Comprehensive Aviation Cybersecurity Resources

📚 In-Depth Educational Articles: Deep dives into ILS security, FAA grant compliance, navigation aid vulnerabilities, and practical implementation strategies. Written from 28 years of hands-on experience maintaining the actual systems.

Browse latest articles →

📋 FAA Grant Cybersecurity Requirements: What does "demonstrate cybersecurity readiness" actually mean for AIP and ATP grants? This guide breaks down the requirements so you understand what's expected.

Download the Guide →

FAA Grant Requirements. Emerging ARC Standards. Cyber Threats. You Need Specialized Expertise

Whether you hold FAA Part 139 certification, manage navigation aids under Part 171, operate under TSA Part 1542, or run an FBO with critical systems, cybersecurity is no longer optional.

The challenge:

• FAA now requires a cybersecurity readiness demonstration for AIP and ATP grant agreements

• FAA's Civil Aviation Cybersecurity ARC is developing standards that will affect airports of all sizes

• TSA issued emergency cybersecurity requirements in March 2023

• Cyberattacks on airports increased 24% year-over-year

• Most airport operations teams don't have cybersecurity expertise in-house

The gap:

• IT security firms understand cyber threats, but don't understand ILS systems

• Aviation professionals understand operations, but not information security

• Regulators require compliance, but most facilities lack technical staff

You need someone who bridges both worlds.

Your Systems Are Different. Your Risks Are Different. You Need Specialized Help.

Most cybersecurity consultants believe "aviation security" refers to protecting an organization's email server. They're missing the real vulnerabilities:

Systems Most Airport Operators Don't Think of as "Cyber Targets":

• Instrument Landing Systems (ILS)

• Precision Approach Path Indicators (PAPI)

• Approach lighting systems (ALS)

• Runway edge lights and taxiway guidance systems

• Remote lighting control systems

• Airport beacon systems

• Automated weather observation systems (AWOS/ASOS)

• Fuel management systems

• Baggage handling systems

• Building management and HVAC controls

• Access control and security cameras

The problem: Many of these systems were installed before cybersecurity considerations were a priority. They have default passwords, no encryption, outdated software, and direct connections to other networks.

The reality: An attacker doesn't need to compromise your primary server. They can target a remote lighting controller that hasn't been updated in 10 years, a weather observation system with a known vulnerability, or a building management system running Windows XP.

Specialized Aviation Cybersecurity Guidance for All Facility Types

Aviation Relations provides cybersecurity education for:

Part 139 Certificated Airports

• Understanding cybersecurity readiness for AIP/ATP grant eligibility

• Integrating cybersecurity into Safety Management Systems (SMS)

• Safety event reporting for cyber incidents

Part 171 Navigation Aid Operators

• Security considerations for ILS, VOR, DME, and non-federal navigation facilities

• Balancing reliability requirements with cybersecurity

• Legacy system vulnerabilities

General Aviation Airports

• What the coming FAA Civil Aviation Cybersecurity ARC means for you

• Building security awareness within limited budgets

• Essential cybersecurity fundamentals

TSA-Regulated Airports (Part 1542)

• Understanding TSA emergency cybersecurity requirements

• Network segmentation, access control, continuous monitoring, and patch management

FBOs and Private Aviation Facilities

• Critical system identification

• Vendor and third-party risk awareness

This Isn't Theoretical—Airports Are Under Attack Right Now

This Isn't Theoretical—Airports Are Under Attack Right Now

Port of Seattle (August 2024): Ransomware disrupted Wi-Fi, baggage systems, check-in kiosks, ticketing, and display boards. Employees used dry-erase boards for flight information. 90,000 people impacted.

European Airports (September 2025): The Cicada Aerospace ransomware attack disrupted operations at Heathrow, Berlin Brandenburg, Brussels, and Dublin, resulting in manual check-ins and flight cancellations.

Kuala Lumpur (March 2025): $10 million ransom demand. Days of disruption to flight displays and check-in counters.

The pattern: Attackers aren't just targeting IT systems. They're targeting the operational technology that keeps airports running.

I write about these threats and how aviation facilities can prepare.

Aviation-First Cybersecurity, Not Generic IT Security

Understanding Your World

• I know what a glideslope is

• I understand runway lighting control systems

• I've worked on ILS installations

• I speak your language—not just IT jargon

Practical, Not Theoretical

• Solutions that work with your budget

• Implementation plans you can actually execute

• Focus on high-impact, achievable steps

• No ivory tower recommendations

• Navigate TSA Part 1542 requirements

• Understand Part 139 certification

• Expert in Part 171 navigation facilities

• Track the coming FAA ARC mandates

Regulatory Knowledge

Stay Informed on Aviation Cybersecurity

• Comprehensive articles on ILS security, FAA grant requirements, and aviation OT

• Based on 28 years of hands-on FAA experience

• Practical insights and real-world examples

• No fluff—actionable information you can use

• Perfect for airport managers, technicians, and facility directors

When ARC recommendations and TSA requirements evolve, I'll help make sense of them.

Free Educational Resources