In partnership with
π Welcome to Unlocked
The recent aviation incident at LaGuardia sparked a familiar question:
Could a cyberattack cause something like this?
Itβs a serious question β and one that deserves more than a headline answer.
The short version is reassuring:
A direct, catastrophic crash caused purely by a cyberattack is highly unlikely today.
But the more important answer is more nuanced.
Cyber risk is becoming operational risk.
And in industries like aviation, that distinction matters.
π§ Aviation Was Built for Failure β Not Just Attack
Modern aviation is one of the most safety-engineered systems in the world.
Aircraft and airport operations rely on multiple overlapping layers:
air traffic control (ATC) systems
aircraft avionics
navigation systems (GPS, radar, ILS)
airline operations platforms
These systems are intentionally segmented and reinforced with redundancy.
Pilots can revert to manual control.
ATC has fallback communication methods.
Navigation systems cross-check each other in real time.
There is no single point of failure.
Thatβs why a direct cyber-triggered crash remains unlikely β the system is designed to absorb disruption.
β οΈ Where Cyber Risk Actually Lives
The real risk in aviation doesnβt sit inside the cockpit.
It sits around it.
Air Traffic Control Disruption
If attackers disrupted ATC systems, the immediate impact wouldnβt be loss of control β it would be loss of clarity.
Delays. Congestion. Ground stops.
In extreme cases, confusion becomes the risk factor.
But even here, controllers are trained for degraded environments and can revert to procedural separation.
π GPS Interference & Spoofing
GPS spoofing is not theoretical β it has already been observed globally, particularly in the Baltic region and the Middle East.
Potential impacts include:
incorrect positioning data
navigation inconsistencies
increased pilot workload
But aircraft donβt rely on GPS alone. Inertial navigation systems (INS) and ground-based aids provide backup validation.
The result is disruption β not immediate catastrophe.
βοΈ Airline IT & Operational Systems
This is where cyber incidents happen today.
Recent events have shown how attacks on airline systems can:
ground flights
disrupt crew scheduling
cascade delays across regions
These systems donβt fly the aircraft β but they shape the environment around them.
And that environment matters.
Because pressure is where risk begins to accumulate.
π The Real Question Isnβt βCan Hackers Crash a Plane?β
Can cyber create the conditions where something goes wrong?
To directly cause a crash, an attacker would need to:
penetrate highly isolated avionics systems
override multiple redundant safeguards
avoid detection by both systems and pilots
That combination is extremely difficult today.
But cybersecurity experts are increasingly focused on a different model: Cyber-induced conditions. Not control β but influence.
𧩠When Systems Fail Together
A realistic aviation cyber scenario wouldnβt look like a movie.
It would look like multiple small disruptions happening at once:
regional ATC degradation
GPS interference
conflicting system data
Individually manageable, Collectively destabilizing.
In that scenario, cyber doesnβt directly cause failure, it increases the probability of human error under pressure.
π The Bigger Shift: Aviation Is Becoming Software
The risk isnβt just in todayβs systems.
Itβs in where aviation is heading:
cloud-based airline operations
connected aircraft platforms
remote diagnostics and maintenance
Each layer adds capability; Each layer also expands the attack surface.
Complexity is growing faster than security maturity in some areas.
π‘οΈ What This Means for Security Leaders
Aviation reflects a broader shift happening across critical infrastructure.
The focus is moving:
From preventing breaches β to managing disruption
From system security β to system resilience
From isolated incidents β to multi-system scenarios
Resilient organizations are prioritizing:
segmentation of critical systems
Zero Trust access across operational environments
real-time anomaly detection
cross-system visibility
coordinated incident response
Because in complex environments, failure is rarely isolated.
π‘ Unlocked Tip of the Week
Ask this question:
βIf multiple systems degraded at once, would we still operate safely?β
Most security strategies are built around single incidents.
Real-world risk often isnβt.
π Poll of the Week
What concerns you most in aviation-style cyber scenarios?
π₯ Final Takeaway
A cyberattack causing a crash at LaGuardia today is unlikely.
But thatβs not the point.
The point is this: Cyber risk is now part of operational risk.
As systems become more connected, the line between digital disruption and physical consequence continues to narrow.
The organizations that prepare for that shift wonβt just be more secure.
Theyβll be more resilient when it matters most.
Stay ready. Stay resilient.
Until next time,
Meet Nick Marsteller - Head of Content
With a background in content management for tech companies and startups, Nick Marsteller brings creativity and focus to his role as the Head of Content at Everykey.
Over his career, Nick has supported organizations ranging from early-stage startups to global technology providers, driving initiatives across digital content and branding. With a background spanning SaaS, cybersecurity, and entrepreneurial ventures.
Outside of work, Nick loves to travel, attend concerts with friends, and spend time with family and his two cats, Ducky and Daisy.
Our Sponsor
Your Docs Deserve Better Than You
Hate writing docs? Same.
Mintlify built something clever: swap "github.com" with "mintlify.com" in any public repo URL and get a fully structured, branded documentation site.
Under the hood, AI agents study your codebase before writing a single word. They scrape your README, pull brand colors, analyze your API surface, and build a structural plan first. The result? Docs that actually make sense, not the rambling, contradictory mess most AI generators spit out.
Parallel subagents then write each section simultaneously, slashing generation time nearly in half. A final validation sweep catches broken links and loose ends before you ever see it.
What used to take weeks of painful blank-page staring is now a few minutes of editing something that already exists.
Try it on any open-source project you love. You might be surprised how close to ready it already is.