How many times in the past few years have you received notice that a major corporation was hacked and your personal information might be exposed? These incidents prove you don’t have to be a major pipeline or huge social media platform to be a target for cyber crime.
Now consider the large amounts of data that business aviation operators transfer on any given day through smartphones, tablets, and even the aircraft themselves. These devices regularly transmit engine performance data, navigation databases, flight planning and passenger information, safety data, and even sensitive corporate information.
Meanwhile, FBO personnel transmit large amounts of data on the ramp and throughout the facility too, often using cellular service due to the lack of reliable Wi-Fi or bandwidth. While a fuel receipt might not be a national secret, passenger data such as birthdates and passport numbers is sensitive information, and travel destinations can be used in corporate espionage.
The aviation industry faces outside threats from cyber criminals, terrorists, and nation states with nefarious intent, as well as insider threats. In fact, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint alert on Russian state-sponsored attacks targeting aviation networks and critical infrastructure organizations, as well as state, local, tribal, and territorial governments. And in February of 2022, Swissport, a Switzerland-based airport ground services and cargo handling company, announced it was the subject of a ransomware attack.
“Everyone sees this happening in their daily lives, but we need to bring the conversation to what is happening on our ramps,” said Melissa Thomas, CEO of Moxie Global Consulting. “Hacking, ransomware, and other cyber-attacks are on the rise. Business aviation is not immune to these threats, so we need to make investments now to secure the future. Are we innovating and investing to be sure we’re poised for the future of aviation when it comes to the technology of aircraft, ramp equipment, and the needs of our customers?”
While the Federal Aviation Administration (FAA) regulates aviation safety and the Department of Homeland Security (DHS) mandates security measures for some aircraft operators and businesses at larger airports, cyber security is not clearly regulated for the business aviation industry. DHS, FAA, and even the International Civil Aviation Organization (ICAO) all have cyber security initiatives, but most focus on aircraft systems and avionics and rather than ground transmissions.
How secure are the connections FBOs provide to clients on their ramps? How much do FBOs spend to stay connected and provide customer connectivity by piecing together Wi-Fi, hotspots, and other services? Are FBOs ready with safe, reliable, high-speed data transfer capabilities for the “smart” aircraft, fuel trucks, and other ramp equipment of today and what is to come?
The global COVID crisis created an opportunity for business aviation to shine, but it also forced a different, more symbiotic relationship between FBOs and operators according to Ryan Waguespack, NATA’s Executive Vice President. The success in the business aviation market right now creates a chance for FBOs to provide more secure data solutions.
“We have the opportunity to improve and innovate individual company infrastructure, cyber security, and data movement capabilities to prepare us all for the future of aviation,” said Waguespack. “As business aviation continues to thrive, we’ll have increased exposure to cyber threats, so we need to take this opportunity to mature.”
Properly developed and implemented company policies and procedures on how and when to transmit sensitive data can mitigate some security risks, but operational needs often require connectivity in less-than-ideal circumstances.
“Snail mail” is inefficient and very costly both literally and quantifiably as it extends the time it takes to coordinate and update aircraft. Aircraft are more and more data-dependent, which leads to operators sending USB sticks and data cards around the country—or even around the world—chasing aircraft.
In some cases, consistent, secure network access isn’t just a matter of convenience – it’s a safety issue. For example, some FBOs—even large, well-known companies in urban areas—do not offer sufficient Wi-Fi to upload flight operations quality assurance (FOQA) data. Imagine a future where FBOs provide reliable high-speed data transfer capabilities that reduce maintenance downtime, lower costs, and improve the safety of our industry.
“It’s a challenge to get people interested in this topic because everyone is busy, especially with today’s workforce challenges,” said Thomas.
“As an industry, we like to talk about safety, but we often forget this aspect of safety in a technology-driven world. Our industry needs to collaborate and innovate so that we are ready to serve today and tomorrow’s ‘smart’ aircraft and ramp equipment, as well as protect our businesses and our customers from cyber-crime,” Thomas added.
Security and safety aren’t the only issues—cost and convenience are, too. Customers expect a Wi-Fi network reliable enough to conduct business, yet too often we miss the mark on keeping up with our customers’ experience and meeting their expectations when it comes to technology. During the pandemic, it became clear that our industry lacks consistent capabilities to provide seamless connectivity for customers’ basic virtual needs such as video conferencing on the go. Thomas shared the example of a well-known FBO chain with a recently upgraded facility that did not have a strong enough Wi-Fi network for their employees or customers to join a Zoom call. Yet the alternative—hodgepodge cell networks—are not particularly secure and can be extremely expensive.
As FBOs consider upgrading their network capabilities, Joe Dalton of NATA Compliance Services encourages businesses to not only look at speed, but more importantly Wi-Fi security. “Ensuring proper Wi-Fi security and best practices should be top priority. The dangers of improperly secured Wi-Fi and associated networks will nullify any connectivity benefits,” said Dalton.
“We have a unique opportunity right now to improve individual company infrastructure, including how data is transmitted, in a manner that serves the entire business aviation ecosystem,” Waguespack concluded.
NATA is exploring connectivity solutions for its member companies. Contact Ryan Waguespack at firstname.lastname@example.org to be part of the conversation.