AVIATION

As business is now performed on a global stage, robust and secure aviation networks and services are paramount. However, airlines, communication services organizations, component manufacturers, and suppliers are not exempt from the risk of modern cyberattacks.

It’s crucial to recognize that emerging threats to aviation infrastructures and services can impact not only transport but also product supply chains and national security.

If a single, vulnerable component from an aviation component or software supplier, for instance, triggers a broader cybersecurity incident, this can degrade the trust between vendors, OEMs, operators, and passengers – or even put lives at risk.

As a research-fueled organization, we apply our findings in assessments for all of our aviation industry clients. IOActive has published original research on cybersecurity vulnerabilities impacting the aviation sector, including the discovery of vulnerabilities within in-flight entertainment systems and in the backend codebases and the core vehicle networks of Boeing 787 Dreamliners.

We have performed penetration testing on cabin management systems, including associated mobile applications, which manage aircraft capabilities such as temperature and lighting.

Furthermore, we have assisted our customers by performing cybersecurity assessments across technology that facilitates key functions throughout an aircraft.

Another area of aviation cybersecurity that IOActive has experience is airport security.

There are many cyber-physical security (CPS) challenges to be met at modern airports. Airport CPS systems tend to fall into three broad categories, each managed by means of network-connected digital controllers: OT Systems, IT Systems, and ground vehicles.

Persistent cybersecurity threats against the aviation sector pose a danger to world airport travel and safety, including unidentified malicious cyber actors who have specifically targeted the U.S. aviation sector over the past few years. Due to the increased threat, in March 2023, the Transportation Security Agency (TSA) took emergency action in response to the increased threats and vulnerabilities at airports and airlines and issued a Joint Emergency Amendment (EA) 23-01 Cybersecurity – Performance-Based Measures.

The new amendment requires cybersecurity assessments of critical airport systems, including baggage handling systems and airport refueling systems. As a leader in this space, IOActive has conducted extensive cybersecurity engagements at major airports, which include penetration testing, risk assessments, and reviews of security architecture.

Related Resources / Research:

• In Flight Hacking System (Blog)
• Navigating the Cybersecurity Threatscape of Today’s Airports (Blog)

IOActive’s cybersecurity expertise allows us to assist our customers with managing current and emerging threats, safeguarding supply chains, end users, customers, and society at large.

At IOActive, we take pride in supporting our transportation clients, assisting them to identify and manage the risks to their transportation networks and products worldwide.

Through our dedication to groundbreaking research, IOActive conducts research into vulnerabilities and risk factors that enhance global security standards and protocols. That is why the Global 1000 trusts us to help protect their assets, supply chains, and customers.