Business Airport International
  • News
    • Accreditation
    • Aircraft
    • Airports
    • Charter
    • Construction
    • FBOs
    • Fuel
    • IT & Software
    • MRO
    • Partnerships
    • Passenger Experience
    • Sustainability
    • Technology
  • Features
  • Online Magazines
    • March / April 2025
    • Dec 2024 / Jan 2025
    • October 2024
    • July 2024
    • March / April 2024
    • Dec 2023 / Jan 2024
    • September / October 2023
    • Archive Issues
    • Subscribe Free!
  • Opinion
  • Videos
  • Supplier Spotlight
  • Surveys
  • Jobs
    • Browse Industry Jobs
    • Post a Job – It’s FREE!
    • Manage Jobs (Employers)
  • Events
LinkedIn YouTube X (Twitter)
LinkedIn YouTube
Subscribe to Magazine Subscribe to Email Newsletter Media Pack
Business Airport International
  • News
      • Accreditation
      • Aircraft
      • Airports
      • Charter
      • Construction
      • FBOs
      • Fuel
      • IT & Software
      • MRO
      • Partnerships
      • Passenger Experience
      • Sustainability
      • Technology
  • Features
  • Online Magazines
    1. March / April 2025
    2. Dec 2024 / Jan 2025
    3. October 2024
    4. July 2024
    5. March / April 2024
    6. Dec 2023 / Jan 2024
    7. September / October 2023
    8. July 2023
    9. Archive Issues
    10. Subscribe Free!
    Featured
    2nd April 2025

    In this Issue – March / April

    Online Magazines By Paige Smith
    Recent

    In this Issue – March / April

    2nd April 2025

    In this Issue – December / January 2025

    19th December 2024

    In this Issue – October 2024

    10th October 2024
  • Opinion
  • Videos
  • Suppliers
    • Supplier Spotlight
    • Press Releases
  • Surveys
  • Jobs
    • Browse Industry Jobs
    • Post a Job – It’s FREE!
    • Manage Jobs (Employers)
  • Events
LinkedIn YouTube
Business Airport International
Features

Why keeping up with the latest trends is crucial for protecting aviation systems

Paige SmithBy Paige Smith4th March 202511 Mins Read
Share LinkedIn Twitter Facebook Email
Why keeping up with the latest trends is crucial for protecting aviation systems
Why keeping up with the latest trends is crucial for protecting aviation systems

In an increasingly digital world, cybersecurity is a growing issue for all industries, and business aviation is no exception. Cybersecurity has emerged as a critical concern for the sector because the consequences of a breach are particularly high.

“When we think about cybersecurity, a lot of people think about the guys in the hoodies behind the screen somewhere in the basement. But, we need to think about safeguarding our data, anything that we have which is digital. In fact, The European Union Aviation Safety Agency doesn’t even use the term cybersecurity. They call it information security, which I feel gives a much better idea of what we are talking about,” explains Diego Magrini, co-founder of NERD.aero, an IT service company dedicated to aviation.

“The cybersecurity threats for business aviation are constantly changing,” explains Josh Wheeler, senior director of entry into service and client services at Satcom Direct. “As technology evolves and we use more devices than ever, malware attacks continue rising, with over five billion occurring in the last year. Satcom Direct blocks some 10,000 attempted malware attacks on our customers’ assets every day,” he says.

“Business aviation leaves a trail of sensitive information unfortunately,” says Maxim Schelfhout, CEO at Skylegs, a flight management platform for aircraft operators. “This sensitive information can be used against the company, the individuals working for the company or the passengers. In business aviation it seems that there is a race to move quickly no matter what, but that’s a dangerous attitude. Sending data, secure files from passenger to operator to authorities should be done in a more secure manner than Whatsapp, emails with attachments and passwords, printing Gendecs and leaving them everywhere.”

“When I speak about information security, I strongly emphasize that a lot is about awareness. It’s about knowing the threats. It’s really the human aspect. That’s why I push companies to include information security or cybersecurity training in their HR policies, onboarding, and general training,” Magrini says.

“Modern operations have become very efficient by relying on web-based and connected technologies,” says Schelfhout . “If any of these softwares fail it has a large impact on the safe operation of the flight because there might not be backup systems. That’s why operators and system providers need to make their operations not only efficient but also secure and robust.”

Types of attacks

“Social engineering is still a common strategy, using cheaply acquired software readily available online to manipulate user behaviour. Many of us are aware of Phishing, the use of fraudulent emails to appropriate this data.  Phishing gives rise to clickbait scams, giveaway frauds, false Facebook quizzes and cloned accounts. These remain the greatest threat to operators and rely on simplicity, clever tactics, and slick graphics to trick users out of valuable information,” explains Wheeler.

“We are also seeing increasing cyber events manifesting in new imaginative guises that are moving the goalposts for cyber-attacks. Clients often think they are immune because they don’t use a laptop in flight, but this is not the case. If the phone is connected to the internet, which it nearly always is, it’s equally as vulnerable as a laptop or tablet. Phones offer a new platform from which to gather information or direct behaviour.

“Smishing, which uses fake texts to extract data, and Vishing, which uses voice-generated AI, are entering the sector. The clever use of AI, publicly available digital recordings, and a little background research can generate convincing fraudulent phone messages in which voices and speech patterns are emulated. These vocal frauds can be extremely convincing.”

Cybersecurity is the act of ensuring that data being transmitted from an aircraft to organizational networks is always protected to prevent the unauthorized theft of information.  The continuous mitigation of risk forms a key component of cybersecurity activity.

In 2023, the cost of cyber data breaches averaged around US$4.45 million but this doesn’t include reputational damage. “Alarmingly, the average time to detect a violation was nearly four months,” explains Wheeler. “With 53% of users not changing passwords regularly or recycling the same password across different accounts and additionally, an alarming 57% of users writing passwords on sticky notes for all to see, some eight billion data records were compromised.

“While these numbers do not represent pure aviation incidents, it is important to understand that if your airframe is connected to your organization’s internal network or intranet and there are no cyber protocols or strategies in place, passengers are as vulnerable on the aircraft as if they were sitting in a coffee shop,” says Wheeler.

“Altitude does not make data exchange secure. If the internet is visible to the aircraft, then the aircraft data is visible to the internet. It is essential to implement an active cybersecurity policy for all aviation operations.”

“In business aviation, the process of arranging a flight is a lot less standardized and streamlined compared to airlines. That means there are more potential faults. With airlines, you go to a booking website owned by the airline. They manage the data and have precise processes for data flow,” says Magrini.

“In business aviation, it doesn’t work like that. Many flights are arranged via brokers, WhatsApp, or Telegram. Passport pictures are often sent over WhatsApp and remain on devices, exposing operators to big GDPR risks.”

Simple things like not using password-protected Wi-Fi access in public areas leave digital users exposed to hackers. “This is when malware can be downloaded and subsequent threats released,” Wheeler says.

Users who don’t think about unusual emails, question whether it is a genuine email from a reliable source, or even click on attachments that are not known can all inadvertently become vulnerable explains Wheeler.

“Using thumb drives that are not password protected or that you don’t know the source of can cause issues when plugged into the hard drive. They may carry malware, virus or other code that seamlessly passes on to a computer.”

Sharing data with third-party suppliers may seem innocent enough but Wheeler says it is important to be aware of their security protocols before information is transmitted. “Passenger manifests for example contain rich data but if the catering company/ground transport company for example does not have cyber protocols in place the data becomes vulnerable,” he says.

Avoid becoming a victim

Aviation organizations, stakeholders, and suppliers need to be cyber vigilant and employ various tools to mitigate the threat. Wheeler says that the best for of defence is a combination of human understanding, implementation of tech protocols and investment in robust cyber management solutions can help protect aviation assets.

“Operators need to discuss all these elements with their connectivity provider to reduce risk. The inflight connectivity must be paired with a robust, secure ground infrastructure that can support secure connectivity solutions.  There is no one size fits all and the operator must trust the connectivity provider to tailor the security system according to their needs,” says Wheeler.

“Flight departments must implement cyber-specific policies within the SOPs (standard operating procedures). Assessing the risk profile before each trip will help them stay ahead of the curve. Creating a security mindset is paramount to successfully navigating an ever-changing threat landscape,” he says.

One of the easiest and most effective strategies for preventing a cyberattack is having a robust password that is changed regularly says Wheeler, “Yet many business aircraft operators fail to implement this option,” he says. “Some CEOs and owners just want to get online and connect and passwords are deemed an inconvenience. Alarmingly, many jets are not configured with their own passwords.”

Wheeler says the irony is that simple actions can make a huge difference.

“Using passwords to protect cabin Wi-Fi is an obvious one,” says Wheeler. “Flight departments can be reluctant to create Wi-Fi passwords due to the perceived inconvenience to passengers, yet the inconvenience of learning a password far outweighs the potential risks. You can even put passwords into a QR code for passengers to scan when they board.”

Interestingly password length trumps complexity in terms of strength explains Wheeler. “It is harder for the decoders to crack a long password, say the first line of a favourite song, than it is to figure out a short password that includes numbers, special characters and letters.”

Wheeler also says it is better to switch off auto-connect and actively decide which Wi-Fi networks to connect to if you’re in a public space, an FBO, or MRO. “If you’re not sure the Wi-Fi is legitimate, stay on the cellular network,” he says. “And if you travel, use a virtual private network, VPN, for an encrypted connection. This creates another layer of defence when logging on to a hotel or FBO network.”

“Just like deploying oxygen masks in an emergency. Protect yourself, then protect the others. It starts with your own accounts and keeping things clean and updated. Then you think about your peers and how you communicate with them in a secure way by being disciplined in the use of systems,” says Schelfhout.

Emerging technologies & cybersecurity

 

“Cybersecurity is a dynamic sector, and the changing practices of malevolent actors partly trigger its evolution,” says Wheeler. “As the attacks become more sophisticated, the response or proactive protection needs to evolve. It really is a game of cat and mouse, not just for aviation but for all users of technology platforms.

“As AI and machine learning evolve, they present new opportunities for both security and threats,” he explains. AI-powered tools can replicate voices and create convincing phishing schemes. “Voice cloning technology, for example, can easily trick people into thinking they’re speaking with someone they trust,” he says.

While AI poses risks, Magrini believes the best defense is awareness. “The more we understand how these technologies work, the better we can protect ourselves,” he stresses. “It’s about recognizing the capabilities of AI and the risks that come with it, while not letting fear push us away from new technologies.”

Recent cyber-attack developments include the increased use of AI technology and machine learning to target victims and evade detection layers. AI-powered phishing/smishing/vishing attacks and deep-fake scams are also on the rise. Simple computer viruses and trojan horses have transformed into highly sophisticated ransomware, spyware and advanced persistent threats (APTs). “Malware is designed to disrupt operations and steal data and funds,” says Wheeler. “A notable development in the cybersecurity sphere is the increase in nation-state-sponsored cyberattacks. Such attacks are carried out for espionage, to sabotage critical infrastructure and can influence geo-political events. With each new development comes an equal and opposite development in terms of cybersecurity.”

The importance of training

However, the key recommendation for aviation organizations, stakeholders, and suppliers is to be cyber vigilant and employ various tools to mitigate the threat.

“A combination of human understanding, implementation of tech protocols and investment in robust cyber management solutions can help protect aviation assets,” says Wheeler.

A good strategy to maintain cybersecurity is driven by cyber awareness, vigilance and education. “Organizations and operators must actively educate their staff, suppliers and passengers about what can be done to reduce cyber events,” says Wheeler.

All three experts agree that training and education are essential. Cyber awareness courses should be constantly updated for aviation IT professionals, crew and passengers and designed specifically for business aviation professionals, owners, and operators.

But Magrini believes there are currently not enough aviation specific courses available.

“Generally, cybersecurity courses are developed for professionals in the IT sector and if you call something a cybersecurity course, 95% of the human population will stay away from it,” he says.

“What we are doing is building specific training modules for aviation personnel, which doesn’t necessarily mean pilots. For instance, flight dispatchers are a very important link in the operations department of an operator. The amount of information that goes via email in operations is embarrassing and it is a huge risk,” Magrini says.

“We are working on building training modules together with dispatch and other aviation academies. Operators should include easy-to-digest information security training in their routine training. It shouldn’t be dense or heavy, because people won’t engage with it.”

Satcom Direct also offers a program that navigates the complexities of security and cyberthreat prevention from an aviation perspective. The focus is on identifying common hacking techniques, attack methodology and current cybersecurity concerns within aviation supports the building of awareness about inherent vulnerabilities.

As technology advances, the threats to cybersecurity in business aviation become more complex. Companies must stay vigilant, integrate security into their daily operations, and educate their staff about potential risks.

 

Read this and similar articles in their original magazine format online. Want more? Industry professionals can subscribe to our print and online magazine and our weekly newsletter free of charge now.

Share. Twitter LinkedIn Facebook Email
Previous ArticleAzzera adds new ReFuelEU module to Celeste platform to simplify compliance
Next Article Business Jet installs Starlink on Legacy 600
Paige Smith

Paige is an experienced journalist and editor who started her career covering the building and architecture sector. After several years writing and editing online and print articles for leading journals in this sector, she is bringing her thorough approach to technical content to covering aerospace engineering. In her spare time she enjoys traveling and is always planning her next trip

Related Posts

Unpacking the challenges operators face in navigating tax rules
Features

A look at the complexities of business aviation taxation and regulatory compliance

13th May 20259 Mins Read
Features

A look at Malaysia’s emergence as a business aviation hub in the Asia Pacific region

2nd May 20258 Mins Read
Features

How IS-BAH IS transforming ground operations

29th April 20259 Mins Read
Latest Posts
North Dakota FBO, Overland Aviation (KXWA), together with Avfuel Corporation, has accepted a delivery of sustainable aviation fuel, expanding accessibility of the fuel in a new region within the United States

Overland Aviation & Avfuel introduce SAF to Midwest

19th May 2025
Opul Jets has acquired Quinta Jets, a  jet charter company based in Quinta do Lago, Portugal

Opul Jets expands European presence with acquisition of Quinta Jets

19th May 2025
Euro Jet  has expanded its team of dedicated aviation professionals in all countries and major cities in the Baltic region

Euro Jet expands its Baltic operation

14th May 2025
Partner Content
Johanna Echeto, general manager, LZU

Q&A: Johanna Echeto, general manager, Sheltair, Gwinnett County Airport

29th April 2025
Supplier Spotlights
Our Social Channels
  • YouTube
  • LinkedIn
Getting in Touch
  • Subscribe to Magazine
  • Meet the Writers
  • Contact Us
  • Media Pack
Related Topics
  • Aircraft Interiors
  • Air Traffic Technology
  • Aerospace Testing
  • Business Jet Interiors
FREE WEEKLY NEWS EMAIL!

Get the 'best of the week' from this website direct to your inbox every Tuesday


© 2023 Mark Allen Group Ltd | All Rights Reserved
  • Cookie Policy
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.