{"id":228599,"date":"2026-06-09T08:24:00","date_gmt":"2026-06-09T12:24:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/expert-ids-business-aviation-cybercrime-vulnerabilities-nbaa\/"},"modified":"2026-06-09T09:25:52","modified_gmt":"2026-06-09T13:25:52","slug":"expert-ids-business-aviation-cybercrime-vulnerabilities-nbaa","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/expert-ids-business-aviation-cybercrime-vulnerabilities-nbaa\/","title":{"rendered":"Expert IDs Business Aviation Cybercrime Vulnerabilities | NBAA"},"content":{"rendered":"

Expert IDs Business Aviation Cybercrime Vulnerabilities | NBAA<\/a><\/p>\n

https:\/\/nbaa.org\/news\/business-aviation-insider\/2026-05\/expert-ids-business-aviation-cybercrime-vulnerabilities\/<\/a><\/p>\n

Publish Date: 2026-06-09 08:24:00<\/a><\/p>\n

Source Domain: nbaa.org<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

June 9, 2026
\nAs cyber threats to aviation quickly evolve amid the rapid expansion of artificial intelligence (AI), Cyviation CEO Eliran Almog is helping to confront the challenge.
\nBeginning his career as a Black Hawk pilot in the Israeli Air Force, Almog is accustomed to risk \u2014 physical or cyber \u2014 but he is concerned that the business aviation industry is only beginning to expand its awareness to the cyber threats posed to aircraft.
\n He credits regulators with significantly driving a heightened industry awareness about this critical issue. The European Union Aviation Safety Agency (EASA) has released the first edition of its cybersecurity guidance, as well as bringing Part IS (Information Security) into effect in February 2026. The FAA has issued advisories including the Airport Cybersecurity Framework Profile to provide airports with a National Institute of Standards and Technology-compliant voluntary tool to assess their cybersecurity posture. It also developed a proposed advisory to provide guidance on showing compliance with proposed airworthiness standards for Aircraft Systems Information Security Protection (ASISP).
\n\u201cWe are talking with other bodies, other states, that are saying out loud that they are hiring people for cybersecurity, which again shows an understanding that there is an issue,\u201d said Almog. \u201cHowever, there is still a big gap with whatever relates to the aircraft, even within Part IS.\u201d<\/p>\n

\u201cIf you think about business jets, … They basically become a much better target and an easier target for ransomware.<\/p>\n

\u201d<\/p>\n

ELIRAN ALMOG CEO, Cyviation <\/p>\n

Potential Risks to Bizav<\/p>\n

The risk posed to business aviation is no less pertinent than that faced by commercial airlines, he said. \u201cIf you think about business jets and who the passengers are, they fly business jets because of their privacy. They basically become a much better target and an easier target for ransomware.\u201d
\nAlmog provides an example of an \u201ceasy\u201d backdoor into a cabin management system, his team discovered while researching vulnerabilities for a client.
\n\u201cThink about a passenger in a cabin,\u201d he explained. \u201cSuddenly the lights go off and the screen has a ransomware message with a threat about controlling the aircraft or crashing the aircraft. What do you do then?
\n\u201cThese vulnerabilities are there, and the industry needs to step forward to identify them because this wasn\u2019t identified until we did our research on that specific cabin management system software. And once identified, act on it.\u201d<\/p>\n

Sharing the Burden<\/p>\n

Acting on identified cybersecurity threats is crucial to any mitigation strategy, but whose responsibility is it to do so? Almog said this is the main challenge Cyviation faces as a cybersecurity provider. He points to the \u201cnotion of shared risk\u201d in aviation due to complexity of the supply chain.
\n\u201cEven the OEMs, they\u2019re integrators of many other systems. Even with that integration, they have control up to delivery. They don\u2019t have control over what happens after delivery, because after delivery, each provider can decide whether they install connectivity from this provider or that provider,\u201d he noted.
\nBut no one is looking at the interconnection between all the separate pieces and how that impacts risk, said Almog.
\nEASA\u2019s Part IS defines it very clearly: the responsibility is on the operator. \u201cNow no one can say, \u2018Hey, if I find this backdoor in a cabin management system, I can\u2019t do anything about it.\u2019 They can reduce the risk by having a process for authentication or knowing who gets access to the Wi-Fi,\u201d he said. Part IS requires operators to report the vulnerability to the OEM to comply with the risk assessment and risk management requirements. <\/p>\n

\u2018Maintenance Is a Big Issue\u2019<\/p>\n

There are also other vulnerabilities that can be reduced or eliminated through routines and processes. For example, instrument landing systems can be spoofed. \u201cHowever, with the right awareness, pilots can do cross checking, and be more alert, more in control, and definitely avoid that,\u201d said Almog. But to do this effectively means recognizing cybersecurity threats to be more than a simple phishing email, he said.
\nThe two main threat vectors Cyviation has identified are maintenance processes which account for more than 60% of vulnerabilities, according to in-house research, and distraction and spoofing\/jamming, which accounts for about 20%.
\n\u201cMaintenance is a big issue. Why? The gap is in the design of these aircraft. Maintenance laptops, tablets that are used to load data and update software and avionics \u2013 these are very old. They don\u2019t necessarily have the securities we have,\u201d he explained.
\nThe fundamental basis for any cybersecurity assessment and solution is to first understand your risk, he said. \u201cSo, what is that accepted risk level that your organization is willing to accept on your aircraft from a cybersecurity perspective? There is no tool today to do that. That\u2019s why we focus our technology on first understanding. We are building digital twins of each tail number by data only,\u201d said Almog.
\nCyviation is collaborating with Boeing\u2019s Aviation Business Solutions to support aircraft cyber risk assessments and compliance through its SkyRay platform.
\n\u201cPart of the SkyRay platform is the digital twin,\u201d said Almog. \u201cThat helps undertake the risk assessment and management. We have another pillar of that platform which is threat intelligence dedicated to devices on aircraft, to GNSS and GPS and to general vulnerabilities we believe are related to the industry.\u201d<\/p>\n

Finding Weak Spots<\/p>\n

Conducting research in the lab, Cyviation discovered a vulnerability. \u201cSo we thought: \u2018Where in aviation is this being used?\u2019 We went to pilot headsets. We identified which models of pilot headset use that protocol with a known vulnerability,\u201d said Almog. \u201cThat alerts the industry to a threat of voice spoofing of the pilot, for example.\u201d
\nProperly tackling cybersecurity threats requires industry collaboration, he said. \u201cWe cannot wait for a catastrophe to happen before we act. \u2026 Resources are needed, but the small to medium aviation market doesn\u2019t necessarily have the profitability to invest in these resources. I\u2019m worried about the small operators that don\u2019t have the systems and processes in place,\u201d warned Almog. \u201cThat\u2019s most of our flights today. We need an industry approach.\u201d<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Expert IDs Business Aviation Cybercrime Vulnerabilities | NBAA https:\/\/nbaa.org\/news\/business-aviation-insider\/2026-05\/expert-ids-business-aviation-cybercrime-vulnerabilities\/ Publish Date: 2026-06-09 08:24:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":228600,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/nbaa.org\/wp-content\/uploads\/2026\/06\/cybersecurity-threats-inflight.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,25,27],"class_list":["post-228599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228599"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228599"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228599\/revisions"}],"predecessor-version":[{"id":228601,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228599\/revisions\/228601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228600"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}