Security Specialist Warns of Bizav Cyberattack Threats

Smaller business aircraft operators generally lack the in-house expertise and management bandwidth to adequately protect themselves from cybersecurity threats, according to digital infrastructure specialist Cyviation. Last week, the company warned that cyberattacks on the aviation sector as a whole increased by as much as 600% in 2025, urging the industry to step up investment in protection.

According to Cyviation CEO Eliran Almog, smaller operators in private aviation need aircraft-specific cyber protection and risk management that does not require them to establish the sort of large security departments run by major airlines. The risks they face run through many aspects of the operation.

For smaller business aviation operators, the main gaps are usually around resources, processes, and third-party dependency, Almog told AIN. “They often rely on outsourced maintenance, external CAMO/management companies, connectivity providers, avionics shops, flight-planning tools, FBOs, and software vendors. Each of these creates a digital connection to aircraft operations, even if only indirectly.”

Cyviation urges clients to protect the aircraft connectivity systems and software, as well as laptops used for maintenance, electronic flight bags, crew devices, and flight planning systems. Requirements for increased cybersecurity are now being introduced through policies such as EASA’s Part IS rules.

Maintenance Data Vulnerable

“Maintenance data is especially important,” Almog explained. “Records, software part numbers, configuration files, avionics updates, aircraft health-monitoring data, and technical documentation all affect safety, compliance, and operational readiness. If this data is manipulated, deleted, delayed, or trusted when it should not be, the impact can be operationally significant even without someone directly hacking the aircraft.”

While acknowledging the increase in attacks in which GNSS navigation systems have been jammed, apparently by Russian forces, Cyviation said the majority of cyberattacks are not conducted by governments or terrorist groups. Financial wrongdoing or the desire to inflict reputational damage on victims are considered to be the most common motivations.

“We want to be sure that the industry is ready for the next threats because it is struggling to keep up,” Almog concluded. “They need to have cybersecurity as part of their standard procedures, like a safety management system.”

Cyviation has contributed to Boeing’s new SkyGuard technology, which is a package of security measures. The company was founded in 2021 by Israel Aerospace Industries and various U.S. investors to make defense-grade security available in the civil aviation sector.