The global transportation industry is just as vulnerable to cybersecurity attacks as any other business sector. This truth has been proven in recent years by several high-profile incidents.
For instance, in 2025 “a phishing attack at NetJets led to stolen credentials, which were used to gain unauthorized access to an internal database,” said Kim Macaulay, IATA’s SVP information and data/chief information and data officer. (ATA is the International Air Transport Association.) “A year before, the Port of Seattle (SEA) was targeted by Rhysida Ransomware, disrupting operations at this major hub. And in 2023, Boeing suffered a ransomware incident involving Lockbit 3.0 Ransomware. These examples reflect the growing risk and the widespread impact of cyber incidents on global transportation.”
Open Season on Air Travel
The entire global transportation industry is being plagued by cyberattacks, and for good reason: “The threats facing the transportation industry are similar to those affecting other industries as they become increasingly interconnected and internet-connected,” said Aaron Engel. He is chief information security officer (CISO) with ExpressVPN, a provider of online privacy and security solutions, including a virtual private network service and a password manager. “As more systems, tools, and vehicles become accessible (and in some cases controllable) via the internet, the potential attack surface grows significantly, creating greater risk for cyber threats and other security vulnerabilities.”
This being said, Engel sees airports are prime targets for hackers due to the number of potential targets that pass through them — often in a hurry and looking for ways to get online for free. Such a target-rich environment is irresistible to cyber predators. “Passengers have even been arrested for setting up fake WiFi networks to steal users’ passwords mid-flight,” he said.
Because of the ‘Open Season’ that hackers have declared on civil aviation, “cybersecurity has taken the top spot for airlines and airports this year,” said Sumesh Patel, president/Asia-Pacific
with SITA, a global specialist in air transport communications and information technology. “It’s not just important, it’s urgent.”
Indeed, according to SITA’s 2024 Air Transport IT Insights Report, 66% of airlines and 73% of airports now list cybersecurity in their top three investment priorities. “That’s a loud and clear signal showing that protecting digital infrastructure is non-negotiable,” Patel told TSI. “The driving shift [behind this awareness] is simple: More threats. More regulation. More digital everything.”
The fact is that the world is becoming ever more interconnected and digitized, with IT systems playing an ever-increasing role in managing civilian air travel. “As systems get smarter, the risks get sharper, and the aviation industry is responding fast,” observed Patel. “For instance, airlines and airports are building stronger defenses from the ground up, with 87% of airlines and 77% of airports either running or setting up security operations centers (SOCs). Airlines, operating across global environments and jurisdictions, are also doubling down on AI, with 81% deploying AI or machine learning for threat detection. That’s almost double the adoption rate at airports (46%). Meanwhile, 57% of airports are turning to Zero Trust architecture [where users are challenged to prove their credentials as they move through the network], recognizing the need to secure every digital doorway in a connected world.”
Three Attack Categories
From IATA’s perspective, the most pressing cybersecurity threats to the aviation industry can be divided into three attack categories.
The first category encompasses IT Infrastructure Threats. “These include ransomware attacks, account takeovers, data breaches, and denial-of-service attacks targeting critical systems such as reservation platforms, crew scheduling tools, air traffic management, and data centers,” Macaulay said. “Disruption to these systems can cripple airline operations and compromise passenger data.”
The second category is focused on Operational Technology Threats. “The increasing integration of digital systems across the airport and operations landscape can introduce vulnerabilities that could be exploited to disrupt physical movement or cause delays,” said Macaulay. And the third category is Value Chain Fraud, which involves the misuse of loyalty program value chains within the airline industry. It includes issuing flight tickets using invalid or stolen payment methods, unauthorized redemption of loyalty points (such as frequent flyer miles), and the monetization of compromised loyalty accounts or personal data.
The takeaway? If cybercriminals can find a way to rip off people involved in any part of the civil aviation industry, they will — and they do.
Who the Attackers Are
So, who are all these hackers attacking the transportation industry — not just airlines and airports, but railway operators, shipping lines, and trucking firms? They’re the same hackers who are attacking other business and government sectors.
“Cyber threats generally come from three categories of hostile actors,” Macaulay explained. The first category includes state-sponsored actors aiming to conduct espionage, disrupt economic activity, or assert geopolitical influence. The second category is comprised of “cybercriminals motivated by financial gain — particularly through ransomware, theft of financial or personal data, or illicit sale of information,” she said. And the third group is made up of “‘hacktivists’ who seek to make political or ideological statements, often by disrupting services or exposing vulnerabilities and weakening confidence in the industry. Their motivations range from financial gain and data theft to geopolitical power plays and ideological disruption.”
Meanwhile, “numerous different groups may have an interest in targeting the transportation industry,” said Engel. They include criminals seeking access to personally identifiable information (PII) or payment data linked to passengers and customers, and nation-states targeting transportation systems to track the movements of specific individuals for intelligence purposes. “Additionally, hacktivists may attempt to disrupt these systems to highlight the risks of over-relying on internet-connected infrastructure or to make broader political or social statements,” he said. “In other words, hostile actors are everywhere, which makes it so important that transportation organizations make cybersecurity a top priority.”
Is AI Making Things Worse?
The introduction of AI (artificial intelligence) into the hacker’s arsenal has definitely enhanced the sophistication and subtlety of cyberattacks. Using AI, hackers can generate highly convincing personalized phishing emails to deceive the recipients into opening them and activating links found within. Hackers can also use AI to commit financial scams, and then use AI again to impersonate agencies that assist the victims of these scams, in an effort to fleece them a second time. And that’s just the tip of the AI iceberg. According to the security firm Abnormal AI, “a threat actor used AI-powered software to mimic the voice of a company’s CEO and request urgent wire transfers from employees.”
Of course, the AI technology that is being exploited by hackers to finetune their cyberattacks can also be used to foil them. This is why “AI has become a double-edged sword,” Patel said. “Hackers are using it to move faster, hit harder, and stay hidden longer. But the transportation industry isn’t standing still. It’s fighting back with AI of its own. A case in point: According to SITA’s 2024 Air Transport IT Insights Report, AI and machine learning are now essential for real-time threat detection and adaptive defense systems, especially in SOCs. Airlines are ahead of the curve here. 81% have adopted AI for threat analysis compared to just 46% of airports.”
“AI is a double-edged sword,” echoed Macaulay. “It is also being used by malicious actors to launch more sophisticated attacks such as AI-driven phishing, automated vulnerability scanning, and deepfake-based social engineering. But on the other hand, AI enhances predictive maintenance, improves cybersecurity threat detection, and optimizes operations.”
Aaron Engel is more generous in his assessment of AI’s impact on the transportation industry. “In my experience, AI can actually make things much better, often taking a project from 0% to about 80% complete,” he said. “However, the final 20% typically still requires human input and subject matter expertise to ensure accuracy and completeness. Admittedly, in the context of the transportation industry, AI may offer potential starting points that attackers could exploit, from AI-generated phishing emails targeting travelers to fake travel assistant bots collecting sensitive information under the guise of helping. That being said, I don’t believe it poses a catastrophic threat on its own.”
Fighting Back against Cyberattacks
So far, we’ve seen what kind of cyberattacks are being waged against the transportation sector, and the reasons that various hostile players are staging these attacks. So, what can the industry do to deter, defend and defeat these attacks?
The answer begins with self-defense, replied Engel. “First, strong authentication methods — such as two-factor authentication, ideally using hardware security keys — should be implemented to protect access. It’s also important to rigorously test systems that operate outside of traditional corporate infrastructure, like internet-connected vehicles, to identify and fix vulnerabilities. Additionally, conducting thorough threat modeling can help organizations anticipate potential attack vectors and implement effective mitigations to reduce risk.”
IATA’s Macaulay takes a big picture approach to the problem. “Entities, including those in aviation, must adopt a multi-layered, risk-based cybersecurity approach,” she said. This approach should include real-time threat detection and response systems to identify and isolate intrusions; cross-sector collaboration, including public-private information sharing (e.g., via the Aviation ISAC, ICAO, IATA, and local CERTs); cybersecurity training for operational and administrative staff to reduce human error; segmentation of IT and OT (operational technology) networks to limit lateral access in case of cybersecurity breaches; and regular auditing and penetration testing to identify and fix vulnerabilities proactively. As well, adopting a Zero Trust model for network management is well worth considering. An easy way to understand Zero Trust is to think of a hotel, where every door is locked and you need a separate key to enter each room. Zero Trust applies the same logic: if a hacker manages to get past your initial firewall, requiring them to prove their identity every single time they want to access an asset will slow them down at the very least — improving the time for security to detect their intrusion and stop it.
Worth noting: “IATA supports the aviation industry’s cybersecurity resilience through strategic leadership, advocacy, and collaboration,” said Macaulay. “We work with stakeholders to shape how the industry addresses cyber threats and help develop standards and guidance.” You can find out more about IATA’s cybersecurity initiatives at iata.org/en/programs/security/cyber-security
Be Ready to Jump Some Hurdles
According to SITA’s Sumesh Patel, everyone wants stronger cybersecurity. But making it actually happen is where things get tricky.
“The first big hurdle is regulations,” he explained. “They’re tough to navigate, especially when you’re working with new tech like blockchain or quantum encryption. Yes, they’re promising, but most of the industry is still testing the waters. Just 24% of airlines and 9% of airports are even planning to use blockchain. It’s even fewer for quantum encryption.”
Resource constraints are another challenge. Money is tight, and IT teams are stretched. So, cybersecurity automation and AI are becoming must-haves, not just nice-to-haves, to help companies stay on top of threats without burning people out. “And then there’s the supply chain: past breaches have shown just how easy it is for attackers to get in through vendor gaps,” said Patel. “Last but not least, there’s a need to find the sweet spot between tight security and smooth operations — because if the solution slows things down, it’s not really a solution at all.”
Besides the hurdles outlined by Sumesh Patel, there are many other considerations for transportation companies to deal with when it comes to improving their cybersecurity. To put up a stronger defense against attackers, “my key advice is to focus heavily on employee awareness and training,” Engel said. “From a corporate perspective, phishing [e.g., emails designed to trick employees into unwittingly sharing access and security information) remains one of the most persistent and effective threats. Despite it being a well-known risk, it continues to succeed because it targets human behavior and creates a sense of urgency or fear that elicits a response.”
“Looking ahead, we’re likely to see even more sophisticated phishing attacks driven by AI,” he continued. “These AI-generated emails can mimic human language with such accuracy that they become much harder to detect. IBM’s X-Force experimented with comparing AI-generated phishing emails with those written by humans. ChatGPT produced persuasive emails in minutes that produced just as high a click-through rate as human-written ones. With this level of speed and accuracy, businesses need to be on the front foot to protect themselves, partners and customers from evolving threats. To prepare for all of these cyber threats, organizations should invest in regular, realistic training scenarios and promote a culture of vigilance across all levels. In addition, implementing strong technical controls like email filtering, multi-factor authentication, and anomaly detection can further reduce the risk.”
new tech like blockchain and quantum encryption.
IATA’s advice is to adopt a proactive mindset — to assume a cybersecurity breach into your company/organization is inevitable, and to focus on detecting and responding to it in the most effective manner.
“Invest in cyber resilience, not just defense: ensure systems can recover quickly with minimal disruption,” said Macaulay. “Embed cybersecurity into procurement and digital transformation strategies, rather than treat it as an afterthought. Collaborate with peers and regulators to share knowledge and build sector-wide resilience.”
As for the future? “Looking ahead, the industry must prepare for supply chain cyberattacks, where vulnerabilities in vendors or partners can cascade,” Macaulay replied. “We’ll also see more AI-generated attacks, including deepfake voice commands or impersonation; quantum computing threats, which could compromise today’s encryption standards; and satellite communication system breaches, especially with the rise of connected aircraft and autonomous shipping. By anticipating these threats now, we can build more resilient and secure transportation ecosystems for the future.”
“The cybersecurity landscape in air transport is shifting fast — and the next wave of threats is already taking shape,” agreed Patel. “AI-powered threats are evolving fast, from self-learning malware to ultra-targeted phishing; it’s only going to get smarter. While quantum encryption still feels futuristic, it won’t be for long. Sensitive data needs long-term protection from what quantum computing could eventually crack. Meanwhile, as tech like biometrics, IoT [Internet of Things], and connected systems take off, everything’s connected and everything’s a potential target. That means security frameworks can’t stay static. They need to flex, evolve, and keep up. Shared intelligence. Joint monitoring. Industry-wide collaboration. That’s how we stay ahead of what’s next.”
The only good news? “Cybersecurity isn’t just an IT problem anymore,” Patel concluded. “It’s a business-critical issue and it’s finally getting the attention it deserves. It’s gone board-level. Today, it’s shaping decisions across operations, compliance, and customer trust.”
At the same time, we should not regard AI as just a threat, or a tool that will prevent that threat. With its ability to process, analyze, and synthesize data for human decision makers, AI has immense potential to do good. So while we develop AI as tools, we must build ethics into their operating systems, not just rules.