Aviation

The threat picture

Aviation cyber is two stories at once. There is the safety-critical avionics and air-traffic stack — heavily regulated, narrowly scoped. And there is the much larger surface area around it: airport ground systems, baggage handling, fuel, lighting, security, passenger systems, and the cloud-connected platforms supporting all of it.

The non-flight-deck stack is where most operational cyber incidents land. xCIRT works in that surface area.

What xCIRT covers

• Airport ground systems — Baggage, common-use passenger processing, security screening systems, and operational coordination platforms.
• Airport OT — Lighting, energy, HVAC, and the PLC-controlled systems supporting the terminal and airfield.
• Ground operations — Fuel, catering, and ramp coordination IT, often spanning multiple tenants and contractors.
• Vendor and contractor access — Aviation environments have unusually high third-party access into operational systems.

Where we help

• Aviation-sector IR playbooks including ground-system compromise with operational impact, and OT exposure via vendor/contractor access.
• SOCI / CIRMP readiness sized for airport operators.
• Multi-tenant risk modelling — recognising that an airport’s exposure includes its tenants and contractors.
• 24/7 retainer engagements with sector-aware responders.

The questions we usually start with

• If passenger-processing systems went down tonight, what is the operational fallback, and how long does it hold?
• Which contractors and tenants have access into your operational network, and how is it audited?
• Is your IR plan written to the regulator’s expectations, or to the news cycle’s? They are not the same plan.