Ransomware attacks against airlines and airports surged 600% year-over-year in 2025, yet portable Electronic Flight Bags used by pilots are not subject to FAA cybersecurity certification
infrastructureinfrastructure0 views
Aviation-sector ransomware attacks increased over 600% in 2025 compared to the prior year, with major incidents including the Japan Airlines luggage system attack in 2024 and the Kuala Lumpur International Airport (KLIA) ransomware shutdown in March 2025 (attackers demanded $10 million USD). Meanwhile, portable Electronic Flight Bags (EFBs) -- tablet devices used by pilots for charts, performance calculations, and weight-and-balance -- are explicitly not subject to FAA airworthiness certification, with airlines and their vendors solely responsible for security. An infected EFB can serve as an entry point for denial-of-service attacks on connected onboard systems.
Why it matters: Airlines are increasingly dependent on connected digital systems for flight operations, ground handling, and passenger processing, so the attack surface for ransomware, data theft, and operational disruption expands with every new connected system, so a successful attack on operational technology (not just IT) can ground entire fleets for hours or days (as KLIA demonstrated), so portable EFBs represent an unregulated bridge between the general internet and flight-critical cockpit systems because pilots connect them to personal networks and airline Wi-Fi, so the FAA's proposed cybersecurity rulemaking (August 2024 NPRM) addresses only avionics certification standards and does not cover portable EFBs or ground-side operational technology.
The structural root cause is that aviation cybersecurity regulation has historically focused on the aircraft as an isolated system with air-gapped avionics, but modern connected operations (EFBs, ACARS datalinks, passenger Wi-Fi, IoT ground equipment) have dissolved that air gap -- and the FAA's certification framework (DO-326A/ED-202A) was not designed for the continuously evolving threat landscape of networked IT/OT convergence that characterizes modern airline operations.
Evidence
Ransomware attacks against aviation sector increased 600%+ in 2025 (Airways Magazine analysis). Japan Airlines suffered cyberattack disrupting luggage systems during peak travel in 2024. KLIA shut down by ransomware in March 2025 with $10M ransom demand. FAA issued cybersecurity NPRM in August 2024 for avionics airworthiness standards. Portable EFBs are explicitly not subject to aviation authority certification (per EASA and FAA guidance). SecurityScorecard 2024 report analyzed cyber risk across the global aviation industry. FDD (Foundation for Defense of Democracies) published 'Turbulence Ahead: Navigating the Challenges of Aviation Cybersecurity' in April 2025. Sources: Airways Magazine, IBM, SecurityScorecard, FDD, Kaspersky ICS CERT, Cockpit Innovation.