Industry experts discussed the evolving landscape of aviation security in the age of flight tracking for owners and operators in a panel discussion moderated by NBAA's senior vice president of government affairs, Kristie Greco Johnson.
With the implementation of the FAA’s ADS-B mandate on Jan. 1, 2020, the industry has faced ongoing challenges when it comes to keeping owner and operator personally identifiable information (PII) secure. The risks range from hacking to cyber-espionage, and the panelists laid out the challenges of protecting pilot and owner data amid the complexity of flight tracking data availability.
FlightAware founder Daniel Baker spoke about the genesis of NBAA’s Block Aircraft Registry Request (BARR) program, which offered operators a path to request identifying information be shielded from public access and has now become the Limiting Aircraft Data Displayed (LADD) program.
There is also difficulty in securing flight data for operations that are not domestic. The panel called for ongoing conversations and collaboration between OEMs, third-party data providers, ICAO, and the FAA to develop solutions.
However, there are some holes in how data protections are met through programs like LADD. Data has ultimately been available directly from the FAA. Initially, there wasn’t a wide security risk, but now, “instead of [ADS-B] data being only available from the FAA,” Baker said, “it’s available from aircraft that are broadcasting their identifications and positions.” This data can be picked up by hobbyists or other entities who set up receivers like those utilized by FlightAware but who may not be following the data security rules.
And now, many of those entities are collaborating to network their receivers. “Unfortunately, one of the primary goals of those groups is to track airplanes that do not want to be tracked,” Baker said. “And that’s not limited to business aviation. It includes government, military, and other flights in general.”
Steve Saflin, Walmart’s vice president of aviation and travel services, added that protecting passenger privacy is a shared responsibility between operators, government agencies, and information providers.
“The challenge continues to be, how do we stay ahead” of threats as technology advances, Saflin said. “Aside from an FAA requests, there’s other ways out there to find information, whether it’s a hostile country or an individual, once they collect that data, to use it for unintended purposes. That can be anything from gathering insider information or targeting somebody specifically.”
Jim Cooling, managing partner of Cooling and Herbers, highlighted the multi-layer complexity of securing data when he described a situation early in the BARR program in which a sports team owner had requested to lock his aircraft data, but it was inadvertently unlocked by a low-level manager who requested maintenance schedule information.
He also pointed to business costs resulting from data insecurity; corporate espionage (and in some cases, espionage against defense contractors, which he said are extremely reluctant to come forward with concerns) prompts operators to add extra legs to flight plans to help obscure final destinations.
Adding to this, Jean Rosanvallon, former president and CEO of Dassault Falcon Jet, said some operators would charter the final leg to those destinations. He also called attention to the idea that “privacy, of course, is important, but security is even more important,” as some owners, operators, or passengers face threats from stalkers or protestors.
ForeFlight co-founder Tyson Weihs pointed out that any technical solution to a widespread security problem requires the entire aviation community to come together. “As a technologist, you always have a sense of urgency or interest in solving problems,” he said. “ForeFlight has done an amazing job of making the complex very simple. And the flip side of that is being in the aviation industry, developing humility, and having to develop patience for how long it takes to solve a particular problem.
“The good news is that we’re flying in a time when we’re standing on the shoulders of a ton of technology,” Weihs added.”When I started flying in 2006, I was on an old Bendix King system. I was punching buttons for the transponder. We’ve seen that evolve over time, and now we’re getting in our airplanes, devices are connecting to the avionics, transmitting flight plan information,” and so it’s worth being optimistic that the aviation community will develop solutions that in retrospect will seem simple and obvious.
He also pointed out that this sort of individual tracking and security concern is unique to aviation. If transponders were required on cars, for example, “we would all be freaking out, right? … If you think about this in any other mode of transportation, it sounds bananas.”