Wedoany.com Report on Feb 10th, The aviation industry relies on complex digital systems designed with stability, safety, and long lifecycles in mind, but this also presents unique cybersecurity challenges. A breach can quickly trigger operational and public trust crises. In an interview with Help Net Security, Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, shared insights on securing safety-critical environments during modernization and why resilience and continuity are paramount. DeFiore also discussed risk management strategies within the aviation ecosystem.

In the modernization journey of the aviation industry, precision and reliability are prioritized over speed. Many aircraft and their operational systems were originally designed with stability and compliance certification as core principles, rather than rapid iteration. Companies enhance overall security by deliberately deploying modern controls around legacy and safety-critical systems—such as strengthened authentication, network segmentation, and continuous monitoring—while avoiding the introduction of new operational risks. Every change in technology or process must measurably improve security, reliability, or resilience; cybersecurity initiatives adhere to this same fundamental principle.

An airline's identity is multifaceted and hybrid: it is both an information technology enterprise, a logistics operator, and a provider of safety-critical infrastructure. This complexity profoundly influences the formulation of its cybersecurity strategy. Cybersecurity incidents in aviation can rapidly escalate into operational disruptions or even safety issues; therefore, protection strategies consistently revolve around operational continuity, system resilience, and trust building. The assessment of cyber risks is directly linked to their impact on the airline's ability to safely take off and land aircraft, schedule crews, and transport passengers. Cybersecurity leaders must comprehensively understand the business, from flight operations to compliance constraints, to develop practical and effective protection systems.

The deep interconnectedness of the aviation ecosystem means risks stem not only from within the company but also involve numerous external entities like airports and manufacturers, many of which are beyond an airline's direct control. Therefore, the starting point for risk management lies in enhancing visibility and building collaborative partnerships. Companies must invest resources to clarify their dependencies, identify critical third parties and system bottlenecks, and evaluate them through scenario analysis and operational impact modeling. Information sharing is crucial in this process; often, early threat awareness is more important than pursuing perfect controls. Companies must assume that operational disruptions could originate externally and focus their objectives on rapid detection, accurate impact understanding, and flexible adaptation—in this context, building resilience and cross-organizational coordination capabilities are as critical as contractual obligations.

When cybersecurity incidents involve passengers on the ground or in the air, the complexity of crisis decision-making increases significantly. Such decisions cannot be made in isolation; they require close collaboration between the cybersecurity team and multiple departments such as operations, safety, and legal to ensure actions balance security needs, operational continuity, and public trust. Pre-incident planning and cross-departmental drills become key. Clear emergency response plans and decision-making authority help teams respond swiftly and orderly under pressure. Trust is built on respect for the missions of various professional domains and the sharing of outcomes. Shared responsibility is based on deep collaborative relationships, with cybersecurity positioned as a key enabler supporting the safe operation of aviation.