You are alone in your private jet, cruising at 45,000 feet, laptop open. Unless Superman is standing on the wing, peering in through a window, there’s no one looking over your shoulder at sensitive company or personal information. Or is there? Although internet connections on aircraft lagged behind even refrigerators and doorbells for a while, they’re pretty much a given now. The secure flow of information, however, is not.
“If you can see the internet, then the internet—and its hackers—are most definitely able to see you. Altitude does not make you safe,” says Josh Wheeler, senior director of cybersecurity at aviation-connectivity specialist Satcom Direct.
The US-based company saw a recent spike in cybersecurity attacks on business aviation. Of nearly 600 planes signed up to Satcom’s threat-monitoring service, more than four-fifths experienced a cyberattack that the firm’s software and human experts had to fight off. Connectivity firms like Satcom, Gogo and Honeywell all offer security measures to protect their jet clients. Satcom reported a 54 percent jump in critical and high-level threats in the first five months of 2019 compared with the same period in 2018. When business jets are used routinely as offices, online risk multiplies.
“Inflight threats are real,” says a spokesperson for Gogo’s business-aviation operation. The company constantly monitors its broadband network to detect and deflect any potential attacks. Honeywell also agrees on the scale of the threat. “Cybersecurity is critical in the age of the connected aircraft,” it says. Like Gogo, Honeywell has a monitoring center that gives operators a chance to “stay a step ahead of the threat and take preventative action rather than waiting to respond after a cyberattack occurs.”
The hackers, of course, know this and grow ever more sophisticated. Satcom says it’s seeing increased attacks from criminals looking to steal money or valuable information such as passwords, and jet owners or high-flying executives are obviously prime targets. Hackers can break into onboard Wi-Fi via the satellite link used to connect to the internet. The US Government Accountability Office and aviation regulators around the world have warned of the risk posed by connected technology and relatively insecure devices such as iPads, which are used more and more by technicians and pilots as well as passengers.
Wheeler cautions that “command and control” attacks and ransomware are the biggest problems right now. “It’s not uncommon for a device with C&C malware to be unwittingly brought on board by a passenger,” he says. “If this software is activated, it can do everything from copying files to replicating itself and spreading across a network.”
Safety-critical systems on aircraft have not proved vulnerable so far. But some commercial flights have reportedly been grounded by problems with satellite navigation signals or the automatic two-way communication kit that all aircraft now have to carry. If cyber pirates could break into flight-control systems on business jets, the risk of ransom demands—with only minutes to formulate a response—could reach stratospheric levels. The bottom line is that there are precautions and services out there—Satcom’s will run you about $795 a month, depending on specific needs—that won’t leave your data’s security up in the air.