Skip to navigation Skip to main content Skip to footer

Case Study: Improving Cyber Security in Aviation

08 March 2023

By NCC Group

Situation

NCC Group worked with a government client to deliver technical and risk-based security assessments of the communications, entertainment, and other internet-enabled systems for the aviation industry, including the likes of Airbus and Boeing.

The review that NCC Group conducted included threat modeling, Open Source Intelligence, and technical assessments. We helped the client to better understand its current risk posture and provide a more secure environment for passengers and crew alike.

At a Glance

Organization: Government Client

Industry: Aviation 

Challenge: Review the security posture of the connected systems for aircraft

Solution: NCC Group performed a series of assessments including threat modeling and Open Source Intelligence

Result: NCC Group delivered a comprehensive technical document highlighting each individual risk area with a risk rating associated 

Challenge

For the aerospace industry safety is the highest priority. The safety of the passengers and crew requires a secure environment; secure from mechanical, physical, and cyber risks.

Much conjecture around the cyber security posture of modern passenger aircraft has been presented in the press, at recent hacking conferences, and in the mainstream media, leading to governments wanting assurance regarding the question of cyber security of aircraft.

Solution

As an organization, NCC Group works with many national defense departments across the world on classified cyber security projects and has the unique experience of delivering technical and risk-based security assessments of Airbus Industries and Boeing Aircraft.

The opportunity to engage NCC Group allowed our government client to properly inform the debate with factual, technical risk analysis and security assessment of the aircraft communication, entertainment, and other e-enabled systems. NCC Group carried out a series of pragmatic cyber security assessment activities including:

Fleet-wide threat modeling: NCC Group initiated the review process with a series of customized threat modeling workshops. The purpose of this was to work through the electronic enablement & connectivity footprint for each aircraft and the risk of cyber-attack against those systems.

Open Source Intelligence: After selecting the aircraft, NCC Group included within the review a period of Open Source Intelligence (OSINT) which was carried out by our researchers. This acted as an information-gathering exercise to assist with the technical assessment phase but also informed our Government client what intelligence can be publicly found in a limited period of time by people with the right skills and determination.

Technical Assessment: After the threat modeling and OSINT phases, we conducted a technical assessment of the selected aircraft. We created a detailed test plan for each aircraft to be tested and worked with our Government client to ensure appropriate support staff was available for each of the identified assessment activities.

Result

Following this assessment, our government client received a comprehensive technical document highlighting each individual risk area with a risk rating associated with each vulnerability and the real-world impact of exploitation.

The report also contained an executive summary, which detailed business impact and technical remediation actions to enable them to improve the cyber posture of the aircraft systems.

NCC Group

NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Get Started on Your Cyber Security Journey 

Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.