manage aircraft related cyberattack and deploy solutions to identify as much as possible cyber events in real-time. It is vital to develop preparedness against vulnerable and aging systems that were not designed to withstand modern cyberthreats, said Tenenbaum.

Computer systems, particularly those associated with maintenance programs and supply chains, can be vulnerable to cyberattacks and merit close scrutiny. Such systems often have multiple users, including subcontractors and airport staff, making them susceptible to cyberattacks. Once compromised, these systems can manipulate various aspects of an aircraft’s operations, posing a threat to flight safety, said Tenenbaum.

Gauging the full extent of the problem is complicated by the understandable reluctance of many business aviation firms to disclose that they have been targeted – or the nature of the attack. But what is clear is the urgent need to protect businesses and individuals, said Tenenbaum. Enhancing cybersecurity in business aviation requires acknowledging the problem and raising industry-wide awareness, he added.

Assessing the business fleet to identify vulnerabilities and risk factors is the initial step. Mitigating these risks involves protecting maintenance computers and establishing processes to safeguard them. Collaboration among business aviation stakeholders, including OEMs, regulators, operators, and cybersecurity experts, is essential. “Collaborative efforts are the key to a more secure business aviation landscape,” said Tenenbaum.

In future, Tenenbaum predicts a broader adoption of cybersecurity measures across the business aviation industry. As aviation regulations become more specific compliance needs will mean cybersecurity measures will become a must within the next 24-36 months. More cybersecurity companies will collaborate with maintenance, repair, and overhaul (MRO) providers to enhance resilience, safety, and security, he said. Privacy and security will become paramount concerns, particularly in business aviation.

The aviation industry, particularly, business aviation, stands at a critical point where cybersecurity is no longer a choice but an absolute necessity, said Tenenbaum . The battle to safeguard our skies requires a collective effort from all stakeholders. Only through awareness, collaboration, and proactive measures can we ensure the safety and security of business aviation in the digital age. Nothing less than the future of business aviation security hinges on our ability to adapt and innovate in response to evolving cyberthreats.