Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As technology in commercial aviation advances, experts see a double-edged sword: With more airline operations being handled in the digital space, the likelihood of damaging cyber attacks also increases.
And with artificial intelligence (AI) set to revolutionize the industry, cyber security professionals are urging caution on its rollout.
Though AI applications could improve aircraft performance, flight scheduling, and weather prediction models, they also come with potentially devastating setbacks.
“AI plays a pivotal role in both creating and mitigating cyber security vulnerabilities,” security expert Chris Cooley told The Epoch Times by text.
“On the offensive side, attackers use AI to automate tasks such as scanning for vulnerabilities or launching sophisticated phishing campaigns. For example, AI can help develop malware that evolves to avoid detection, posing a significant threat to aviation systems.”
However, Cooley also said AI is a “game changer” in terms of defense. “It can help monitor vast amounts of data, detect real-time anomalies, and, with practical tuning, respond to threats faster than traditional systems. … In my experience working with threat intelligence, I’ve seen how AI can enhance defensive strategies and attackers’ capabilities.”
As a certified associate chief information security officer, Cooley emphasized the importance of mitigating cyber weaknesses in the airlines, which he called an “evolving” threat that could cause severe disruptions.
“Aviation relies on a vast digital infrastructure, including air traffic management systems, communication networks, and passenger services. Attacks on any of these could result in delays, grounded flights, or safety risks,” Cooley said.
For example, he said, ransomware could disrupt the booking systems for air traffic control and cause widespread operational chaos.
Bill Mann, a privacy expert at Cyber Insider who has worked with avionics, agreed and told The Epoch Times by text that further disruption to airlines from cyber attacks is “absolutely possible.”
He said that if aviation networks were breached, malign actors would most likely hold information hostage through ransomware in their customer-facing systems. This includes things like passenger lists and flight schedules. Mann said this could “cause chaos and ground flights.”
Mann also believes it’s possible for cyber attacks to do physical damage. “Theoretically, a very malicious person could take control of air traffic controller systems, totally disrupt the order of landings and takeoffs at an airport, and potentially cause crashes.”
This is where defensive AI has a chance to shine, according to Mann. Cyber security systems using AI have already demonstrated the ability to learn the methodology of hackers, assist security teams with penetration testing, and create stronger networks. But Mann said the other side of this intelligence tool is “black hat AI,” which is developed specifically to exploit weaknesses in other AI systems.
“Cyber security will be decided more and more by AI in coming years,” Mann said.
For the moment, the FAA does not allow the use of AI in the sky.
“The FAA has not approved AI for use in existing commercial flight operations,” an agency spokesman told The Epoch Times by email.
When queried about plans to reduce cyber threats in aviation, the spokesman responded, “The FAA has a comprehensive approach to protect the National Airspace System from cyber security threats. The agency works closely with intelligence and security experts throughout the federal government to identify and mitigate potential risks to our systems, as well as those of our partners in the private sector.”
The report stated, “The large and growing digital infrastructure which supports the commercial aviation sector provides attackers with a broad and extensive cyber-attack surface.” It also observed that a growing reliance on managed service and cloud service providers heightens the risk of indirect data breaches.
Cyber threats can manifest through the exploitation of software or firmware to breach corporate networks directly or those belonging to service providers. This could have a downstream impact on airline operations, according to the analysis.
Carvalho said AI has vast potential within the industry, offering examples like helping customers book flights and even performing aircraft maintenance.
Carvalho added that American Airlines has pilot programs to incorporate AI into nearly all elements of the company’s operations.
“AI relies on data. If it doesn’t have access to data, it won’t be able to function anywhere close to the performance humans provide. Giving one system access to all this data comes with security risks,” Dingemans stated.
He also pointed out that ethical considerations, regulatory challenges, and a lack of human judgment are all significant hurdles to bringing AI into the air side of operations.
“AI can significantly improve safety, efficiency, and decision-making in aviation. It can enhance predictive maintenance, optimize flight routes, and assist pilots with complex decision-making tasks. However, it’s crucial to remember that while AI can process vast amounts of data quickly, critical decisions—especially those affecting safety—must remain under human control,” Cooley said.
Some experts believe machine learning, a subset of AI, is a weak spot that cyber attackers can exploit.
“Right now, it is hard to verify that the well of machine learning is free from malicious interference. In fact, there are good reasons to be worried. Attackers can poison the well’s three main resources—machine learning tools, pretrained machine learning models, and datasets for training—in ways that are extremely difficult to detect,” Lohn stated.
This could have potential implications for machine learning’s use in aviation. Especially if the programs are developed using shared data resources.
At an operational level, the report noted Delta Air Lines uses machine learning to “price tickets, analyze passenger behavior, and provide self-service experiences.”
“As aviation becomes increasingly dependent on digital systems, combining robust cybersecurity frameworks with human oversight and a cautious approach to new technologies is crucial,” Cooley said.