Together Against Threats: Advancing Aviation Cybersecurity Through Collective Action

Overview

Cyberattacks in the aviation industry have increased in both frequency and sophistication. Occurrences of ransomware inside the aviation supply chain are up 600% in just one year—an indicator of escalating cybersecurity risks the industry is facing. Recent reports indicate that cyber threats against airlines, airports, and aerospace manufacturers have risen significantly due to various factors, including geopolitical tensions, increased digitalization, and expanding attack surfaces.

71% of attacks in the aviation sector focus on stealing login details and unauthorized IT infrastructure access.
DDoS attacks account for 25% of incidents, often targeting online services at major airports.
Ransomware attacks have increased, affecting airlines, pilot unions, and aircraft manufacturers. Notable breaches include the Rhysida ransomware attack on Seattle-Tacoma Airport in 2024 and the Boeing data breach in 2023.
Safety-critical systems remain a top concern, as cyber threats targeting avionics, flight management systems, and communications could pose serious risks.
With the rise of artificial intelligence (AI) and other advanced technologies, cyber threats are evolving rapidly, making them harder to detect and prevent. As we look ahead to 2025, the sophistication and frequency of these attacks are expected to rise, posing an ever-growing threat to critical infrastructure and national security.

The Growing Cyber Threat to Aviation – Recent Cyber Incidents

Over the past few years, the aviation sector has fallen victim to numerous large scale cyber-attacks, Cybercriminals are exploiting vulnerabilities in booking systems, baggage handling, user data and more. Here are some recent cyber incidents in the aviation sector:

1. Sea-Tac Airport Ransomware Attack (September 2024)

The Rhysida ransomware group disrupted critical systems at Seattle-Tacoma International Airport (SEA), demanding a $6 million ransom in Bitcoin.
The attack affected communications and operational systems, leaving terminal message boards offline for over a week.
This incident exposed significant vulnerabilities across the aviation sector and intensified the FAA’s focus on cybersecurity

2. LAX DDoS Attack (February 2024)

The Dark Strom Team launched a distributed denial-of-service (DDoS) attack against Los Angeles International Airport (LAX), temporarily crippling online services and flight information systems.
While the attack disrupted public access to information, core operational and safety-critical systems remained unaffected

3. Nationwide Airport Website Attacks (Late 2023)

A coordinated DDoS campaign targeted major U.S. airports, including:
- Denver International Airport (DEN)
- Chicago O’Hare International Airport (ORD)
- Des Moines International Airport (DSM)
- Los Angeles International Airport (LAX)
The attacks did not compromise flight safety systems but raised concerns about resilience against future cyber threats

4. American Airlines Pilot Union Ransomware Attack (2023-2024)

A ransomware attack targeted the Allied Pilots Association (APA), the union representing American Airlines pilots.
Sensitive pilot and operational data were compromised, highlighting how cyber threats extend beyond airlines and airports to industry-affiliated organizations

5. Aercap Ransomware Breach (January 2024)

Aercap, a major aircraft leasing company, suffered a ransomware attack, resulting in the theft of 1TB of sensitive data.
The breach spotlighted the growing risk to data privacy and supply chain security in aviation

6. Boeing Data Breach | $200m Ransomware Extortion Attempt (November 2023)

Hackers breached Boeing’s network, stealing confidential data and raising concerns about potential national security implications.
Boeing confirmed the intrusion, stating that no aircraft systems were compromised, but the breach heightened scrutiny of cybersecurity across the aviation supply chain

Together Against Cyber Threats: Defending Aviation Through Collective Action

Safeguarding airports, airlines, and critical infrastructure requires a collaborative effort between industry, government, and academia. No single entity can tackle this challenge alone.

A collective defense approach—where experts from different sectors share intelligence, develop innovative solutions, and implement strong cybersecurity measures—is essential for protecting our airport operations. Collective approaches include:

1. Investing in Cybersecurity Innovation & R&D

Academia plays a crucial role in advancing aviation cybersecurity by conducting research on AI-driven threat detection, quantum encryption, and resilient OT systems. Universities and research institutions can:

Partner with government agencies and industry leaders to develop next-gen cybersecurity solutions.
Train future cybersecurity professionals through hands-on programs and cyber ranges tailored to aviation security like TAC’s Adega Airport Cyber Range

2. Securing Operational Technology (OT) & Critical Systems

Aviation cybersecurity must go beyond traditional IT security and focus on OT systems that control:

Baggage handling
Air traffic management
Aircraft avionics and navigation
Fuel supply and logistics

To effectively defend these essential systems, cybersecurity professionals must undergo hands-on, real-world training that simulates real threats and operational challenges.

3. Strengthening Public-Private Partnerships

Governments and regulatory bodies like the FAA, TSA, CISA, and NIST must work closely with airlines, airport operators, and cybersecurity firms to establish standardized cybersecurity protocols. This includes:

Information Sharing – Secure platforms for sharing real-time cyber threat intelligence to detect and mitigate attacks before they cause major disruptions.
Policy Development – Strengthening cybersecurity mandates for the aviation sector and enforcing compliance with frameworks like NIST CSF and ISA/IEC 62443.
Incident Response Coordination – Joint cyber exercises to test and improve industry-wide response strategies like TAC’s Defend The Airport Cyber Exercise coming 2026

In keeping with the theme of Defending Aviation Through Collective Action, The Technology Advancement Center (TAC) is proud to announce the Defend The Airport Conference, coming in June 2025. This premier event will bring together government leaders and industry experts—from major corporations to innovative small businesses to further establish partnerships in Cyber Security to address aviation needs.

Establish Partnerships in Aviation and Cyber Security – Join us Summer 2025 for the Defend The Airport Conference

Conversations like those at Defend The Airport Cybersecurity Conference bring together cybersecurity leaders, aviation experts, and policymakers to tackle these challenges together. By fostering collaboration between industry, government, and academia, we can build a more resilient aviation sector and protect the critical infrastructure that keeps the world moving. At DTA we will

Discuss the latest threats targeting the aviation sector.
Analyze real-world cyber incidents through simulated exercises to enhance industry preparedness.
Strengthen collaboration between public and private stakeholders to build more resilient airport cybersecurity frameworks.

Join the Conversation

Cybersecurity in aviation is not just an industry issue—it is a global security concern. As technology advances, so must our defenses against cyber threats that could disrupt travel, compromise safety, and endanger lives. Together, we can rise to meet these challenges and ensure the safety and security of millions of travelers worldwide.

Click for more information and to register for Defend The Airport