Preventing Cyber Attacks In Business Aviation

Credit: Image Credit: Alamy/NicoElNino

LOS ANGELES — The business aviation industry must protect against threats of cybersecurity attacks and build strategies to detect and prevent malware, ransomware and spyware strikes, experts at the NBAA International Operators Conference warn. 

“Currently, everything you do on a computer has a footprint,” Michael Yerardi, Honeywell Aerospace senior application engineer, said during a session at the conference, held in Los Angeles March 14-17.

Cybersecurity works to protect a computer or computer system against unauthorized access or attack. 

Hackers can deny users service and encrypt ransomware or spyware on a computer, flood a computer or network so it cannot respond, gain access to a user’s data or insert themselves into a two-party transaction, gaining access to unencrypted content, Yerardi says.

Flight departments, corporate IT departments and service providers must work together to develop and continue to update a cybersecurity plan, he says.

Security measures onboard the aircraft must be implemented to ensure security policies are being met. If a security measure is omitted for any reason, then it should be documented and leadership formally notified. 

A cybersecurity plan should include a well-rounded security framework that protects people and their information, companies and their intellectual properties along with aircraft, infrastructure and equipment. 

Cybersecurity measures should include documentation creation, strategic and mitigation planning, physical, virtual and remote internal networks, web content, email, physical office locations and aircraft. It protects servers, routers, switches, computers, phones and tablets.

Yerardi recommends: 

  • Frequently discussing the overall “threat landscape” facing the organization and revisiting the cybersecurity plan developed as the landscape changes.
  • Meeting and frequently updating corporate IT policies within the flight department. 
  • Having a redundant network infrastructure and onboard intrusion detection in place, keeping installed hardware up-to-date, and maintaining open lines of communication among departments.
  • Avoiding the use of Wifi in public places, such as airports, hotels and coffee shops. Instead, connect to a VPN or personal hotspot for protection. 
  • Using multi-factor authorization for access. (Fingerprint, iris and voice verification can be copied or broken, however.)
  • Ensuring anti-malware software is legitimate and safe in the U.S by verifying the location it was developed. 
  • Using multi-factor authentication for password protection and restricting the use of sequential and repetitive characters, context-specific passwords that avoid using the name of the site or commonly used passwords, such as p@ssword.
  • Using personal phrases or sentences with various character combinations, including upper and lower case letters, numbers and other characters.

“A password should be hard for other people to remember,” Yerardi says. “You want to make a hacker say, ‘this password is too hard,’” and move on.

Molly McMillin

Molly McMillin, a 25-year aviation journalist, is managing editor of business aviation for the Aviation Week Network and editor-in-chief of The Weekly of Business Aviation, an Aviation Week market intelligence report.