Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems

Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems

The Department of Homeland Security is refocusing its efforts on cyber threats to aircraft, and the Air Force is sponsoring “hacking villages” to discover hacking vulnerabilities.

As the federal government becomes more aware of potential cyberattacks on airplanes, officials are taking new steps to identify and fight vulnerabilities in planes that make them vulnerable to hackers. 

The Department of Homeland Security is leading the effort with the help of the Pentagon and the Department of Transportation, The Wall Street Journal reported this week. While the government is revealing little details about its revived program, it aims to improve “cyber resilience” in aviation, according to a DHS official. 

Security officials continue to believe that aircraft are a key target for terrorists and worry that cyberattacks could be a new and dangerous method for malicious actors to carry out attacks. In July, DHS issued a cybersecurity warning for owners of small planes alerting them to the risk of hacking if someone gains unauthorized physical access to the aircraft. 

In addition, the Air Force is also planning to take further steps to evaluate the security of commercial aviation systems, according to the Journal. Many of those systems are used by the military and pose risks to national security if they are not properly secured. 

“If we don’t probe first, our adversaries will,” Will Roper, the service’s assistant secretary for acquisition, technology, and logistics, told the Journal. “We’ve been a little complacent in not trying to attack all of the parts of the airplane.”

Beyond the aircraft itself, airlines have been targeted for cyberattacks in recent years. After about 500,000 travelers were affected by a data breach in 2018, British Airways now faces a $230 million fine for not properly protecting customer data. 

Jeffrey Troy, the president of the nonprofit Aviation Information Sharing and Analysis Center, said that there are many other risks in aviation that do not just involve the aircraft. 

“It’s very important to be looking at the whole ecosystem and identifying key points where a digital system, if it were to malfunction, could cause a bad day for a lot of people,” Troy said. 

In turn, the Air Force hosted its first-ever “hacking village” in August, inviting security researchers at Defcon to find cyber vulnerabilities in aviation systems. 

Renewed efforts follow a partnership between Boeing and DHS that stalled after the two parties disagreed over early findings in cybersecurity tests of a used Boeing 757 airliner. Boeing told the Journal that it supports the new initiative led by DHS and may participate in the hacking village at Defcon in 2020. 

“We need to bridge the gap between the hacking community and the industry,” an official said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

  • TSA Begins REAL ID Full Enforcement Today

    Today, the Transportation Security Administration (TSA) announced the imminent implementation of its REAL ID enforcement measures at TSA checkpoints nationwide. Read Now

  • Body-Worn Cameras on the Rise

    On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now

  • Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

    Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.