Cybersecurity in AAM: Protecting the Journey from User to Aircraft | The Ways We Move podcast

by with No Comment BusinessEnergyInfrastructureThe Ways We Move - Podcast

There are more solutions than obstacles. Nicolas Zart

As advanced air mobility (AAM) continues to connect cities, airports, and communities with electric and autonomous aircraft, the issue of cybersecurity takes center stage. In a recent episode of The Ways We Move podcast, I sat down with AJ Khan, CEO of Vehiqilla, to explore the critical challenges and solutions for securing every link in the mobility chain, from the individual user to the aircraft, airport, and beyond.

Why Cybersecurity Matters More Than Ever

The aviation industry is in the midst of a digital transformation. From cloud-based flight planning to real-time passenger services and predictive maintenance, nearly every aspect of modern aviation now depends on interconnected digital systems. This connectivity brings efficiency and innovation, but also exposes new vulnerabilities. In 2025, cyberattacks on airlines and airports are at an all-time high, with incidents ranging from ransomware and data breaches to denial-of-service attacks that can disrupt operations and compromise safety.

AAM magnifies these risks. Unlike traditional aviation, AAM ecosystems are deeply integrated, blending cloud software, autonomy algorithms, aircraft hardware, and ground infrastructure. Every node—from user devices and mobile apps to vertiports and third-party service providers—represents a potential entry point for cyber threats.

The Expanding Attack Surface

AJ Khan emphasized that cybersecurity in AAM is not just about protecting the aircraft. “We have to secure the entire journey,” he explained. This means considering:

  • User Devices: Mobile apps for booking and boarding are targets for data theft and fraud.
  • Connected Vehicles: eVTOLs, eSTOLs, and eCTOLs rely on software updates, remote commands, and real-time data—all of which can be compromised if not properly secured.

Airports and Vertiports: As critical infrastructure, airports are increasingly targeted by hackers seeking to disrupt operations or gain unauthorized access to sensitive systems.

Cloud and Third-Party Providers: Many AAM operations depend on cloud-based services for navigation, scheduling, and maintenance. A vulnerability in any provider can ripple across the ecosystem.

Real-World Threats and Incidents

Recent years have seen a surge in aviation-related cyber incidents. From ransomware attacks that lock airport systems to GPS spoofing and communication interference, the risks are both diverse and growing. In 2024, for example, a cyberattack on Germany’s air traffic control agency disrupted IT infrastructure, while similar attacks have targeted airports across Asia and the Middle East.

The consequences are not limited to inconvenience. In AAM, where autonomy and safety intersect in dense urban environments, a single cyber failure can quickly become a safety-of-life event. A compromised scheduler could ground an entire fleet, while a spoofed GPS signal might steer an aircraft into restricted airspace.

NASA AAM eVTOL operations
NASA AAM eVTOL operations

Building Security from the Ground Up

Khan and I discussed the urgent need for a comprehensive, end-to-end approach to cybersecurity in AAM. This means:

  • Designing for Security: Treating every connection as potentially untrusted and building security into systems from the earliest design phases.

Continuous Monitoring and Improvement: Regularly updating and patching software, monitoring for suspicious activity, and learning from incidents to strengthen defenses.

Industry Collaboration: Sharing threat intelligence and best practices across manufacturers, operators, airports, and regulators to stay ahead of evolving threats.

The Regulatory Challenge

While regulatory bodies like the FAA, EASA, and ICAO have established cybersecurity standards for traditional aviation, these frameworks often fall short for AAM and autonomous operations. The complexity of distributed, highly automated systems requires new approaches—such as adopting the NIST Cybersecurity Framework and developing standards tailored to AAM’s unique needs.

Trust, Safety, and the Future

Ultimately, the success of advanced air mobility depends on trust. Passengers, operators, and the public must have confidence that every part of the system—from user apps to aircraft and airports—is secure. As Khan noted, “Cybersecurity is not just an IT issue; it’s a safety and trust issue at the heart of the AAM revolution.”

As we look to a future where urban skies are filled with electric and autonomous aircraft, robust cybersecurity will be the foundation that enables safe, efficient, and resilient mobility for all.

Listen to the full conversation with AJ Khan of Vehiqilla on The Ways We Move podcast for deeper insights into the challenges and opportunities of cybersecurity in advanced air mobility.

For more The Ways We Move episodes, see here:

▶️ Watch on YouTube: https://www.youtube.com/@TheWaysWeMove 📺

🔊 Apple Podcasts: https://podcasts.apple.com/ca/podcast/the-ways-we-move/id1797599255 🔊

🎙️ Amazon Podcasts: https://music.amazon.com/podcasts/cd3349e1-275f-4691-ae38-f1b6a153d5e5/the-ways-we-move 🎙️

🎧 Listen on Spotify: https://open.spotify.com/show/4V0qe3eZqublwn6dasXWCf 🎧

📻 iHeart Radio: https://www.iheart.com/podcast/269-the-ways-we-move-268614085/ 📻

🌱 Buzzsprout: https://thewayswemove.buzzsprout.com/ 🗣️

📢 Subscribe for more insights into the future of mobility and support the show! https://www.buzzsprout.com/2428454/supporters/new 📡