Both NBAA conferences held in May, discussed cyber security, and other topics such as personnel security, regulatory compliance and developing a business aviation security plan.
NBAA’s Security Conference raised the level of best practices for business aviation security through scenario-based problem solving and content brought by experienced operators and security experts. Peer-to-peer learning and problem-solving was a key component of this interactive conference.
As threats and threat actors evolve, continued enhancement of business aviation security is a critical component to national security.
Defending against cyber intrusions
Defending against cyber intrusions is a key security concern for business aviation. Much sensitive information is transferred through satellite communication systems on business aircraft, and to protect that data the on-board systems should be configured to allow only certain portable devices operated by the passengers and crew to access the network, according to Keith Turpin, chief information security officer with Universal Weather & Aviation.
Many larger flight departments have added information technology specialists to help harden their systems against cyber-attacks said Doug Young, Gogo’s vice president for software architecture. He also warned that users shouldn’t be lulled into a false sense of security when using a VPN.
“The safest day in cyber security was yesterday,” said Rob Hill, business development director, global data solutions at Satcom Direct, during a presentation at the NBAA Maintenance Conference. While the threat of a cyber-attack is always present, proactive measures can mitigate the risk of a security breach.
“The attacks on corporate data are much faster and stronger than even on our nationwide security,” said Hill. “They want the info that’s profitable, and that’s your passenger’s info.”
Flight departments are therefore in difficult position: cyber security isn’t their expertise, but they’re ultimately responsible for what happens aboard the aircraft. The responsibility lies with the aviation team to proactively find airborne cyber security solutions that are adequate with the company’s terrestrial standards.
In some countries’ airspace, airborne internet traffic is automatically routed to an in-country satellite earth station, allowing third parties to intercept the data.
“If you’re flying in airspace that’s hostile toward us, that info goes down to them,” Hill advised. “If you’re transferring outside of a VPN, they have all that data open to see.”
Is encryption software the solution?
The solution could be to always use encryption software, and to utilize predictive flight mapping technology that sends an automatic alert when entering questionable airspace, at which point operators can temporarily terminate their internet connection.
Private networks are the ultimate in protection: encrypted data traveling straight from the aircraft back to corporate headquarters without ever touching the public internet. Additionally, they eliminate the need for passengers to use a VPN – reducing the risk for human error and offering cost-benefit advantages with regard to reduced data cost.
Hill said that it takes the pressure off operators. “That gives your IT department control over all cyber security and everything that people on-board that aircraft are allowed to do.”