Source: nbaa.org, Editor, First Published July 27th, 2025
Although recent headlines about aviation cyber-attacks have focused largely on airline incidents, the lessons for threat awareness and prevention apply to business aircraft operations.
“Cyberattacks on major commercial airlines and aviation vendors have exposed systemic vulnerabilities that extend beyond the airline sector and directly into the realm of business aviation,” said Hany Bakr, senior vice president of aviation and maritime security at MedAire.
“Business aircraft operators, while less visible in the public eye, are increasingly becoming attractive targets due to their association with often-noteworthy passengers, sensitive operational data, perceived environmental impact of the flight and the perception of having less mature cybersecurity frameworks.”
Bakr said operators registered in countries that are party to conflicts, or those seen as politically aligned, are particularly vulnerable to state-sponsored cyber intrusions and “hacktivist” attacks.
While business aircraft operators may be less frequently targeted by hackers, exposure of sensitive passenger data and interruption of navigation, communications or surveillance are significant risks.
Bakr urges operators to remain vigilant about potential global navigation satellite system interference, including jamming and spoofing, especially when operating near active conflict zones.
“There has been a noticeable uptick in incidents involving GPS spoofing that misdirects aircraft, jamming that disables navigation systems and misidentification risks in contested airspace due to deviated flight paths,” Bakr explained.
Bakr’s cyber-attack mitigation checklist includes several common-sense recommendations:
- Establish and routinely test a cybersecurity incident response plan
- Encrypt and tightly control access to passenger and operational data
- Remain aware of geopolitical situations in areas that may impact cyber security
- Train crews on GPS spoofing/jamming responses
- Stay up to date on international cyber regulations and reporting requirements
“Foster a culture of cyber awareness,” Bakr said. “Train crew, maintenance teams, dispatchers and IT support on cybersecurity best practices, phishing recognition and data handling protocols. Raising awareness amongst crew and ground staff is essential for robust cyber-defense.”
