SMART AIRPORTS, SILENT THREATS: CLOSING THE OT SECURITY GAP IN AVIATION

As air traffic rebounds post-pandemic, aviation cybersecurity challenges continue to grow, with aviation infrastructure facing escalating cyber threats that target both passenger safety and national security.

With global aviation increasingly dependent on digital systems, the cost of a breach isn’t just financial—it’s operational, reputational, and human.

Aviation is now a prime target for Advanced Persistent Threats (APTs), cybercriminal syndicates, and nation-state actors. Vulnerabilities in OT systems, airport infrastructure, and aviation networks are being exploited through unpatched firmware, insecure remote access, and converged IT/OT networks.

Recent Cyber Incidents

Indian Airspace GPS Spoofing Surge (2025)

GPS spoofing, a threat previously limited to conflict zones like the Middle East and the Black Sea, is now affecting aircraft in Indian airspace near Amritsar and Jammu, with 465 incidents reported between November 2023 and February 2025. This involves fake satellite signals misleading aircraft navigation systems, posing serious safety risks. In response, the Indian government has issued guidelines through DGCA, implemented NOTAMs in high-risk areas, and reinforced ground-based navigation backups. Airlines are following SOPs, and pilots are using alternative tracking methods like DME-DME while staying in communication with ATC.

The issue reflects a growing global trend of cyber-related aviation disruptions.

Japan Airlines Network Disruption Cyberattack (2025)

Japan Airlines (JAL) suffered a cyberattack that delayed 24 domestic flights during the busy year-end holiday season.

The attack, which began in the morning, targeted JAL’s internal and external networks with a flood of data—a denial-of-service (DoS attack) disrupting operations but causing no safety issues or data leaks.

The airline suspended ticket sales temporarily and resumed them later in the day after restoring system functionality.

Japanese officials, including Chief Cabinet Secretary Yoshimasa Hayashi, urged JAL to expedite recovery and assist affected passengers.

This incident adds to growing concerns over Japan’s cybersecurity readiness, following past attacks on its space agency and shipping infrastructure. Other airlines such as ANA and Skymark were not affected.

Qantas Customer Data Breach Incident (2025)

On 30 June 2025, Qantas detected a cyberattack targeting a third-party platform used by its customer service operations, exposing data linked to up to six million customer profiles.

The compromised information includes names, contact details, birth dates, and frequent flyer numbers, but no financial or passport data was affected.

Qantas immediately contained the breach and began an investigation. While the full scale is still under review, the airline expects a significant portion of the data was accessed.

The incident has been reported to federal authorities, including the Australian Cyber Security Centre and Federal Police. This breach comes amid a broader wave of cyberattacks in Australia and globally, with Scattered Spider, a known hacking group, recently targeting other airlines like Hawaiian Airlines and WestJet.

Qantas operations and safety remain unaffected, but the event highlights growing concern over Australia's cybersecurity vulnerabilities.

North American Airlines Cyberattack Incidents (June 2025):

In June 2025, North American airlines WestJet and Hawaiian Airlines reported being targeted by cyberattacks, while American Airlines faced unrelated technical issues.

The FBI and cybersecurity firms, including Google’s Mandiant and Palo Alto Networks, have warned that a cybercriminal group known as Scattered Spider is actively targeting the aviation sector.

This group, known for using social engineering to gain system access and deploy ransomware, has previously attacked casinos and retailers.

Despite the breaches, both WestJet and Hawaiian Airlines confirmed that flights continued operating safely and on schedule. Authorities are urging airlines to strengthen their aviation cybersecurity measures immediately.

• BMS Vulnerabilities

• HVAC, fire suppression, and access systems at terminals remain unsegmented and unmanaged. Many run unpatched firmware or use insecure protocols like BACnet.

• Radar & Navigation System Spoofing

• Attacks on ADS-B and GPS signals can mislead pilots or ATC, creating safety risks during takeoff or landing.

• Remote Access Gaps

• Unsecured RDP/VNC logins from vendors and engineers remain common across regional airports.

• Flat Network Architectures

• Converged IT and OT networks enable lateral movement once a single endpoint is compromised.

• IoT Proliferation Without Security

• Smart kiosks, baggage scanners, biometric systems and even lavatory sensors introduce new points of vulnerability.

• Insider & Third-Party Risk

• Maintenance crews, external vendors, and ground handling teams may unknowingly introduce malware or leave systems exposed.

• Flight Delays & Cancellations

• Disrupted ATC, radar, or boarding systems can shut down operations.

• Passenger Safety Threats

• Compromised guidance systems or emergency services jeopardise lives.

• Loss of the National Trust

• Travellers lose confidence in airport or airline safety post-attack.

• Compliance Failures

• Non-compliance with ICAO, DGCA, or FAA guidelines can attract penalties and regulatory action.

• Financial Fallout

• Direct recovery costs, cancelled flights, compensation claims, and reputation damage.

1. OT Network Segmentation Isolate BMS, radar, baggage systems, and surveillance from IT and public internet. Use firewalls, zero-trust gateways, and secure VLANs.

2. Protocol-Specific Threat Monitoring Deploy monitoring tools that understand BACnet, Modbus, ADS-B, and aviation-specific control protocols. Recommended Internal Link: ZeroHack OT Security Platform

3. Vendor Access Control & MFA Enforce strict role-based access with time-limited credentials and full activity logging for remote technicians.

4. Patch & Virtual Patch Management Update legacy systems where possible. For outdated OT devices, use protocol filters and virtual patching.

5. Secure Navigation & Communication Channels Use encrypted and authenticated channels for GPS, NOTAM, and radar communication. Monitor for spoofing anomalies.

6. Incident Response Playbooks Develop and test specific playbooks for ransomware events, ATC outages, or system hijacks. Include manual fallback processes.

7. Immutable Offline Backups Secure flight operation data, BMS configs, and navigation system blueprints offline. Test recovery regularly.

To overcome all this, presenting India's First Full-Stack OT Cybersecurity Platform Tailored for Aviation.

WhizHack Technologies brings the nation’s first complete OT security portfolio, engineered to safeguard aviation infrastructure from terminal BMS and check-in systems to ATC towers.

Whether you run a private terminal, regional airport, or manage civil aviation infrastructure, we help you secure the unseen systems that keep flights safe.

Relevant WhizHack Solutions

• TRACE-OT Deception Technology
• ZeroHack EDR Platform
• WhizRange Cyber Range Platform

• Are your baggage systems and radar networks segmented from passenger WiFi and IT systems?
• Can your airport sustain operations during a ransomware lockout?
• Do you monitor aviation protocols like ADS-B or BACnet for cyber anomalies?
• Are vendor logins secured with MFA, monitoring, and time limits? Contact WhizHack Technologies today to schedule your Aviation OT Risk Assessment.