Cybersecurity in the Aviation Sector Is Taking Off: Here’s Why

Phil Muncaster explores the challenges facing aviation CISOs, and why the sector is more cyber resilient than many may think

After a near-existential crisis brought about by the pandemic, the aviation sector is finally looking up. Passenger numbers are expected to exceed pre-COVID levels, with 9.5 billion travelling in 2024. Yet as high-profile IT-related outages like the CrowdStrike incident and more recent chaos at Stansted have shown, digital disruption can have a rapid and devastating impact on physical operations.

The good news is that airlines and airport operators appear to understand the critical importance of investing in cybersecurity. The key to avoiding any undue turbulence going forward will be to ensure that funds are diverted to the right areas.

A sprawling sector

When we talk about aviation, what businesses do we mean? The sector hosts a large and diverse supply chain. The first Easy Access Rules (EAR) for Information Security (Part IS) from the European Union Aviation Safety Agency (EASA) references maintenance organisations, airworthiness management providers, air operators, aircrew aero-medical centres, air-traffic controller training organisations, and flight simulation device operators – among other providers.

“Aviation doesn’t just have a plan – it has a playbook that’s informed by every incident and near miss from previous decades” Andrew Rose

However, while these are all vital constituents in their own right, it is airlines and airports that arguably set the agenda for the industry. Fortunately, they appear to be doubling down on cybersecurity. A 2024 survey of senior IT executives in the sector by aviation IT service provider SITA finds that cyber is a top investment priority for 36% of airline and 40% of airport respondents – the top answers for both. Some 30% of airline respondents say cyber threats and regulations are their biggest IT challenge (the second-top answer) while the rapidly evolving threat landscape (54%) comes top for their airport peers.

Flying blind

Robert Derby is a senior security product manager at Netscout, which counts aviation sector businesses among its customers. A single breach can have a “domino effect”, he warns.

“Attackers might steal data, hold systems for ransom, or intentionally disrupt services – sometimes all in the same incident. Ransomware and distributed denial-of-service (DDoS) attacks can shut down reservation systems, delay flights, or cripple airport operations, impacting passenger safety, revenue, and reputation,” Derby tells Assured Intelligence.

“Additionally, attacks on the supply chain can be disastrous since airlines depend on numerous third parties for operations and logistics. This means that a breach in one vendor can compromise broader systems.”

“One of the main issues facing airline CISOs is that their teams tend to work in siloed and fragmented systems.” Robert Derby

It’s also true that, as the sector tries to recover pandemic-era losses, it could be exposing itself to attack, according to Cyber Chain Alliance CISO and managing director, Marc Avery.

“The aviation sector is still recovering losses and seeking profit from a wide variety of revenue sources including retail, food & beverage, passenger experience, and car parking,” says Avery, who was formerly a CISO at a major UK airport. “These revenues are lifelines for the businesses and any cyber impact is therefore also critical.”

Avery tells Assured Intelligence that identity threats are particularly concerning, as user log-ins make it easier for adversaries to bypass even enhanced defences.

“With the explosion of third-party SaaS services demanded by businesses looking to automate and evolve, the number of identities has increased and hence the likelihood of exploitation of cloud services has increased significantly,” he says.

Netscout’s Derby also singles out unpatched legacy systems and use of Internet of Things (IoT) technologies in airports and on aircraft as creating potential visibility gaps and weak points hackers could exploit.

“With operations spread across cloud, on-premises, and hybrid infrastructures, many aviation organisations struggle to get a complete view of their network,” he adds. “This lack of visibility makes it harder to spot lateral movement or detect insider threats before real damage is done. These points of weakness can lead to complete shutdowns of airline systems, causing unpredictable disruptions and delays for passengers.”

SoSafe CSO, Andrew Rose, is a former CISO at the UK’s National Air Traffic Services. He says that the classic “CIA” triad is still relevant in aviation, but data integrity rather than confidentiality is paramount.

“Pilots and engineers rely on accurate data to make critical decisions. It’s better to have no data than to have the wrong data, because at least you know there’s a problem you can manage,” he tells Assured Intelligence. “Availability comes next – but even that is planned for in failure modes. Contingency planning is baked into aviation. Losing data, systems, or even communications isn’t unthinkable – it’s expected. The sector drills for it.”

Compared to this, losing data is unfortunate, but certainly not as critical as cyber risk impacting the safety of crew, passengers and people on the ground, Rose continues. “This is a principle that every person in the industry lives by. It’s the line aviation never crosses.”

What aviation CISOs can do

According to SITA, the top priorities for cyber investment among airlines are security operations centres (SOCs), AI for threat detection, and zero trust. For airports, SOCs and zero trust also come top. According to SoSafe’s Rose, the good news is that the sector already has a security-first culture.

“In a digital world, cybersecurity underpins safety – and aviation has understood that longer than most. The human element is crucial here. Pilots, engineers, and ground staff are all trained to prioritise safety, and this mindset naturally extends to cybersecurity,” he says. “Where other industries often treat cyber risk as a compliance hurdle or a financial risk, aviation views it through the lens of safety-critical operations. That shift in perspective makes all the difference.”

However, there are persistent challenges, according to Netscout’s Derby.

“The key to avoiding any turbulence will be to ensure that funds are diverted to the right areas.”

“One of the main issues facing airline CISOs is that their teams tend to work in siloed and fragmented systems. Aviation companies often have different systems running in different places, with little communication between them. This makes it difficult to get the full picture or act quickly in a crisis,” he argues. “Security teams are constantly bombarded with alerts, many of them low-priority or false positives. The overwhelming amount of noise makes it easy to miss the real threats that matter. To avoid this, CISOs should focus on alert prioritisation so that security teams can deal with the most pressing threats before they turn into tangible crises.”

Cyber Chain Alliance’s Avery adds that the emerging technology that aviation businesses need to adopt in order to grow also presents a risk.

“Security leaders must strive to continuously communicate the cybersecurity-related cost of doing business in a complex environment of interconnected organisations, systems, people and data,” he says. “Our ability to educate and communicate cyber risk has long been and will continue to be one of our biggest challenges.”

Alongside best practice protective measures, security leaders in the industry must pay more attention to detection and response, testing for blind spots, and incident management. When it comes to the latter, CISOs must ensure that “a variety of different stakeholders have understood and rehearsed their roles within a real incident, and IT systems and critical data are capable of being recovered as quickly as possible,” Avery explains.

Resilience isn’t a buzzword

As cybercriminals cast their net wider and geopolitical tensions fuel new and unpredictable threats, aviation CISOs can’t afford to let their guard down. “Mitigation comes through depth and breadth”, says SoSafe’s Rose, citing global threat intelligence sharing, robust and segregated architectures, and system redundancy as key.

However, the industry does appear to be more robust than most when it comes to tackling cyber risk. “For me, airports are one of the most secure and re-assuring places to work because passenger safety is paramount – nothing else matters,” says Cyber Chain Alliance’s Avery.

SoSafe’s Rose tends to agree, arguing that “resilience isn’t a buzzword – it’s engineered into the system”. This stands in contrast to many sectors still coming to terms with the strategic need to tackle advanced cyber threats.

“Aviation doesn’t just have a plan – it has a playbook that’s informed by every incident and near miss from previous decades,” Rose concludes.

“It has been run through hundreds of times before it’s even required, and it runs those rehearsals like lives depend on it, because they do. Every person in the sector, from the CISO to the ground crew, understands the critical importance of these drills.”