Vendor breaches, signal interference and regulatory updates test aerospace limits
By Cat Hofacker
By Cat Hofacker
The Aerospace Cybersecurity Working Group provides awareness, education, and standards development to help protect aerospace’s digital infrastructure.
In 2025, AI-powered cyber offense and defense, aviation and space cybersecurity were shaped by systemic stressors, including vendor-borne disruptions, rising interference with satellite navigation and a stronger cybersecurity-safety oversight relationship.
Non-cyber events offered lessons for the community. The fatal midair collision near Washington, D.C., in January stressed a relevant discipline: When uncertainty rises, deconflict and default to conservative procedures. The June crash of a Boeing 787 operated by Air India sparked debate about data integrity, evidence preservation and crisis communications, reinforcing a “contain first, verify fast” mindset. This approach also applied when ransomware hit a common check-in platform in September, disrupting European airports.
Attacks struck globally, illustrating that aviation is a high-leverage target. Tactics included contractor compromises, hacktivist Distributed Denial of Service (DDoS) attacks and full-scale ransomware, with growing operational impact. In March, Los Angeles International Airport saw slowdowns and Atlanta International Airport experienced a web outage during DDoS attempts, and Kuala Lumpur Airport’s operator refused a $10 million ransom amid reports of hours-long manual fallback. In June, Aeroflot canceled over 100 flights after a cyberattack. KLM Royal Dutch Airlines confirmed a third-party data leak in July. The International Civil Aviation Organization’s (ICAO) recruitment system confirmed a data breach in January. In June, concerned with day-of-operations continuity, the FBI issued an aviation-specific warning that a criminal group was targeting airlines and urged stronger identity checks, access revocation and tighter vendor controls.
Navigation and space risks were at the forefront. In September, an aircraft carrying the European Commission president experienced global navigation satellite systems (GNSS) jamming over Bulgaria. It landed safely using non-GNSS procedures, demonstrating resilience under degraded positioning. In March, a joint statement from ICAO, the International Telecommunications Union and the International Maritime Organizations urged states to protect satellite-navigation services against jamming and spoofing and to maintain robust conventional navigation. The European Union Aviation Safety Agency (EASA) and the International Air Transport Association issued a joint plan in June to mitigate GNSS interference, which is now filtering into operational briefings.
In January, the Cybersecurity and Infrastructure Security Agency issued a public advisory on the Traffic Collision Avoidance System, outlining conditions under which spoofed or impersonated signals could degrade collision-avoidance behavior. FAA in August proposed beyond-visual-line-of-sight rules under 14 CFR Part 108 (UAS operators and manufacturers) and 14 CFR Part 146 (automated data service providers/UTM) that embed cybersecurity end to end.
Beyond cyberattacks, drone incursions in NATO airspace prompted temporary airport pauses and air-policing responses in September.
The aviation-space seam mattered beyond navigation. In March, the Polish Space Agency disconnected affected systems after detecting a cyberattack — another indicator that compromises in space ground segments can ripple through aviation. In June, the European Commission advanced an EU Space Act proposal that addresses cybersecurity and anti-interference provisions for space services. In May, the U.S. Department of Transportation and FAA announced plans to overhaul the air traffic control system, replacing aging radars, telecom and voice systems to improve resilience.
Closer to operations, Europe translated guidance into obligation. In October, EASA’s Information Security rules became applicable for many EASA-approved organizations, linking cybersecurity evidence directly to safety oversight and audits.
Community capacity also grew. Conferences including the Aviation Cyber Initiative Cyber Rodeo series in February, the Embry-Riddle Aeronautical University-NASA-National Science Foundation Prescott workshop in April, DEF CON Aerospace Village in August, and the Aviation Information Sharing and Analysis Center (A-ISAC) Cybersecurity Summit in October deepened practice and improved information sharing. Internationally, the TSA led a Manila workshop on airport-operations cybersecurity with partners from the U.S., Canada, Australia and the Philippines in June, and ICAO Cooperative Aviation Security Program-Asia Pacific hosted an aviation cybersecurity capacity building workshop in Hong Kong in November. Both highlighted that collaboration and workforce development are central to resilience.
