×
×
Business Aviation Insider nameplate
Operations

Management: Best Practices for Aviation Cybersecurity

The recent Garmin hack showed how serious cyber threats can be.

“Recent incidents continue to demonstrate that any of us are vulnerable to these scenarios because of the dependence we all have on software,” said Jim Kazin, senior captain and aviation security advisor for a Southeast-based Fortune 150 flight department. “Scheduling, flight planning, maintenance and even the operation of the aircraft itself can be corrupted by malware.”

How can you protect your organization from a cybersecurity attack?

First, establish policies and procedures that support cybersecurity by conducting a vulnerability assessment. Work closely with your IT department and outside vendors, if appropriate, keeping in mind that aviation involves unique cyber risks.

“Understand what kind of data you generate, transmit and consume,” advised Patrick Morrissey, technical fellow of product cybersecurity at Collins Aerospace. “What is the criticality of that information to the system and to your business operations? Set up a policy framework that is helpful in supporting, protecting and managing that data, not only through day-to-day operations like IT systems, but in your contracts so you are conveying your risks to the vendors and customers you work with and can manage those risks together.”

Know how your vendors use the information you supply to them, and be sure they know your expectations regarding information protection by asking them how they manage and protect your data.

“It must be understood there is a shared risk, which drives the need for understanding why it’s so important to protect the data we have, and inspect the data we receive,” said Morrissey.

Education is also key. Conduct regular cybersecurity training and drills to ensure everyone in the organization is prepared to respond to a breach. Remember, cybersecurity isn’t limited to the aircraft, so use a holistic approach.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues.”

Josh Wheeler Senior Director of Cybersecurity Solutions, Satcom Direct, Inc.

The current cyber threat has been heightened during the pandemic, with more hacking occurring because more people are working from home.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues,” noted Josh Wheeler, Satcom Direct’s senior director of cybersecurity solutions.

Don’t just educate your staff and crewmembers. Talk with passengers because they can inadvertently become the weakest link in your aircraft’s cybersecurity by adding unsecured devices to secure networks, for example. In fact, cybersecurity polices should address what types of devices can be used on your aircraft.

Practice good situational awareness during trips. Learn about risks specific to your travel area. Avoid free WiFi networks, and use a VPN whenever possible. In high-risk regions, limit the number of electronic devices you carry and assume they will be compromised.

Finally, Morrissey encourages a top-down approach to cybersecurity, with strong executive commitment to support bottom-up initiatives.

“There are plenty of standards to improve a company’s cyber posture, but, in many cases, what’s missing is the leadership and business support for implementing those standards, which comes with a cost,” Morrissey concluded.

Review NBAA’s security resources at nbaa.org/security.

March 16, 2022

NBAA News Hour: Ukrainian Crisis Continues to Present Unique, Evolving Challenges

A recent NBAA webinar addressed several questions from the business aviation community about ongoing effects from the crisis in Eastern Europe, including airspace closures, concerns about cyber security and volatility in oil prices.
Read More

July/August 2021

Security in Uncertain Times

All the usual threats to people and planes are still here, along with some new ones.
Read More

August 10, 2021

Operators: Learn How to Help Combat Human Trafficking

NBAA encourages members to register for a Blue Lightning Initiative (BLI) webinar to learn how they can help stop human trafficking.
Read More

August 9, 2021

NBAA’s Brown Named to TSA Aviation Security Advisory Committee

NBAA announced that NBAA Chief Operating Officer Steve Brown has been named to the Transportation Security Administration’s (TSA) Aviation Security Advisory Committee (ASAC), which is tasked with providing recommendations for improving aviation security.
Read More