CYBER SECURITY • CJI REPORT
How cyber secure is your jet?
Cyber attacks present a growing threat to business jet owners and operators. Here’s how to mitigate the risks in the cockpit and the cabin. Words: Rob Hodgetts
THE WI-Fi works like lightning, just like in the office. The gaming is lag free, the video streaming is crisp and no task is too big. The cabin connectivity app is a breeze. The multi-orbit hybrid system switches seamlessly between satellites to maximise your productivity. The cost and the downtime and the hours researching your new internet solution were all worth it.
But while business jet connectivity has gone ‘next gen’ , with ever-expanding satellite coverage and whizzy technology to leverage the capacity, the hackers have been at work too.
So how cyber secure is your jet? “As we move to jets as digital platforms away from analogue, the risk for compromise is increasing,” says cyber security expert Josh Wheeler, Gogo’s senior director of Entry into Service. “Your threat profile does go up, but your ability to protect also goes up.”
Claudio D’Amico, vice president of Strategic Market Engagement, Business Aviation at Viasat adds: “The increased volume and speed of data transmission necessitate that our security measures are continually robust, intelligent and dynamic to proactively counter sophisticated cyber threats.”
According to D’Amico, the leading connectivity providers integrate cybersecurity “deeply” into their service offering and leverage “sophisticated big data analytics” to process billions of events daily for “real-time threat intelligence and anomaly detection”.
The risks arise from the volume and diversity of devices connected to the network, which can be susceptible to malware, phishing attempts or connecting to unsecured networks.
“It’s not a closed environment anymore. Once you open a Wi-Fi, that’s it. You're connected. It’s just a matter of motivation,” says Roy Arad of cyber security firm Cyviation.
For passengers in the cabin, typically on a separate Wi-Fi network to the cockpit for performance and safety reasons, threats include breach of privacy, disruption, loss of productivity and data-in-transit security.
“For instance, if a passenger is sending a confidential merger agreement to your legal team or reviewing sensitive financial projections for an upcoming board meeting, the security of that data as it travels across a network is absolutely paramount,” says Wheeler.
One area of weakness is “proximity” to a jet, a result of the ability to access an FBO, especially in the US, he adds.
With a decent laptop and some knowledge it is easy to begin “spear phishing”, targeting specific aircraft which you’ve tracked to that location and trying to get into their systems.
“If you walk into an FBO wearing a pair of sunglasses, sit down quickly and then ask for a coffee, they think you’re a celebrity or a high-net-worth individual and they don't want to inconvenience you,” he says.
“The threat vector has now gone up exponentially.” Alternatively, “low-hanging fruit” would be “casting a net”, just having a look at what devices are connected in the vicinity of the FBO to see what you can find.
The next step for an experienced hacker could be to try to log in to the aircraft’s router and change configurations, creating a “denial-of-service attack”. This could take the jet offline completely, possibly costing businesses time and potentially big money.
“No internet on an airplane, that’s now an AOG issue. People will not fly if there's no connectivity,” says Wheeler.
Not all efforts at hacking are overtly malicious. Pranksters have been known to try to access cabin management systems to cause mischief. In 2022, a number of American Airlines flights broadcast “moaning and grunting” sounds over their PA systems after the cabin management software was seemingly hacked.
“A cybersecurity prank such as taking over the speakers or putting loud music on could possibly affect the pilot and they could make a mistake and that causes a safety issue,” says Arad. “It’s not a cyber security loophole used to crash the plane, but it could be a snowball that could cause a catastrophic event.”
“A cybersecurity prank such as taking over the speakers isn’t a loophole used to crash the plane, but it could be a snowball to a catastrophic event.”
CYBER SECURITY
How cyber secure is your jet?
Cyber attacks present a growing threat to business jet owners and operators. Here’s how to mitigate the risks in the cockpit and the cabin. Words: Rob Hodgetts
THE WI-Fi works like lightning, just like in the office. The gaming is lag free, the video streaming is crisp and no task is too big. The cabin connectivity app is a breeze. The multi-orbit hybrid system switches seamlessly between satellites to maximise your productivity. The cost and the downtime and the hours researching your new internet solution were all worth it.
But while business jet connectivity has gone ‘next gen’ , with ever-expanding satellite coverage and whizzy technology to leverage the capacity, the hackers have been at work too.
So how cyber secure is your jet? “As we move to jets as digital platforms away from analogue, the risk for compromise is increasing,” says cyber security expert Josh Wheeler, Gogo’s senior director of Entry into Service. “Your threat profile does go up, but your ability to protect also goes up.”
Claudio D’Amico, vice president of Strategic Market Engagement, Business Aviation at Viasat adds: “The increased volume and speed of data transmission necessitate that our security measures are continually robust, intelligent and dynamic to proactively counter sophisticated cyber threats.”
According to D’Amico, the leading connectivity providers integrate cybersecurity “deeply” into their service offering and leverage “sophisticated big data analytics” to process billions of events daily for “real-time threat intelligence and anomaly detection”.
The risks arise from the volume and diversity of devices connected to the network, which can be susceptible to malware, phishing attempts or connecting to unsecured networks.
“It’s not a closed environment anymore. Once you open a Wi-Fi, that’s it. You're connected. It’s just a matter of motivation,” says Roy Arad of cyber security firm Cyviation.
For passengers in the cabin, typically on a separate Wi-Fi network to the cockpit for performance and safety reasons, threats include breach of privacy, disruption, loss of productivity and data-in-transit security.
“For instance, if a passenger is sending a confidential merger agreement to your legal team or reviewing sensitive financial projections for an upcoming board meeting, the security of that data as it travels across a network is absolutely paramount,” says Wheeler.
One area of weakness is “proximity” to a jet, a result of the ability to access an FBO, especially in the US, he adds.
With a decent laptop and some knowledge it is easy to begin “spear phishing”, targeting specific aircraft which you’ve tracked to that location and trying to get into their systems.
“If you walk into an FBO wearing a pair of sunglasses, sit down quickly and then ask for a coffee, they think you’re a celebrity or a high-net-worth individual and they don't want to inconvenience you,” he says.
“The threat vector has now gone up exponentially.” Alternatively, “low-hanging fruit” would be “casting a net”, just having a look at what devices are connected in the vicinity of the FBO to see what you can find.
The next step for an experienced hacker could be to try to log in to the aircraft’s router and change configurations, creating a “denial-of-service attack”. This could take the jet offline completely, possibly costing businesses time and potentially big money.
“No internet on an airplane, that’s now an AOG issue. People will not fly if there's no connectivity,” says Wheeler.
Not all efforts at hacking are overtly malicious. Pranksters have been known to try to access cabin management systems to cause mischief. In 2022, a number of American Airlines flights broadcast “moaning and grunting” sounds over their PA systems after the cabin management software was seemingly hacked.
“A cybersecurity prank such as taking over the speakers or putting loud music on could possibly affect the pilot and they could make a mistake and that causes a safety issue,” says Arad. “It’s not a cyber security loophole used to crash the plane, but it could be a snowball that could cause a catastrophic event.”
CJI REPORT
“A cybersecurity prank such as taking over the speakers isn’t a loophole used to crash the plane, but it could be a snowball to a catastrophic event.”
He adds: “Business jet clientele are sensitive to their privacy, their time, any manipulation of the aircraft. That’s why most of them buy the aircraft, to get their time back. So if there’s any delay or anything jams up, it's a bigger headache than even a commercial plane.”
The interface between the MRO and the aircraft, as maintenance and software upgrades are carried out, is another potential weak point in the system.
Wheeler has experienced a situation where a maintainer unwittingly used a laptop compromised with malware which, when connected to the jet’s Wi-Fi, recorded keystrokes and tried to send that information off to another server.
“A lot of these cyber attacks, they don't know what they're trying to get. They're just hoping they get something,” says Wheeler. “The computer didn't know it was on a jet. It saw Wi-Fi. It connected.”
With robust intrusion detection systems in place in its data centres, the Gogo team was able to intercept the laptop trying to send data and alerted the OEM. “The customer didn’t take any chances. He asked for that router and modem to be ripped off the aircraft. He didn’t want to entertain the idea of a compromise,” says Wheeler.
The maintainer felt “horrible,” he adds. “It wasn’t a malicious event. But we learned a lot that day about what potentially could happen. It’s not a far cry to think a disgruntled employee could leave a laptop on a wing or you install malware to hopefully capture something. It’s just kind of the mentality you have to be in if you want to get ahead of these attacks.”
Spoofing and jamming
Compromising the cockpit connectivity is arguably a greater threat than the cabin given the safety implications –and one that is growing.
Spoofing and jamming are tactics used by bad actors to interfere with maritime and aircraft navigation systems. Spoofing is where false signals are transmitted to deceive the jet’s GNSS satellite navigation system, while jamming is where legitimate GNSS signals are compromised, in both instances leading to potential navigation errors. A lack of accurate location can also take a cabin’s internet offline, with knock-on effects for productivity.
Countries surrounding the Baltic Sea and other nations, such as India, have seen a significant rise of spoofing or jamming in recent years.
The number of GPS signal loss events increased by 220% between 2021 and 2024, according to International Air Transport Association (IATA) data from the Global Aviation Data Management Flight Data eXchange (GADM FDX).
Network Operations Center at Satcom Direct World Headquarters
Network Operations Center at Satcom Direct World Headquarters
In 2024, an RAF plane carrying then UK Defence Secretary Grant Shapps had its GPS signal jammed near Russian territory on its way to Poland. In September last year, a jet carrying Ursula von der Leyen, European Commission president, was affected by a jamming incident as it neared Bulgaria. Russian actors were suspected of carrying out the attack.
IATA and the European Union Aviation Safety Agency (EASA) say that continued geopolitical tensions mean cases will continue to rise but stress they are working to “reinforce the redundancies” in the system to keep flying safe.
“The industry is getting a bit better about recognising certain geopolitical areas where this may take place,” says Wheeler. “And we're getting more intelligent about how we approach it. But it’s a challenge and something that is only going to get worse. We need to up the education level of our pilots in business aviation and just be cognisant of some of these things.”
For Arad, the act of taking over a business jet to cause a catastrophic event is not the goal of hackers “per se”, but he says it’s increasingly clear that cyber attacks are intent on causing disruption.
“You can cause enough damage by taking over the cabin,” he says. “You want your privacy to be protected, you don’t want the cabin management system affected or any delays and you don't want any GPS spoofing or ransomware attack when you're in mid-flight over the Atlantic,” adds Arad. “So from a business standpoint, it's a big issue.”
As onboard connectivity becomes more sophisticated, business jets are increasingly performing as real-time data platforms, sending information off-wing about engine and flight performance to inform maintenance and operations teams. But where once the cabin and cockpit systems were kept separate for cyber safety reasons, this increase in flight data transfer is opening a “back door”.
“My concern is while we say these systems are separate to keep them inaccessible in flight, if you're now sending engine data or other positional guidance data off-line, they're potentially run at risk for intercept,” says Wheeler. “While the expanding digitisation increases the cyber risk, a major recent accelerant has been the rise of artificial intelligence [AI]. With some domain knowledge and the right prompts, a motivated hacker could use AI to breach onboard systems much more easily.
Cyber security expert Josh Wheeler, Gogo’s senior director of Entry into Service.
“The increasing sophistication of cyber threats necessitates a proactive, integrated and comprehensive security approach.”
“The increasing sophistication of cyber threats necessitates a proactive, integrated and comprehensive security approach.”
“The threat profile has exponentially increased, unfortunately,” says Wheeler.
“As computing gets better, as AI gets better, the threat of interception of this data or just holistically taking all that information off an aircraft, is something we should definitely be concerned about.”
AI is likely to be used in increasingly creative ways, for good and for bad, adds Wheeler. He explains how he recently demonstrated the threat of AI by using it to recreate the voice of his sales director, complete with strong New York accent, from a brief voicemail. “It synthesised it almost perfectly,” explains Wheeler. He was then able to use that “voice” to leave a message with the flight department requesting the use of the company jet.
Describing the human element as the “weakest link”, Wheeler says education for all stakeholders, from owners and flight crew down, is crucial in mitigating risk. He says that even could be informing pilots why using their own personal digital device when flying to overseas locations might not be a good idea.
“Telling them what potentially could happen, maybe you’re stopping a threat just by that,” he says.
“Really, cyber defence is just understanding that slight nuance or understanding that potential vulnerability and then coming up with a strategy to prevent it.”
D’Amico says owners and operators should approach cyber security with “a sense of caution and diligence”. But he stresses they shouldn’t be “overly worried” as long as they use a connectivity provider which places a premium on security.
“The increasing sophistication of cyber threats necessitates a proactive, integrated and comprehensive security approach,” he says.
