Cyber turbulence ahead as airlines strap in for a security crisis

Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position updates or maintenance alerts, it is vulnerable to interception by third parties.

In several recent cases, cyber incidents have grounded flights, exposed sensitive data, and led to significant financial losses. The main threat actors behind these attacks are nation-state APT groups, organized cybercriminals, and hacktivists.

Cybersecurity threats to the aviation industry

Industry-wide vulnerabilities: SecurityScorecard found that the aviation industry’s average cybersecurity score is a “B,” which shows there is room for improvement. Organizations with this rating are nearly three times more likely to experience data breaches compared to those rated “A.” Additionally, aviation-specific software and IT vendors scored even lower.

Geopolitical cyber threats: Heightened geopolitical tensions, especially in Eastern Europe, the Far East, and the Middle East, have fueled a rise in cyber activities. Incidents involving GPS jamming and spoofing have increased, directly threatening navigation accuracy during critical flight stages.

Critical system flaws: Researchers from Switzerland and Italy uncovered a serious vulnerability in the TCAS II collision (avoidance system used in commercial aviation). Using specialized equipment, they were able to generate false collision warnings in a controlled lab environment. These alerts could, in theory, cause pilots to take unnecessary evasive action. The published vulnerabilities were classified as moderate and severe by U.S. security agencies.

Ransomware on the rise: Thales reports ransomware attacks jumped 600% in just one year, with 27 major incidents from 22 ransomware groups reported between January 2024 and April 2025.

Real-world breaches: In June 2025, Hawaiian Airlines, WestJet, and Qantas reported cyberattacks, which authorities attribute to the Scattered Spider group’s social engineering tactics. In Qantas’ case, breach exposed up to 6 million customer records.

Regulators take notice

In response to a surge in cyber threats, aviation regulators across the globe are tightening their cybersecurity frameworks.

United States

In 2023, the U.S. Transportation Security Administration (TSA) introduced cybersecurity regulations for airport and aircraft operators, including requirements for network segmentation.

In 2024, the U.S. Federal Aviation Administration (FAA) issued a Notice of Proposed Rulemaking (NPRM) outlining required cybersecurity measures for aircraft, engines, and propellers. Its goal is to standardize the FAA’s approach to cybersecurity, reducing certification time and costs while maintaining the safety levels currently ensured through special conditions.

European Union

The Easy Access Rules (EAR) for Information Security (Part IS), issued by the European Union Aviation Safety Agency (EASA), define the requirements for handling information security risks that may impact aviation safety. Earlier rules applied only to equipment makers, but these cover many organizations including airlines, maintenance providers, airports, and air traffic control services. Different types of organizations must comply by late 2025 or early 2026. These rules align with U.S. standards and will be updated regularly to address new threats and changes in technology.

Global standards

It’s not just national regulators paying attention. The International Civil Aviation Organization (ICAO) has released a Cybersecurity Action Plan with steps to improve how the aviation industry handles digital threats. The plan focuses on better governance, faster response to incidents, and building security into aviation systems from the start. It’s a move toward getting countries on the same page when it comes to protecting the industry from cyber risks.

Although these initiatives are welcomed, challenges remain. Harmonizing regulations worldwide, managing the costs and technical complexities of implementation, integrating cybersecurity within existing safety frameworks, and addressing persistent security risks continue to test the industry’s resilience.

“Standard-setting organizations are important as we try to align on cybersecurity as an industry. We do still face some challenges as we deal with fragmentation across the regulations and standards with overlap or gaps, and uniformity when it comes to cyber incident reporting,” said Carrie Mills, VP and CISO, Southwest Airlines.

What can aviation companies do to increase cybersecurity

The aviation industry is responding to growing cyber threats with significant investments in cybersecurity.

According to Bridewell, civil aviation organizations allocate an average of 54% of their IT budgets to cybersecurity, which is higher than the 45% average across all U.S. critical infrastructure sectors. Similarly, they dedicate 52% of their OT budgets to security, surpassing the 42% average in other critical infrastructure industries.

Although organizations have acknowledged the need to boost spending, progress remains to be made and new measures adopted.

Legacy OT systems, which often lack security features such as automated patching and built-in encryption, should be addressed as a top priority. Although upgrading these systems can be costly, it is essential to prevent further disruptions and vulnerabilities.

Mapping the aviation supply chain helps identify all key partners, which is important for conducting security audits and enforcing contractual cybersecurity requirements. This should be reinforced with multi-layered perimeter defenses, including encryption, firewalls, and intrusion detection systems, alongside zero-trust network segmentation to minimize the risk of attackers moving laterally within networks.

Companies should implement real-time threat monitoring and response by deploying intrusion detection systems, centralizing analysis with SIEM, and maintaining a regularly tested incident response plan to identify, contain, and mitigate cyberattacks.

One of the most important steps is to train all staff, including pilots and ground crews, to recognize scams. Since recent security breaches have mostly relied on social engineering tactics, this type of training is essential. A single phone call or a convincing email can be enough to trigger a data breach. AI is making it easier for cybercriminals to pull off convincing scams, while it’s becoming harder for the average person to recognize them without proper training.

As Buzz Hillestad, CISO at Prismatic, noted, “In essence, AI turns advanced attack strategies into point-and-click operations, removing the need for deep technical knowledge. Attackers won’t need to write custom code or conduct in-depth research to exploit vulnerabilities. Instead, AI systems will analyze target environments, find weaknesses, and even adapt attack patterns in real time without requiring much input from the user.”