Business Aviation Insider nameplate
Operations

Management: Best Practices for Aviation Cybersecurity

The recent Garmin hack showed how serious cyber threats can be.

“Recent incidents continue to demonstrate that any of us are vulnerable to these scenarios because of the dependence we all have on software,” said Jim Kazin, senior captain and aviation security advisor for a Southeast-based Fortune 150 flight department. “Scheduling, flight planning, maintenance and even the operation of the aircraft itself can be corrupted by malware.”

How can you protect your organization from a cybersecurity attack?

First, establish policies and procedures that support cybersecurity by conducting a vulnerability assessment. Work closely with your IT department and outside vendors, if appropriate, keeping in mind that aviation involves unique cyber risks.

“Understand what kind of data you generate, transmit and consume,” advised Patrick Morrissey, technical fellow of product cybersecurity at Collins Aerospace. “What is the criticality of that information to the system and to your business operations? Set up a policy framework that is helpful in supporting, protecting and managing that data, not only through day-to-day operations like IT systems, but in your contracts so you are conveying your risks to the vendors and customers you work with and can manage those risks together.”

Know how your vendors use the information you supply to them, and be sure they know your expectations regarding information protection by asking them how they manage and protect your data.

“It must be understood there is a shared risk, which drives the need for understanding why it’s so important to protect the data we have, and inspect the data we receive,” said Morrissey.

Education is also key. Conduct regular cybersecurity training and drills to ensure everyone in the organization is prepared to respond to a breach. Remember, cybersecurity isn’t limited to the aircraft, so use a holistic approach.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues.”

Josh Wheeler Senior Director of Cybersecurity Solutions, Satcom Direct, Inc.

The current cyber threat has been heightened during the pandemic, with more hacking occurring because more people are working from home.

“As an industry, we’re really good at training for physical situations – like the safety of crewmembers and passengers – but not for these [cybersecurity] issues,” noted Josh Wheeler, Satcom Direct’s senior director of cybersecurity solutions.

Don’t just educate your staff and crewmembers. Talk with passengers because they can inadvertently become the weakest link in your aircraft’s cybersecurity by adding unsecured devices to secure networks, for example. In fact, cybersecurity polices should address what types of devices can be used on your aircraft.

Practice good situational awareness during trips. Learn about risks specific to your travel area. Avoid free WiFi networks, and use a VPN whenever possible. In high-risk regions, limit the number of electronic devices you carry and assume they will be compromised.

Finally, Morrissey encourages a top-down approach to cybersecurity, with strong executive commitment to support bottom-up initiatives.

“There are plenty of standards to improve a company’s cyber posture, but, in many cases, what’s missing is the leadership and business support for implementing those standards, which comes with a cost,” Morrissey concluded.

Review NBAA’s security resources at nbaa.org/security.

Dec. 19, 2024

NBAA News Hour: The Evolving Landscape for Security of Key Employees

An NBAA News Hour webinar examines how business aviation flight operations can bolster efforts to not only keep their passengers safe while flying, but also at their destinations.
Read More

Oct. 23, 2024

Protecting Your Passengers, Crew in This Flight-Tracking Age with the Privacy ICAO Address Program

At NBAA-BACE, top security experts shared how to keep crew members and passengers safe and secure from competitive espionage and other threats, at a time when flight tracking is more easily accessible.
Read More

Oct. 9, 2024

NBAA News Hour Offers Insights on Combating GPS Spoofing Attacks

As reports of GPS signal jamming and "spoofing" continue to grow worldwide, an NBAA News Hour delved into these incidents and their effects on the safety of international business aviation operations.
Read More

March/April 2024

Making a Plan for Business Aviation Security

In today’s world, security threats are as much a product of cyberspace and AI, as they are of physical threats, such as an attack on an aircraft or office. Experts shared valuable strategies with Business Aviation Insider about security preparedness in the air and on the ground.
Read More