Q&A with Gogo’s Chief Information Security Officer on Airborne Cybersecurity
We sat down with Gogo's Chief Information Security Officer (CISO), Brett Bradshaw, to discuss the airborne cybersecurity landscape and the comprehensive solutions that Gogo has in place to keep corporate and customer data secure while connected in flight.
Q1: We all know that cybersecurity is important, but what is Gogo doing to ensure corporate and customer data stay safe?
At Gogo, we take a proactive approach to airborne cybersecurity. Rather than being reactive, this approach allows us to stay ahead and be prepared to thwart any potential threats. We leverage state-of-the-art enterprise networking design, and we continuously monitor and analyze our networks and systems to identify any potential risks.
Because we are a publicly traded company, we must comply with a number of regulations. We partner with the FAA to ensure that we are in compliance with all standards. Ultimately, we want our shareholders and our customers to feel confident and secure in knowing what we do to protect our corporate and customer data – at all times.
Q2: How does Gogo secure its network compared to public Wi-Fi networks?
Gogo Business Aviation takes care to thoroughly design and build security into each of the components of our airborne connectivity solutions. That includes our onboard products, our networks, and all of the services that we provide. Because we own our network, we can design each link for security and continuously monitor and analyze these links for potential security risks.
For example, our airborne connectivity system acts as a router that separates and secures the aircraft cabin LAN from the data bearers that provide access to the internet. Once your data leaves the router through the ATG antenna and onto the Gogo ATG network, it is transmitted to our base stations via the Gogo-licensed spectrum with proprietary link encapsulation. These base stations are connected to the Gogo Data Center through cables, known as the backhaul, that are Gogo-owned and secured. Our Gogo Data Center is constantly monitored and firewalls separate key components of our network.
Q3: How important is Gogo’s infrastructure, like data centers and its NOC, relative to keeping data secure?
Gogo’s infrastructure is key in preventing cyberattacks. As I previously mentioned, because we own, operate and maintain our networks we are confident in the security we provide our customers.
Gogo’s Network Operations Center (NOC) enables continuous monitoring and support of our airborne network. The NOC houses our staff of data systems analysts, as well as wireless and IP support analysts who provide Tier 1 and 2 support around the clock. The NOC allows us to quickly identify and respond to potential threats in an access-controlled environment for assured security.
Gogo also employs best practices in design, development and maintenance of our systems and network. We conduct monthly system vulnerability assessments, routine penetration tests and firewall analysis, firewall audits, and awareness training. These are just a few of the things we do to continuously assess the security of our systems and staff. We also are diligent in complying with FAA cybersecurity guidelines, keeping up-to-date on compliance certifications, and reviewing our security policies in relation to any potential cyber threats to our systems.
Q4: How can customers protect themselves when they connect during a flight?
First and foremost, I recommend that our customers always refer to their organization’s guidelines on connecting remotely. But others things that can be done include:
- Use a VPN when you connect to the network.
- Enable an adblocker to protect from malicious ads.
- Install and update an end-point protection service (like anti-virus or anti-malware), and use two-factor authentication as much as possible.
- Use a password manager to store passwords, instead of in an unprotected Word doc or spreadsheet, for example.
And, for further protection customers can use a privacy screen to protect passwords or information on their computers.
Q5: How does Gogo view cybersecurity in the years to come? What does the future hold?
At Gogo, we believe that cybersecurity is a journey, not a destination. We are constant in our pursuit of the safest and most secure experience for our customers. Because we develop our own hardware, design our own software, and own and manage our own network, we are uniquely positioned to be pioneers in defining a cybersecurity posture for the entire business aviation industry.
Now and into the future, we’ll continue to work closely with the FAA and other aviation stakeholders to define cybersecurity standards that will allow us to anticipate and protect against current and future cyber threats. Ultimately, our goal is to give our customers the security and knowledge they need to trust Gogo with their personal and business lives online and in the air.