The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have fully adopted NIST security standards. As attacks against critical infrastructure and rapidly digitizing industries rise, the aviation industry must reevaluate its standards.

How Vulnerable Are Aircraft Networks?

Attacks against aircraft networks can cause immense damage. Airplanes rely on radio signals to navigate and communicate, so cybercriminals could steer flights off-course by interfering with these networks. As aircraft incorporate more Internet of Things (IoT) technologies, attackers gain more potential gateways to infiltrate aircraft control or communication systems.

Aircraft themselves undergo rigorous safety and compliance testing, so they may not be the most vulnerable parts of these networks. The air traffic control systems and airline booking platforms that handle vast amounts of data daily are a more likely target. Cybercriminals could infiltrate airport networks to steal sensitive passenger data, such as names and financial information.

These threats are more than just hypothetical too, as attackers have already begun targeting the aviation industry. In 2018, cybercriminals accessed up to 9.8 million passengers’ data, including passport numbers and credit card details. Upon review, it became clear the airline had many vulnerabilities, such as unprotected backups, out-of-date software, and unpatched internet-facing servers.

Earlier that same year, British Airways suffered an attack on its website, exposing thousands of customers’ data. Air Canada experienced a similar breach through its app. Attacks have targeted airports, too, with Bradley International Airport suffering a DDoS attack in March 2022.

How Can Aircraft Networks Become More Secure?

In light of these attacks, it’s clear that (Read more...)