If you’ve ever taken a nice plane ride, you’ll know that modern aircraft are marvels of technology and convenience (in stark contrast to the preflight experience of shuffling through the airport like cattle with a neck pillow, waiting endlessly to board the fancy flying tube).

While the latest modes of airborne travel are equipped with sophisticated systems that streamline operations, enhance efficiency and improve passenger experience, their increased dependence on digital systems increases vulnerability to cyberattacks.

In recent years, incidents of cyberattacks targeting the aviation industry have underscored the urgency of improving aircraft cybersecurity measures.

From flight disruptions due to malware infections to potential hijacking scenarios orchestrated by malicious actors — such as took place earlier in February, when hackers attempted to take over two El Al planes flying over Somalia — the ramifications of such attacks are far-reaching and potentially catastrophic.

Cyviation, an Israeli cybersecurity company focusing on aircraft protection, has been at the forefront of this battle since its inception in October 2021. 

Initially conceived as a nonprofit venture with Israel Aerospace Industries as a shareholder, Cyviation swiftly transitioned into a private entity with a mission to enhance flight safety through cyber defense.

Cyber-by-design

Cyviation CEO Avi Tenenbaum highlights the prevalence of outdated systems still in use onboard commercial aircraft designed decades before the advent of cyber threats.

“We need to change the whole concept and make it cyber-by-design, because you cannot do patches and patches and patches on equipment that is very old,” he says. 

“Some commercial aircraft in flight today are using Windows 7 or even [1993’s] Windows NT, all kinds of things that have zero cybersecurity.”

Tenenbaum details the various attack vectors Cyviation has identified. One primary risk is passengers’ data held by the aircraft’s in-flight entertainment systems, which can include credit card information or other sensitive material.

“The average attacker will go for ransomware. The data is really not secured on the aircraft and therefore there is a good incentive for attackers to get access to it,” he says, noting that while it’s not trivial to gain access to this information, in many cases it’s a very lucrative endeavor for hackers.

Cockpit risks

“Then you have the cockpit,” Tenenbaum continues, elaborating on cyberattacks that pose a threat to pilots, such as GPS spoofing — deceiving GPS receivers by broadcasting false signals that mimic authentic ones from satellites.

“Everything [in the cockpit] is now focused around data. The intervention of the actual pilot is only in case there is a need — they say that the pilot is there in order to make sure that everything is running, but he’s not allowed to touch anything,” Tenenbaum says.

It’s not easy, especially due to the low-tech infrastructure that many current aircraft operate on, but in the event that a hacker manages to get into the pilot’s controls, it’s very bad news for those onboard.

“If you enter the cockpit from a cyber perspective, you take control of the flight. You can drop the flight from the sky. You can divert the course. You can do many bad things.”

SkyRay

To tackle the multitude of prevalent vulnerabilities head-on, Cyviation employs a multifaceted approach. 

Its latest offering, SkyRay, conducts vulnerability assessments using digital twins of aircraft models, circumventing the need for physical penetration tests that could jeopardize airworthiness.

The company is also pioneering the idea of integrating cyber breach events into flight simulators to enhance pilots’ preparedness; and it has developed an onboard system, SkyBeep, that alerts staff of a cyberattack in real time, potentially saving the data, money or even lives of those on board.

“We are building up a set of tools that automate the ability to manage aircraft cyber risk and build up their cyber resilience capabilities,” Tenebaum says.

Looking at every scenario

To fuel its endeavors, Cyviation recently secured $4 million in funding as part of a larger round, and plans to launch a Series A round to boost research and development, business development and marketing. The 10-person company is based in Herzliya.

The imperative for advanced aircraft cyber defense is further underscored by projections of exponential growth in the aviation cybersecurity market: Technavio forecasts a substantial increase in market value between 2022 and 2027.

Moreover, as aviation regulators worldwide ramp up efforts to enforce stricter cybersecurity standards, the need for proactive defense strategies becomes even more pressing.

“In my view, not every aircraft will be prone to a terror attack. But all aircraft will be prone to financially motivated cyber attackers,” says Tennenbaum. “That’s why we’re looking at every kind of scenario, approach and network.”

The cat-and-mouse competition between hacker and cybersecurity expert will only continue to get more elaborate as new technologies emerge, but with companies such a Cyviation offering comprehensive defenses, passengers can fly more comfortably — at least until the guy in the window seat needs them to move so he can get to the bathroom again.

For more information, click here.