Planes are statistically the safest form of long-distance travel, with just 0.16 fatalities per million people in 2022, according to the International Air Transport Association.
And an Israeli startup is working to make it even safer, with new technology that protects aircraft from cyberattacks with minimum disruption to the planes themselves.
Herzliya-based Cyviation, which says it is the first-ever company to focus on cybersecurity for aircraft, works to provide multiple levels of safety.
Founded in 2021, Cyviation works with both commercial and private aircraft, helping them to mitigate risk to passengers and cargo and to meet current and future aviation security regulations.
“The whole idea started as a direction inside IAI – Israel Aerospace Industries,” Cyvation CEO Avi Tenenbaum tells NoCamels, referring to the state-owned company that is Israel’s major aerospace manufacturer.
“They said look, we are doing a lot of things for the military and others and there is no real solution today for commercial aviation and business jets in terms of cybersecurity.”
Realizing that such a project would be “too complicated” within its existing framework, Tenebaum says, IAI decided to create a new company dealing specifically with this technology.
“Cyber needs its own domain,” explains Tenenbaum, whose extensive business experience led to his appointment as Cyvation CEO when the company was established in October 2021.
And in the past three years, Cyvation has created a series of solutions designed to reduce the risk of cyber attack, help manage such attacks should they occur and support airlines as they implement new and upcoming international regulations regarding cybersecurity in aviation.
The US last year announced updated cybersecurity measures for airports and airlines, and similar regulations drafted by the European Union will take effect in 2025 and 2026.
“Airports and airlines are increasingly becoming the target of DDoS, ransomware or other types of attacks, not only putting pressure on those organizations but in certain cases running the risk of also having a potential impact on aviation safety,” the European Union Aviation Safety Agency (EASA) warned recently.
Tenenbaum recalls a recent incident when unknown assailants tried to seize control of the communications on an El Al flight from Phuket, Thailand to Tel Aviv, potentially in order to change its destination.
The attempted attack, which reportedly occurred as the aircraft was in airspace also used by the Houthis in Yemen, was thwarted by the pilots who were on extra alert due to the current Israeli conflict with Hamas in Gaza.
In general, Tenenbaum says, existing software used in aviation is simply too outdated to deal with this kind of challenge.
He warns that most commercial aircraft are older than the relatively new issue of cybersecurity and as such are ill-equipped to cope with it.
“The word cyber was not around 15, 20 years ago when those aircraft were designed,” he explains. “So it’s simply not there.”
He also gives the example of a cockpit of a plane belonging to what he says is a popular airline where at least one operating system was so old that Microsoft stopped offering support for it in 2004.
“Some components are running on Windows 7 and Windows NT – ancient!” he says.
“No cybersecurity whatsoever and our cyber researchers just hacked it with no problem whatsoever.”
What makes Cyvation so unique, according to Tenenbaum, is that the startup can give such planes the ability to protect themselves against cyberattack without touching them at all so that they do not have to be returned to the manufacturer for re-accreditation – something that is required when any physical changes are made to an aircraft.
In fact, the company has devised a four-layer system to protect against cyberattacks, covering hardware and software as well as human response.
The first layer is called SkyRay – an xray-like scan of the entire craft from which the company creates what Tenebaum calls its “digital twin.”
“We are creating a virtual model of the same aircraft, analyzing all the vulnerabilities and… coming up with a long list of vulnerabilities in different severity levels,” he explains.
Secondly, the company introduced cybersecurity training for pilots, which Tenenbaum says he was surprised to discover does not exist at all.
“You want the pilot to follow a certain procedure,” he says. “The regulation is now asking for building up awareness and other things. And when we look at cyber training, we don’t look at how you protect your password, we look at how you react when there is an event on the aircraft.”
Similarly, the third layer of protection is security information and event management (SIEM), which trains pilots and crew in how to act when a cybersecurity incident actually occurs.
“[The aviation industry] is reactive and not proactive,” he says. “They need to shift gears – and I think they are doing that, it just takes time.”
Cyberattacks that target the systems in the cockpit can only be detected in real time as they are happening, Tenenbaum says. Therefore, Cyviation has as its fourth layer of defense patented devices that can detect any attack while it is happening.
“Therefore helping the pilot make a decision to move to an alternative mode of operation on a specific device because it has been attacked,” he explains.
The IAI is still a shareholder in and advisor to the company, although it no longer invests. Instead, today the startup has funding primarily from private investors in the US, Tenenbaum says, and has its eye on taking the dominant role in the field.
The company has recently teamed up with Deloitte Canada professional services and consulting firm to present a combined solution to aviation cybersecurity.
“There is a fair chance for us to take a majority stake in this very niche domain,” he says.
Related posts
Editors’ & Readers’ Choice: 10 Favorite NoCamels Articles
Forward Facing: What Does The Future Hold For Israeli High-Tech?
Impact Innovation: Israeli Startups That Could Shape Our Future
Facebook comments