Business Aviation Insider nameplate

Management: Best Practices for Aviation Cybersecurity

The recent Garmin hack showed how serious cyber threats can be.

“Recent incidents continue to demonstrate that any of us are vulnerable to these scenarios because of the dependence we all have on software,” said Jim Kazin, senior captain and aviation security advisor for a Southeast-based Fortune 150 flight department. “Scheduling, flight planning, maintenance and even the operation of the aircraft itself can be corrupted by malware.”

How can you protect your organization from a cybersecurity attack?

First, establish policies and procedures that support cybersecurity by conducting a vulnerability assessment. Work closely with your IT department and outside vendors, if appropriate, keeping in mind that aviation involves unique cyber risks.

“Understand what kind of data you generate, transmit and consume,” advised Patrick Morrissey, technical fellow of product cybersecurity at Collins Aerospace. “What is the criticality of that information to the system and to your business operations? Set up a policy framework that is helpful in supporting, protecting and managing that data, not only through day-to-day operations like IT systems, but in your contracts so you are conveying your risks to the vendors and customers you work with and can manage those risks together.”

Know how your vendors use the information you supply to them, and be sure they know your expectations regarding information protection by asking them how they manage and protect your data.

“It must be understood there is a shared risk, which drives the need for understanding why it’s so important to protect the data we have, and inspect the data we receive,” said Morrissey.

Education is also key. Conduct regular cybersecurity training and drills to ensure everyone in the organization is prepared to respond to a breach. Remember, cybersecurity isn’t limited to the aircraft, so use a holistic approach.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues.”

Josh Wheeler Senior Director of Cybersecurity Solutions, Satcom Direct, Inc.

The current cyber threat has been heightened during the pandemic, with more hacking occurring because more people are working from home.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues,” noted Josh Wheeler, Satcom Direct’s senior director of cybersecurity solutions.

Don’t just educate your staff and crewmembers. Talk with passengers because they can inadvertently become the weakest link in your aircraft’s cybersecurity by adding unsecured devices to secure networks, for example. In fact, cybersecurity polices should address what types of devices can be used on your aircraft.

Practice good situational awareness during trips. Learn about risks specific to your travel area. Avoid free WiFi networks, and use a VPN whenever possible. In high-risk regions, limit the number of electronic devices you carry and assume they will be compromised.

Finally, Morrissey encourages a top-down approach to cybersecurity, with strong executive commitment to support bottom-up initiatives.

“There are plenty of standards to improve a company’s cyber posture, but, in many cases, what’s missing is the leadership and business support for implementing those standards, which comes with a cost,” Morrissey concluded.

Review NBAA’s security resources at

July/August 2023

Aviation Cybersecurity: Risks and Mitigations

You must to view this content.
Read More

April 17, 2023

Podcast: How Cyber-Secure Is Your Flight Operation?

With just a few keystrokes, hackers may be able to collect personal data from aircraft passengers or flight operations employees and even damage a company’s IT infrastructure. Guarding against cyberattacks requires participation and vigilance by everyone in your aviation operation, as well as cooperation from vendors and support providers.
Listen Now

December 21, 2022

Cybersecurity Initiatives Coming for Aviation Sector

Cyber incidents involving flight planning and communications software, airline reservations systems and more are on the rise in the U.S. and around the world, and business aircraft operators should prepare for possible incidents.
Read More

November 28, 2022

Learn to Identify Human Trafficking at DHS Blue Lightning Initiative Summit

NBAA encourages members to participate in Blue Lightning Initiative events to learn how they can help prevent human trafficking in the U.S.
Read More