Skip to main content
close search
site logo
Dive Brief

Aviation sector faces heightened cyber risks due to vulnerable software, aging tech

A report calls on federal authorities to conduct comprehensive risk assessments and take steps to modernize the air traffic control system.

Published April 14, 2025
David Jones's headshot
Reporter
A family stands at a Delta Air Lines ticketing counter trying to rebook a flight after a CrowdStrike software update caused thousands of cancelations.
Passengers Jennifer Kishpaugh, Andrew Peterson and their son, Wilder, get ticketing assistance from a Delta Airlines agent at Hartsfield-Jackson Atlanta International Airport on July 22, 2024 in Atlanta, Georgia. The carrier canceled more than 800 flights Monday due to a CrowdStrike software update error in July. Jessica McGowan / Stringer via Getty Images

Dive Brief:

  • The aviation industry is facing significant threats to its ability to maintain cyber resilience and must address key issues ranging from aging technology, outdated software and growing risks from sophisticated threat actors, according to a report released Thursday from the Foundation for Defense of Democracies. 
  • The report calls on the Federal Aviation Administration to conduct a comprehensive modernization of the nation’s air traffic control system with a strong focus on cyber resilience.
  • The Transportation Security Administration, working with the FAA and Cybersecurity and Infrastructure Security Agency, should conduct comprehensive cyber vulnerability and risk assessments on major hub airports used for civilian and military purposes. 

Dive Insight:

The report acknowledges that government agencies and the private sector have taken steps to address several cybersecurity deficiencies, but commercial airlines are running at full capacity and the stresses on the system are outpacing the nation’s ability to keep up with the growing threat. 

“We are pushing decades-old aviation systems to handle high-demand travel 24/7, and the cracks are showing,” Jiwon Ma, senior policy analyst at FDD’s Center on Cyber and Policy Innovation, said via email. “Even without a cyberattack, outdated technologies and fragile logistics can lead to massive disruptions, like we saw with Southwest in 2022 and the CrowdStrike incident last year.” 

The TSA in 2023 took several steps to enhance aviation security as part of the Biden administration’s national cybersecurity strategy.

The FAA declined to comment on specific strategies used to combat cyber threats, but a spokesperson defended the agency’s record. 

“The agency has a comprehensive approach to protect the National Airspace System from cybersecurity threats,” the FAA spokesperson said via email. “We work closely with intelligence and security experts throughout the federal government and private sector to identify and mitigate potential risks to our systems.”

The report comes at a time of growing threats to critical supply chains and sophisticated attacks targeting the aviation sector. 

  • Delta Air Lines was forced to cancel thousands of flights in July 2024 when a faulty software update at CrowdStrike caused about 8.5 million Microsoft Windows computers to fail. The airline filed a $500 million lawsuit against CrowdStrike seeking damages.
  • The Port of Seattle was disrupted by a multiday attack in August 2024 linked to Rhysida ransomware. The attack impacted ticketing, check-in and other services at the Seattle Tacoma International Airport. Earlier this month, the Port sent out 90,000 breach disclosure letters to workers, contractors and others whose data was stolen in the attack. 
  • Boeing was targeted in 2023 by LockBit, which demanded a $200 million ransom demand and leaked the data. A separate 2022 attack targeted Jeppesen, a Boeing unit that provides flight navigation and operational planning tools. 

Editors' picks

Company Announcements

View all | Post a press release
12th Annual Edition of the BeyondTrust Microsoft Vulnerabilities Report Reveals Record-Breakin…
From BeyondTrust
April 15, 2025
GitGuardian Launches NHI Governance: Bringing Order to the Chaos of Non-Human Identity Security
From GitGuardian
April 15, 2025
As Attacks Grow on Critical Infrastructure, New RunSafe Tool Scores Hidden Threats in Embedded…
From RunSafe Security
April 07, 2025
98% of Brands Targeted by Cyber Attacks in 2024 – BrandShield CyberScam Report Reveals Rising …
From BrandShield
April 02, 2025
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.