There are more solutions than obstacles. Nicolas Zart
In the latest episode of The Ways We Move podcast, host Nicolas Zart sits down with AJ Khan, founder of Vehiqilla, to explore the urgent and evolving role of cybersecurity in advanced air mobility (AAM). As electric and connected aviation technologies proliferate, Khan argues that cybersecurity can no longer be treated as a siloed IT issue—it must be woven into every layer of operations, infrastructure, and business strategy.
Cybersecurity: More Than Just IT
Khan, a veteran of both the automotive and aviation sectors, explains that cybersecurity is not simply about protecting servers or networks. In the context of AAM, it’s about ensuring the health of an entire digital ecosystem, covering everything from eVTOL fleets and vertiports to booking platforms and passenger data. He likens cybersecurity to nutrition for the digital world: essential for resilience, continuity, and trust.
The Complex Web of Connected Mobility
Modern mobility is a patchwork of interconnected systems. A single passenger’s journey might involve ride-hailing, airport check-ins, airline networks, and international rail, all of which exchange sensitive data. Khan points out that every touchpoint is a potential vulnerability, and the weakest link is often the human element. From phishing attacks to malicious apps on vehicles, the risk landscape is vast and constantly shifting.
Fleet Operations: A New Frontier for Security
Unlike traditional IT environments, connected fleets—whether cars, drones, or eVTOLs—move through physical and digital spaces, interacting with countless external systems. Khan emphasizes the need for dedicated fleet security operations centers (Fleet SOCs) that go beyond conventional IT security. Protecting these assets requires real-time monitoring, robust governance, and a clear understanding of where data flows and resides.
Open Source vs. Closed Source: The Debate Continues
The conversation also touches on the pros and cons of open source versus proprietary software for critical mobility systems. While open source can benefit from broad scrutiny and rapid patching, it also places the burden of updates and security on operators. Closed systems may offer tighter control but can obscure vulnerabilities.
The Path Forward: Security by Design
Khan’s core message is that cybersecurity must be “by design, not by default.” This means embedding risk assessment, governance, and user training into every stage of AAM development and deployment. As the industry matures, collaboration between manufacturers, operators, regulators, and end users will be essential to keep pace with evolving threats.