people sitting in passenger cabin

May 4, 2018

When it comes to protecting an organization’s digital assets, the biggest danger isn’t hackers – it’s complacency.

“The safest day in cyber security was yesterday,” said Rob Hill, business development director, global data solutions at Satcom Direct, during a presentation at the NBAA Maintenance Conference in Albuquerque, NM. While the threat of a cyber attack is always present, proactive measures can mitigate the risk of a security breach.

Recognize the risk to digital assets while airborne

In 2017, there were 5,207 worldwide data breaches, with more than 7.89 billion information records compromised. The risk to businesses has never been higher, as rather than deploying mass phishing attacks on random users, cyber criminals are increasingly executing focused attacks on high-value employees.

“The attacks on corporate data are much faster and stronger than even on our nationwide security,” said Hill. “They want the info that’s profitable, and that’s your passenger’s info.”

Flight departments are therefore in a catch-22: cyber security isn’t their expertise, but they’re ultimately responsible for what happens aboard the aircraft. The onus lies with the aviation team to proactively find airborne cyber security solutions that are commensurate with the company’s terrestrial standards, he said.

Be vigilant when flying over questionable airspace

In some countries’ airspace, airborne internet traffic is automatically routed to an in-country satellite earth station, allowing third parties to intercept the data.

“If you’re flying in airspace that’s hostile toward us, that info goes down to them,” Hill advised. “If you’re transferring outside of a VPN, they have all that data open to see.”

In addition to always using encryption software, another risk mitigation strategy is utilizing predictive flight mapping technology that sends an automatic alert when entering questionable airspace, at which point operators may want to temporarily terminate their internet connection.
Consider implementing a private network

Private networks are the ultimate in protection: encrypted data traveling straight from the aircraft back to corporate headquarters without ever touching the public internet. Additionally, they eliminate the need for passengers to use a VPN – reducing the risk for human error and offering cost-benefit advantages with regard to reduced data cost.

“It takes the pressure off [operators],” Hill said. “That gives your IT department control over all cyber security and everything that people onboard that aircraft are allowed to do.”

Don’t forget about physical security

With so much focus on digital methods of attack, Hill advised operators not to forget about the threat of physical tampering.

“Who has access to that aircraft?” he asked. “Who caters the aircraft? Who is working on or in the aircraft?”

When something as seemingly innocuous as a USB drive can enable hackers to Trojan Horse their way into your network, it’s critical to be fully aware of any possible breach opportunities while the plane is on the ground.

Cybersecurity, and other topics such as personnel security, regulatory compliance and developing a business aviation security plan, will be discussed at NBAA’s Security Conference May 9-10, 2018, in Dallas, TX. Learn more about the Security Conference.