Cyber security in aviation is quickly becoming a mainstream topic driven by real-world risk and demand. The “Cybersecurity Standards for Aircraft to Improve Resilience Act of 2016”, or more commonly known as the “Cyber AIR Act”, introduced to Congress in April of 2016, shows just how seriously the cyber security threat is to business aviation
Can you ensure that your flight data, customer data, executive data and intellectual property are protected on the ground, in the air, and during FBO processing?
Satcom Direct is committed to providing business aviation with the best possible security solutions and risk mitigation. SD’s data security team combines experience and expertise providing you solutions to help bolster your flight security practices from cockpit to cabin and beyond. Using combined knowledge of of the industry, its service requirements, and established industry best practices in data protection, SD’s comprehensive security solutions will strengthen your business aviation practices and raise your cyber security standards.
While most IT departments in the businesses aviation industry are aware of best practices and security compliance standards, cyber threats are a rapidly growing threat. Advancements in technology and changes in compliances are difficult to keep up with. With the increased reliance on digital tools and communication devices, flight deck operations and cabin services are becoming more vulnerable. Awareness and education are key to mitigating risks. Below are common best practice questions you should be able to answer.
Q: Do you have Business Associate Agreements in place with application vendors that host protected data especially, flight data containing passenger sensitive information?
Q: If asked for evidence of proper cyber security practices, could you provide a documented set of procedures and processes?
Q:Does the flight department use or collect Credit Card information from passengers, customers, crew or support staff and is the information collected protected in accordance with the latest Payment Card Industry Data Security Standards (PCI-DSS)?
Q:Is the flight department’s network equipment updated with patches, security updates, firmware updates, and other vendor required security actions on a regular basis?
Q:Does the flight department’s change management processes include the LAN / WAN / Wi-Fi networks external to and contained within the cabin?
Q:Is the flight department network, including the internal cabin network, segmented using VLANs or other hardware segmentation methods?
Q:Do users with mobile devices have remote access to data or systems within the flight department network? If so, does this access require the use of a VPN, secure token, or other secured communication method?
Q:Are technology devices including network equipment and mobile devices wiped before being reissued? Is there a separate but equally detailed procedure for equipment cleaning prior to disposal or resale?
Q:Are vendor supplied network components and their default passwords reset to password in accordance with corporate or flight department policy?
Q:If provided on the aircraft, is the wireless network secured via current industry accepted encryption levels with regularly scheduled password changes?
For a complete audit of your data security systems and operations, contact SD’s cyber security experts at +1 321.777.3000 or contact email@example.com.