Aviation Cybersecurity with Serge Christiaans

December 11, 2025

49 min episode · 2 min read

Serge Christiaans

Episode

49 min

Read time

2 min

AI-Generated Summary

Published Dec 22, 2025

Key Takeaways

✓Pilot Cyber Training Gap: Only 20% of pilots globally receive actual simulator training for cyber attacks; the remaining 80% receive only memos, leaving them unprepared to identify GPS spoofing versus jamming or respond to contradictory instrument data during flight operations.
✓Aircraft Engine Vulnerability: Modern aircraft engines continuously transmit telemetry data to manufacturers, creating a potential attack vector where nation-state actors could theoretically send commands to disable engines mid-flight, transforming aircraft into gliders with catastrophic consequences for passenger safety.
✓Just Culture Implementation: Aviation's just culture encourages incident reporting without punishment, enabling organizational learning. Cybersecurity teams should adopt this approach since blame culture prevents employees from reporting phishing clicks, allowing network compromise within seventeen minutes instead of immediate mitigation.
✓Legacy Protocol Risks: ARINC 429 communication bus, designed in the 1970s before cybersecurity existed, remains vulnerable to message injection and spoofing attacks. Newer protocols like ARINC 664 support encryption but only exist on recently manufactured aircraft, leaving decades of vulnerable systems operational.

What It Covers

Serge Christiaans, former Dutch Air Force pilot and CISO, explains how modern aircraft function as flying server rooms with hundreds of computers vulnerable to GPS spoofing, engine hacking, and nation-state cyber warfare targeting critical aviation infrastructure.

Key Questions Answered

•Pilot Cyber Training Gap: Only 20% of pilots globally receive actual simulator training for cyber attacks; the remaining 80% receive only memos, leaving them unprepared to identify GPS spoofing versus jamming or respond to contradictory instrument data during flight operations.
•Aircraft Engine Vulnerability: Modern aircraft engines continuously transmit telemetry data to manufacturers, creating a potential attack vector where nation-state actors could theoretically send commands to disable engines mid-flight, transforming aircraft into gliders with catastrophic consequences for passenger safety.
•Just Culture Implementation: Aviation's just culture encourages incident reporting without punishment, enabling organizational learning. Cybersecurity teams should adopt this approach since blame culture prevents employees from reporting phishing clicks, allowing network compromise within seventeen minutes instead of immediate mitigation.
•Legacy Protocol Risks: ARINC 429 communication bus, designed in the 1970s before cybersecurity existed, remains vulnerable to message injection and spoofing attacks. Newer protocols like ARINC 664 support encryption but only exist on recently manufactured aircraft, leaving decades of vulnerable systems operational.

Notable Moment

Christiaans reveals that aviation manufacturers refuse to disclose which aircraft models contain secure communication protocols, making penetration testing impossible since tests require engines running mid-flight, creating an effective air gap that prevents security validation of critical flight systems.

Know someone who'd find this useful?