Cyberattacks on the aviation industry are no longer isolated incidents, they are surging at an alarming pace. In 2025 alone, ransomware attacks against airlines and airports jumped by more than 600% year-over-year, affecting both major players and critical infrastructure.
One striking example came in August 2024, when Seattle’s main airport was hit by a multiday ransomware assault traced to the Rhysida gang. The attack crippled check-in and baggage systems, exposed personal passenger data, and disrupted travel for more than 90,000 people.
This wave of incidents reflects a broader trend: aviation’s rapid digital transformation has dramatically expanded its attack surface. Airlines and airports now rely on cloud-based operations, IoT sensors, and “connected” aircraft systems, each a potential entry point for attackers. As Boeing Chief Security Officer Richard Puckett warned, any system that sends or receives a signal can be targeted, from reservations platforms to flight controls to cockpit GPS.
The growing reliance on digital systems has opened vulnerabilities far beyond the aircraft themselves. Maintenance platforms, vendor networks, supply-chain partners, and critical airport infrastructure such as check-in counters and flight information displays have all become potential entry points. In March 2025, Kuala Lumpur International Airport (KLIA) was crippled when ransomware shut down check-in systems and flight information screens, with attackers demanding a staggering USD 10 million ransom, even though flight operations ultimately continued.
These weak spots are not just exploited by cybercriminals but are also attractive targets for state-sponsored groups. Cyber warfare has become central to modern conflict, with aviation serving as a symbolic and strategic target capable of shaking public confidence and inflicting economic damage without a single shot. For example, in December 2024, pro-Russian hackers attacked Milan’s airports and Italy’s Foreign Ministry, causing temporary disruptions as part of a broader geopolitical messaging campaign.
At the same time, the rise of AI has intensified the threat landscape, enabling faster vulnerability discovery, automated exploits, and highly targeted phishing campaigns. AI tools can scan large codebases in hours, identify vulnerabilities, and even generate exploits, lowering the technical barrier for attackers and making it harder for defenders to keep pace.
Beyond today’s new vulnerabilities, aviation also carries the burden of a legacy that prioritized physical over digital security. After the hijackings culminating in September 11, airports invested billions in reinforced cockpit doors, full-body scanners, and liquid restrictions. Yet while physical defenses improved, cyber defenses lagged behind.
Many critical systems still run on outdated platforms, some as old as Windows 7, or even Windows NT from the 1990s. Air traffic control infrastructure, too, can be decades old, where upgrades are both technically complex and operationally risky. As Avi Tenenbaum, former CEO of Cyviation, observed before stepping down in 2024, these legacy systems include “all kinds of things that have zero cybersecurity.” Integrating modern protections into such fragile foundations requires painstaking planning to avoid triggering disruptions across an already overstretched industry.
If legacy systems weren’t enough, aviation’s sheer interconnectedness multiplies the challenge. Security is only as strong as its weakest link, and airlines depend on a sprawling ecosystem of airports, air traffic control, manufacturers, maintenance providers, IT vendors, and even passengers. If a software supplier has poor security, a breach can quickly ripple into airline systems (as mentioned the 2024 ransomware attack on Seattle’s main airport spread through the Port of Seattle’s network). Recent assessments show aviation IT vendors have some of the lowest security scores across industries, creating significant third-party risk.
At the same time, breaches at airlines have exposed data on suppliers, underscoring the two-way vulnerability of the supply chain. For example, LockBit’s 2023 attack on Boeing not only disrupted its parts and distribution business but also leaked data from The Aerospace Corporation, showing how a single incident can cascade into the wider aviation ecosystem.
The stakes are immense. Aviation is a trillion-dollar global enterprise supporting millions of jobs, and disrupting air travel causes outsize economic damage and public fear. After the attacks on September 11, 2001, for example, U.S. air traffic did not return to pre-attack levels until 2004. Unsurprisingly, government agencies classify aviation as critical infrastructure, so it’s an irresistible target for nation-state adversaries, cyber extortionists, and political hacktivists.
Regulators have begun to respond, but frameworks remain fragmented. In the U.S., the Transportation Security Administration (TSA) issued cyber directives between 2021 and 2023, including TSA Directive 1544.240 in March 2023 and the Cybersecurity and Infrastructure Security Agency (CISA) has released Aviation Sector Cybersecurity Toolkits to guide operators, while the Federal Aviation Administration (FAA) continues to oversee safety and certification. The result, however, is a patchwork of overlapping rules that leave operators struggling with fragmented responsibilities.
Unlike physical safety, cybersecurity still lacks unified international standards, creating exploitable gaps. Even well-intentioned companies can be caught between conflicting requirements, leaving vulnerabilities unaddressed and cross-border defense difficult. Europe has taken steps with the European Union Aviation Safety Agency’s (EASA) Part-IS rules in 2023, enforcing cyber risk management and audits across the industry. And international bodies such as the International Civil Aviation Organization (ICAO) are urging countries to adopt national aviation cyber plans, signaling that digital security is now as critical as physical safety checks.
The private sector is stepping up too. Aviation cybersecurity spending is projected to climb from $10 billion in 2025 to nearly $16 billion by 2032, and that investment is already driving new collaborations. Airbus has partnered with CrowdStrike to develop aircraft-specific protections, while Boeing has launched cyber resilience initiatives. Yet traditional vendors alone cannot solve aviation’s unique challenges. That’s where startups are making a difference.
Shift5 specializes in securing avionics and data buses, protecting aircraft at their digital core. Others are experimenting with blockchain to safeguard flight and maintenance records, or developing quantum-resistant encryption for future-proof communications. Drone-defense firms such as AeroDefense and SkySafe are addressing the threat of rogue drones and GPS spoofing around airports. These innovators bring agility and specialized expertise, complementing larger aerospace players and regulators in fortifying aviation’s cyber ecosystem.
The aviation industry has made significant progress in recognizing the scale of the cyber threat, but the challenges ahead remain formidable. Expanding attack surfaces, legacy infrastructure, and complex global supply chains ensure that adversaries will continue probing for weaknesses. Regulators, established aerospace firms, and startups are all stepping up, yet this remains a relentless cat-and-mouse competition between defenders and attackers.
Israel, in particular, has emerged as a global powerhouse in aviation cybersecurity, combining military-grade expertise with the agility of a thriving startup ecosystem. A recent report by Startup Nation Central highlighted the surge of U.S. investment into Israeli cyber companies, underscoring the worldwide recognition of Israel’s capabilities. As cyber threats grow in sophistication and scale, the eyes of governments, investors, and industry leaders remain firmly fixed on Israel as a source of innovation and resilience for safeguarding the skies.
to receive updates from our company.