Today’s business jet owners as well as their crewmembers and passengers are demanding inflight connectivity rivaling that which they enjoy every day on the ground. Connectivity in the air is no longer considered a perk but, rather, a necessity. However, with increased connectivity comes the same security issues everyone everywhere is facing: Our data, communications, and networks are vulnerable to an increasing variety of threats and privacy issues.
Business aviation and internet security
At a recent Aero Club of Washington, D.C., meeting, Alan Pellegrini, president and CEO of Thales USA, manufacturer of electronic systems for aviation, told attendees that, the more connected aircraft become and the more devices that are added to this intricate web of connectivity, the more vulnerable our aircraft become to safety, security, and privacy threats. According to the Avionincs article, “There have already been hacks of aircraft and aviation-related systems, including in-flight entertainment systems, data communications between pilots and ground-based controllers, and airline operations systems that in one case in Europe caused flight cancellations.”
Disruptions in private aviation systems can and do have tremendous economic and social impacts. That’s why aviation has long been a target of terrorists. In fact, Russian hackers attempted to break into U.S. civilian aviation systems in 2017 as part of a larger attack on the electrical grid. While the attack did not escalate past early stages, it illustrates industry vulnerability.
One big trend in cybercriminals targeting business travelers is malicious actors gaining access to sensitive business information and using this inside information for illicit stock trading. In one incident, hackers compromised a hotel’s computer network and stole access codes as well as network credentials that allowed them to search for valuable business information.
In addition, cyberattacks on airborne private aircraft are already occurring, usually from attackers on the ground. And offering unsecured Wi-Fi to flight crewmembers and passengers can actually make this type of hacking easier due to hackers’ ability to connect as well.
Another complicating factor involves the implementation of Automatic Dependent Surveillance-Broadcast (ADS-B) equipment. While ADS-B is said to be the next generation of air traffic control technology, it compromises privacy by broadcasting unique International Civil Aviation Organization (ICAO) addresses and Flight IDs, making them available to those with the proper receivers. This is a reason some owners are resisting compliance with the ADS-B regulations, which will be mandatory as of January 2020.
Companies and individuals involved in business aviation need to take steps now to ensure they are not victims or even unwitting enablers of security attacks. Be aware of who, why, and how hackers might want to break into your systems. Conduct a security audit of your facility and processes to assess how tight your security is. Understand how you control physical and virtual access, what types of monitoring are in place for your users and systems, and where vulnerabilities may exist in your processes and systems. Train your flight crewmembers on security best practices such as avoiding open Wi-Fi networks and protecting access credentials.
Many flight department managers are hiring IT security experts to harden their systems against security breaches and keep up with the continually evolving threat landscape. It’s important to have a detailed action plan so you and your crewmembers are prepared in the case you discover a vulnerability or breach. Yours should address how to limit its impact and recover quickly as well as outline backup equipment and processes in case of critical failures.
Security is a wide-ranging and ever-changing but vitally important aspect of private and business aviation. Keeping your aircraft, flight crew, passengers, computer systems, and data safe and secure requires continuing education, secure systems and practices, and constant vigilance. That’s the price for a strong, economically viable business aviation operation that can withstand today’s ever-present cybersecurity threats.