June 26, 2020

When it comes to cybersecurity threats to business aircraft, time isn’t on your side.

“Six – that’s the average number of months it takes to find a data breach,” if you’re not taking a strategic approach to cybersecurity, warned Lee Brewster, director of product marketing with ATP.

In an increasingly interconnected world, cybersecurity has become an ever-more-important consideration for all transportation modes, whether that involves travel via cars, trains, airliners or business aircraft.

How to keep business aviation assets protected from digital threats, including information about satellite communication and human factor vulnerabilities, is the subject of the latest NBAA GO Virtual Maintenance Conference session, “How Aviation Requires a Unique Approach to Cybersecurity,” and those interested may join the live Q&A session at 3 p.m. (EDT) Monday, June 29.

During the panel with Rob Hill, regional sales director with CCX Technologies, presenters outlined top cybersecurity threats facing operators. “It’s important to start looking at [your vulnerabilities] before you find a problem,” said Hill.

Brewster explained that the six-month average period to detect a threat has been exacerbated by the sheer number of connected electronic systems on board aircraft at any given time. This includes technology on the plane itself, such as avionics and satellite communication systems, as well as digitally connected devices such as laptops and phones – on average, about three and a half per person – brought by passengers.

“Every connected device is an opportunity to introduce an attack into the system,” cautioned Brewster. “You don’t want to scare people, but you have to make them aware that these are things that could happen.”

Though business aircraft typically feature the most “hardened” systems, according to Hill, it’s no longer far-fetched that people attacking them could find paydirt. And the stakes – “health, life and safety,” he said – are far greater than a database breach.

As an example, he pointed to a technique often used by hackers to infiltrate the largest companies and smallest organizations: spoofing, or disguising communication from an unknown source as one coming from a trusted source, which can be used to target GPS systems. This could potentially create a situation where operators believe they’re in one spot when they’re really in another.

On the human side of the equation, Hill advised that anxiety about the COVID-19 pandemic has created unique openings for cyber criminals. For example, a successful recent phishing tactic uses email headlines such as “COVID-19 increasing 45% in your town” from addresses appearing like credible news sources.

“You click it to get more info and next thing you know they have your information, or something on your computer they can use to launch attacks on other people,” said Hill.