Cybersecurity in Connected Aircraft: Risk Mitigation for Airlines, Passengers, Airports, and Service Providers

January, 2023


The aviation industry is embracing a connected environment by digitizing its operations. This involves leveraging IoT devices, 5G networks, applied AI, advanced analytics, and SaaS-based applications to streamline maintenance, repair, and overhaul (MRO).

A connected aircraft generates three types of information: aircraft control and navigation data, cabin-based in-flight entertainment data, and operations-based flight movement data. However, interconnected systems have greatly widened the risk perimeter. With connected aircraft, airlines, aviation authorities, and MRO service providers are all at risk. Phishing continues to account for the largest percentage of cyberattacks, followed by ransomware. Moreover, legal directives around the aviation landscape are evolving to address cybersecurity threats.

These demands call for applying security measures in collaboration with managed security service providers. These providers offer services such as threat detection, incident response, governance, risk and compliance, red teaming, 24×7 monitoring, and threat intelligence.

As airlines modernize their IT infrastructure, there is an increased interest in zero-trust security. This involves the following three measures:

    • Identity governance: A zero-trust model embedded with identity and access management controls enables airlines to access data from anywhere while still maintaining tight and centralized security.
    • Micro-segmentation: A network divided into granular, isolated segments in a zero-trust security framework ensures easy monitoring, efficient control, and faster response to advanced persistent threats, particularly in inter/intra segments.
    • Software-defined perimeter (SDP): SDP capabilities integrated with a zero-trust framework ensure authorization-based access. This equips airlines to better defend against variations in attacks.

Secondly, secure by design is gaining momentum to address security concerns—from development and release to run. DevSecOps provides visibility, collaboration, and agility throughout the solution development life cycle, revolving around four pillars:

    • People: Smoothly integrate the development, security, and operation teams working toward shared goals in an open, transparent, and accountable environment.
    • Process: Introduce cybersecurity requirements in the design process from the onset and simplify manual processes without compromising the security posture.
    • Technology: Integrate proven cloud solutions with the right processes to ensure a unified and consistent quality solution platform throughout the development pipeline.
    • Governance: Work on a consistent process using uniform tools and automated controls to ensure cybersecurity governance at micro and macro levels.

As one scouts for a suitable service provider, the following aspects should be considered:

    • Understanding of the local exposure
    • Review security measures regularly
    • Perform thorough audits
    • Monitor malicious activity and policy violations
    • Use vulnerability intelligence services
    • Conduct security awareness workshops