Business aviation has historically sold itself as being far more secure than the airlines because it eliminates the prying eyes of other passengers. While business travelers have always been vulnerable to cybersecurity threats, now the concern has moved from public WiFi to business aircraft where cybersecurity companies are detecting an increasing number of cyberattacks on board.
The problem is that travelers don’t understand that communications aboard business aircraft may not be secure, even if they are in the air. In addition, there is little recognition that this is an issue. Experts believe there is a disconnect between corporate IT departments which largely focus on securing corporate communications systems but don’t know flight departments are part of that same mandate. Indeed, most don’t even interact with flight departments.
In fact, flight departments are focused on ensuring the safety and efficiency of the aircraft and crew and may not understand that on-wing communications are a vulnerable security threat.
The industry leader in combating cyberattacks on board is SatCom Direct and it reports, even with security in place, 54% of travelers turn off security if it slows down the internet.
Quantifying the problem
“The seriousness of the attempted hacks has amplified,” said SatCom Direct, in a recent report that is a clarion call to private aviation travelers who thought the aircraft environment kept them safe. “There has been a 54% increase in critical and high-level threats from the same period last year. A critical threat represents activity that can affect default installations of widely deployed software resulting in the compromise of servers and devices, as well as leaving the door open for other hackers. Trojans, viruses and operating system vulnerabilities all fall into the critical category. A high level represents a threat from web browser exploitation or malware, which can be elevated to critical status. This type of threat can potentially cause serious long-term damage to corporate networks.”
A recent Business Travel News article reported that while business travelers say protecting their data is important, only 62% thought it was up to them to ensure their security. The study, done by Virtual Private Network provider InviciBull, showed widespread use of public WiFi, a proven threat vector, with 83% of respondents having used it and 40% using it daily.
In the broader economy beyond just business aviation, cybercrime losses are expected to double to $6 trillion dollars by 2021 from 2015, according to a Cybersecurity Ventures report, which added that spending on cyber defense is expected to top $1 trillion in the same periods.
“At the end of 2016, a business fell victim to a ransomware attack every 40 seconds,” said the company which predicts that will rise to every 14 seconds by 2019 — and every 11 seconds by 2021. “Last year, the FBI estimated that the total amount of ransom payments approached $1 billion annually.”
What business aviation is doing
The seriousness of the issue has prompted private aviation companies to take action to educate clients and operators on the risks and what can be done about them. For instance, the National Business Aircraft Association, which has been tracking cybersecurity, has a professional development program Cybersecurity Risk Management for Flight Departments.
It recently held a podcast on the subject.
Top six things that can help keep business aviation traveler communication secure
SatCom Direct Senior Director Josh Wheeler and NBAA Vice President Technology and Security Todd Wormington provided a look at what you should do.
Flight departments and corporate IT departments need to confer on the threats already detected and develop plans to increase security for on-wing communications. This is not just a matter of securing networks but in isolating each user on board so if they have a device that is infected with malware, it cannot infect aircraft communication systems or other devices travelers bring on board.
Engage third-party experts to advise on the threats and what can be done to mitigate risks. This could include a 24/7 threat monitoring system alerting corporations of threats. These companies can also assess aircraft and flight department networks identifying and plugging weak points. A periodic routine assessment should be part of any corporation’s cybersecurity checkup.
SatCom Direct offers a cyber threat assessment service as well as a threat detection alert which constantly monitors all inbound and outbound threats from some 600 tails subscribed to the 24/7 monitoring service.
Lean on your communications service provider to ensure they offer a firewall, intrusion alerts and threat monitoring.
Companies and their travelers need to be aware of high-risk destinations, such as China by subscribing to the State Department’s travel alerts. The FBI also has a brochure on how business travelers can keep safe and secure. Certain countries scrape data as aircraft fly through their airspace by tapping air-to-ground networks.
Update all devices as soon as updates become available because corporations do not want to allow someone to take advantage of a vulnerability that has a fix.
Do not turn off security protocols even if they slow down communications. Virtual Private Networks (VPNs) which many consumers already use especially over public WiFi, have some layer of encryption but should never be considered 100% fail-safe.
What PJS is doing
The team at Private Jet Services (PJS) is continually having conversations to educate our clients of the possibility of cybersecurity threats to ensure the best inflight experience. PJS always recommends checking with your company’s IT department to ensure your business devices are encrypted, updated and safe for public WiFi use. Additionally, the Operation Center at PJS communicates with aircraft operators to advocate for increased security to protect their aircraft, passengers and crew from cyber threats.