The Resilience Brief
High level thinking and out of the box perspectives to Cybersecurity, AI governance, and protective technology.
The Resilience Brief
Airborne Resilience: Digital Exposure in UHNW Aviation Mobility
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This document outlines a research framework for airborne resilience, focusing on the digital vulnerabilities of ultra-high-net-worth individuals during private air travel. Rather than focusing on aircraft hacking, the text highlights how intelligence leakage and digital kidnapping occur through flight tracking, service provider breaches, and insecure ground-side connectivity. It identifies the entire aviation service chain, including charter brokers and FBOs, as a primary surface for operational compromise and extortion. By introducing the WEM-xa scoring model, the source provides a structured method to evaluate risks across the full journey, from pre-flight planning to post-flight movement. Ultimately, the research argues that while physical security in aviation is mature, a significant gap exists in protecting the identity and privacy of high-value travelers.
Imagine like paying fifty million dollars for a state-of-the-art private jet.
SPEAKER_01Right.
SPEAKER_00I mean the whole goal is guaranteeing your total anonymity and security. So you step out of a blacked out SUV, you walk straight onto the tarmac, and the cabin doors seal shut.
SPEAKER_01The ultimate VIP experience.
SPEAKER_00Exactly. You think you're inside this impenetrable fortress at 40,000 feet. But uh what if the catering company that just delivered your coffee to the plane accidentally broadcast your exact location, your secret meeting itinerary, and your passenger list to the entire internet?
SPEAKER_01Yeah, that illusion of the sealed metal tube, it shatters pretty quickly when you actually look at the data trailing behind it.
SPEAKER_00It really does. And that is exactly what we're looking at today. We are doing a deep dive into a really fascinating research white paper. It's called Airborne Resilience for UHNW Mobility.
SPEAKER_01And UHNW, just to clarify it, stands for ultra-high net worth.
SPEAKER_00Right. And this paper exposes a massive, often overlooked blind spot in private aviation. But before we get into the actual mechanisms of how all this data leaks out, we really need to draw a very firm line in the sand regarding what this research is actually about.
SPEAKER_01We do, because you know, when people hear phrases like hacking airplanes, they immediately picture a Hollywood thriller.
SPEAKER_00Oh, yeah. Someone sitting in a dark van with a laptop, typing furiously to take over the flight controls and like bring the plane down.
SPEAKER_01Aaron Powell Right, which is completely out of scope here. The researchers are incredibly disciplined about establishing a strict safety boundary. The avionics, the safety systems, the literal flying of the aircraft, those are heavily segmented and highly secure.
SPEAKER_00Aaron Ross Powell So the plane isn't going to crash?
SPEAKER_01No. The plane isn't going to crash. What we are analyzing is a concept the paper calls digital kidnapping.
SPEAKER_00Digital kidnapping. Okay.
SPEAKER_01Yeah. It is the coercive extraction of a VIP's identity, their communications, and their operational metadata. It's entirely about compromising the passenger without ever touching the aircraft's navigation.
SPEAKER_00Aaron Powell Wow. Okay, so even if you are listening to this right now and you fly commercial and economy, the way data bleeds out of these supposedly elite, ultra secure environments, it is going to completely change how you view your own travel footprint.
SPEAKER_01Oh, absolutely.
SPEAKER_00So let's trace the journey. Let's say the doors haven't even closed yet, the plane hasn't even taken off. How is the illusion of invisibility already broken?
SPEAKER_01Well, it breaks because actionable intelligence is structurally available by design. I mean, for any aircraft to operate safely in modern congested airspace, it literally cannot hide. It has to broadcast its presence.
SPEAKER_00A safety feature.
SPEAKER_01Exactly. Airplanes continuously transmit what are called ADS B out signals. And this isn't like some encrypted back channel to air traffic control. It's an unencrypted, open radio broadcast, transmitting the aircraft's specific identity, its position, altitude, and its velocity.
SPEAKER_00Aaron Powell, I know this involves an ICO address, right? Yeah, it does. Basically, a unique 24-bit alphanumeric code assigned to the airframe itself. So it's essentially a permanent digital license plate being yelled into the sky like twice a second.
SPEAKER_01Yes, that permanent digital license plate is the root of the entire issue. And the aviation industry knows this is a massive privacy loophole. I would hope so. Oh yeah. Over the years, the Federal Aviation Administration has tried to patch it with programs like LADD, which stands for limiting aircraft data displayed. And there's another one, the PIA program, the Privacy ICAO Aircraft Address Program. Right. And even more recently, the FAA Reauthorization Act of 2024 included new provisions that allow private owners to withhold their registration information from public display.
SPEAKER_00But and this is a big but those programs only scrub the data from official government feeds, right? Exactly. Like it's like paying millions for a VIP unlisted phone number, but your phone constantly shouts your exact GPS coordinates to anyone with a cheap receiver. Because if I I'm an intelligence broker or just a really dedicated teenager, I don't need the FAA's website. Then you don't. I can just buy a cheap radio receiver, point it at the sky, and pick up that raw ADSB broadcast directly from the plane. Does that flight observability ever truly disappear?
SPEAKER_01It really doesn't. And we saw the real world consequences of that raw data collection blow up pretty recently. Back in 2024, Meta suspended multiple high-profile celebrity jet tracking accounts across all their platforms.
SPEAKER_00Oh, right. I remember that.
SPEAKER_01Yeah, they cited severe privacy violations and the risk of physical harm to the individuals. But the crucial detail here is that those trackers weren't hacking anything.
SPEAKER_00Wait, they weren't doing anything illegal.
SPEAKER_01Not at all. They were simply listening to the unencrypted signals the planes are legally mandated to broadcast and then cross-referencing it with open source intelligence.
SPEAKER_00Wow. So the targeting graph is built before a cyber criminal even tries to bypass a firewall.
SPEAKER_01Exactly. They have the tail number, they look at corporate ownership structures, they scan the social media posts from the principal's entourage, and suddenly, boom, the anonymous jet is fully identifiable.
SPEAKER_00So the vulnerability isn't necessarily a broken system. The vulnerability is just the transparency of the ecosystem itself.
SPEAKER_01You hit the nail on the head.
SPEAKER_00Okay, so if the aircraft is inherently broadcasting its location, what about the humans organizing the flight? I mean, we don't even need to look at the sky, if we can just look at the vendors on the ground.
SPEAKER_01Aaron Powell Right. The paper refers to this as the aviation service chain. And it is a sprawling, highly fragmented web of third parties. Private aviation relies heavily on FBO's fixed base operators.
SPEAKER_00Aaron Powell Which are essentially the private terminals.
SPEAKER_01Yes. And there are nearly 3,000 of them in the United States alone. Then you add in the charter brokers, the catering teams, concierge services, crew schedulers, ground transport.
SPEAKER_00Aaron Powell It's a massive list of people.
SPEAKER_01It is. And every single one of these vendors requires a piece of the principal's itinerary just to do their job.
SPEAKER_00Aaron Powell Okay, but come on, let me push back a bit here.
SPEAKER_01Sure.
SPEAKER_00Trevor Burrus, Jr.: If a cyber criminal intercepts an email to a caterer and finds out a CEO ordered, I don't know, gluten-free meals for a flight to Geneva, who cares? How does a catering invoice or a ground transport schedule actually hurt a billionaire?
SPEAKER_01Well, think about the operational metadata embedded in that simple catering order. It tells an attacker exactly when the principal is leaving. It tells them who they are traveling with based on the number of meals.
SPEAKER_00Oh, right, because if you order five meals, they know it's a party of five.
SPEAKER_01Exactly. Plus, it gives away their precise destination and the duration of the flight. That is golden intelligence for corporate espionage or physical extortion.
SPEAKER_00So the food order is basically a tactical dossier.
SPEAKER_01It really is. And the aviation industry operates with this huge structural contradiction here. They have extremely mature physical security, you know, armed guards, discrete boarding, fenced-in tarmacs, but their digital governance is incredibly immature.
SPEAKER_00And we've seen this play out with massive breaches, haven't we?
SPEAKER_01Unfortunately, yes. In 2021, a company called Solaris Aviation had a major breach. And the mechanism there wasn't an attack on their own internal server.
SPEAKER_00Where was it?
SPEAKER_01The scheduling and tracking data was hosted on a third-party aviation management platform called Avianus, which was just sitting in Microsoft Azure cloud storage.
SPEAKER_00Wait, if I'm a billionaire paying a premium for extreme privacy, why is my sensitive itinerary sitting in some ground transport vendor's unsecure cloud? Is the industry just blind to this?
SPEAKER_01It's more about how the cloud works. When we talk about data sitting in Microsoft Azure or AWS, the vulnerability usually isn't Microsoft's fault. It's often a misconfigured storage bucket by the vendor. It's the equivalent of renting a highly secure bank vault, but a third-party software developer accidentally leaves the combination on a post-it note on the front door because they forgot to toggle a basic privacy setting.
SPEAKER_00That is terrifying.
SPEAKER_01And the stakes are escalating. Just in 2025, NetJets, which is like the absolute pinnacle of fractional private aviation for ultra-high net worth clients, they reportedly investigated a data breach affecting a small number of their owners.
SPEAKER_00Oh, wow. NetJets.
SPEAKER_01Yeah. And the reporting indicated that an attempt at extortion actually followed the exfiltration of that client information.
SPEAKER_00And this third-party vendor risk, it isn't just isolated to private jets, is it? Commercial airlines are dealing with the exact same supply chain exposure.
SPEAKER_01Totally. Also in 2025, both WestJet and Qantas faced major incidents. Quantas reported the exposure of up to six million customer records.
SPEAKER_00Six million.
SPEAKER_01Yeah, and the entry point was a third-party customer service and analytics platform. The principal's exposure is overwhelmingly more likely to happen through a mundane workflow system like a scheduling API or a catering portal than through an attack on the aircraft itself.
SPEAKER_00Okay, so if the third-party apps are a massive sieve for data, what happens when the VIP bypasses them and walks into the private terminal itself? Because the paper paints a pretty intense picture of ground site proximity threats.
SPEAKER_01It does. The ground site environment is actively being hunted by sophisticated syndicates right now. In June 2025, the FBI and CISA issued major warnings about notorious cybercrime groups, specifically Scattered Spider and Muddled Libra.
SPEAKER_00Those names always sound so weird, but they are serious threats.
SPEAKER_01Very serious. These are groups known for aggressive social engineering and targeting supply chains. And the agencies warned they had explicitly expanded their operations into the aviation sector.
SPEAKER_00And September 2025 gave us the real-world impact of that, didn't it? There was a massive cyberattack on Collins Aerospace.
SPEAKER_01Right. The company that provides the underlying check-in and boarding software for major global airports.
SPEAKER_00So what happened there?
SPEAKER_01That attack disrupted operations at Heathrow, Brussels, Berlin. Baggage tagging and boarding systems went completely dark. Airports had to resort to massive manual workarounds.
SPEAKER_00Like writing out boarding passes by hand.
SPEAKER_01Exactly. And when you apply that chaos to a VIP, it transforms a logistical inconvenience into a severe exposure event. They are stuck in a terminal, their predictable movement is halted, and their security detail is suddenly managing a static target instead of a moving one.
SPEAKER_00Aaron Powell Which brings up a concept from the paper that frames executive travel brilliantly. They call it a high trust, high fatigue environment.
SPEAKER_01That's such a great way to put it.
SPEAKER_00Right. Think about this from a human behavior standpoint. You just landed at two in the morning, your flight was delayed, and your staff is just exhausted. You walk into a private VIP lounge. Yeah. Because it costs like $5,000 an hour to be there, you naturally trust the environment. You just need to charge your phone or send a quick email.
SPEAKER_01And cybercriminals deeply understand that human exhaustion, the FBI and the FCC have been sounding the alarm on juice jacking.
SPEAKER_00Juice jacking. Explain that one.
SPEAKER_01When you plug a USB cable into a public charging station, you think you're just drawing power. But a USB cord has four wires, two for power and two for data.
SPEAKER_00Uh-oh.
SPEAKER_01Right? If a bad actor has compromised that charging kiosk, those data pins are secretly negotiating a connection to install malware or exfiltrate files while you sit there completely oblivious.
SPEAKER_00Aaron Powell Because you're so tired you don't even think about it. And it goes beyond physical cables, too. NIST and CISA constantly issue warnings about Bluetooth and public Wi-Fi vulnerabilities.
SPEAKER_01Aaron Powell Exactly. Devices constantly scan for connections. Bluetooth low energy beacons are always whispering, you know, asking what devices are nearby.
SPEAKER_00What's fascinating here is that an attacker doesn't need to deploy a highly complex zero-day exploit. They don't need a rare, previously unknown software vulnerability. They just sit in an airport lounge with a laptop and wait.
SPEAKER_01Aaron Powell Wait, for what?
SPEAKER_00For a highly protected CEO or their exhausted chief of staff to connect a tablet to a shared conference room printer or plug into an unmanaged wall port, groundside proximity attacks exploit human nature and fatigue.
SPEAKER_01Okay. Let's assume the VIP's security detail is absolutely flawless. They survive the lounge, they don't plug into the USB port, they keep their Bluetooth off, they finally board the plane, the doors are sealed, and they are airborne. The physical isolation is complete.
SPEAKER_00Okay.
SPEAKER_01But digitally, the paper argues this is where their communications are most exposed.
SPEAKER_00Aaron Powell Yes. In many ways, the confidentiality of their data peaks in vulnerability at cruising altitude. And that is primarily because of Cabin Wi-Fi and SCOM satellite communication systems. Aaron Powell How bad is it?
SPEAKER_01Well, foundational research by a security firm called IOActive analyzed widely deployed satellite terminals used in aviation. They found massive systemic vulnerabilities. We are talking about hard-coded credentials.
SPEAKER_00Aaron Powell Meaning factory default administrative passwords programmed into the firmware. Passwords that the end user cannot easily change or just never bothers to.
SPEAKER_01Exactly. It's basically leaving the master keys under the doormat of the network. Wow. And they were using incredibly weak, outdated encryption algorithms for the management interfaces. But you know, the risk isn't just historical configuration errors.
SPEAKER_00There's more.
SPEAKER_01Yeah. A 2026 report from UC San Diego analyzed broad satellite communications and found significant amounts of highly sensitive, completely unencrypted network traffic being broadcast over massive geographic footprints.
SPEAKER_00Wait, let me stop you there. Unencrypted. So the satellite is taking the CEO's emails or celebrities' private messages and just beaming them down to Earth like a public radio station.
SPEAKER_01If the underlying communication link isn't secured with strong encryption, or the device configuration is weak.
SPEAKER_00Yes, the data is just falling from the sky.
SPEAKER_01That is insane.
SPEAKER_00And the paper anchors this threat with a very specific piece of evidence. At the Black Hat Security Conference in 2020, researchers demonstrated what they called satellite eavesdropping. They successfully intercepted in-flight passenger internet traffic from the ground.
SPEAKER_01See, here's where it gets really interesting to me. I assumed pulling off a satellite data intercept would require military-grade technology, like an intelligence agency with millions of dollars of hardware.
SPEAKER_00Nope.
SPEAKER_01The researchers at Black Hat pulled this off with about $300 of equipment.
SPEAKER_00$300 of standard television equipment.
SPEAKER_01Really, just TV stuff.
SPEAKER_00Yeah. Because satellite beams are wide. They cover thousands of square miles. If you know roughly where an aircraft is, which we already established you do, because it's constantly broadcasting its ADSB signal.
SPEAKER_01Right. You can take a cheap satellite dish with a standard L and B receiver, pointed at the general area of the sky, and catch the digital downstream exhaust coming off that aircraft satellite link.
SPEAKER_00So someone can sit in a parking lot with gear they bought at a big box electronics store for the price of a decent microwave and spy on a corporate merger being discussed at 40,000 feet.
SPEAKER_01It absolutely proves the paper's central thesis. The aircraft's flight controls are safe. But the confidentiality of the passenger is completely shattered. You have a predictable travel window, potentially weak device hygiene from an exhausted passenger, and high-value corporate communications all funneling through a single vulnerable satellite link broadcast over a massive area.
SPEAKER_00Okay, we have to address the cinematic threats now. Because the moment you discuss billionaires, private jets, and corporate espionage, people immediately imagine assassin drones and laser beams.
SPEAKER_01Of course they do.
SPEAKER_00So to truly understand airborne resilience, we need to separate the confirmed engineering risks from speculative spy novel fantasies.
SPEAKER_01And I think the paper handles this beautifully by utilizing a strict evidence taxonomy. They don't just list threats to scare people, they classify them systematically.
SPEAKER_00How does that work?
SPEAKER_01Every vector is tagged as confirmed, demonstrated, analogous, hypothesized, or speculative.
SPEAKER_00So it keeps the research grounded in reality rather than paranoia.
SPEAKER_01Exactly.
SPEAKER_00Take drones, for example. Are they a threat to aviation?
SPEAKER_01Yes, but the paper classifies drones specifically as confirmed airspace disruption tools. We saw the 2018 Gatwick Airport incident where a drone sighting halted operations and affected 140,000 passengers.
SPEAKER_00That was a huge mess.
SPEAKER_01Right. And just recently, in September 2025, authorities handled major drone disruptions at Copenhagen and Oslo airports, executed by what they termed capable operators. So disruption is confirmed.
SPEAKER_00But using a drone to fly information next to a Gulf Stream mid-air to try and hack its local Wi-Fi network.
SPEAKER_01Ugh. The taxonomy strictly tags that as hypothesized. It is technically plausible based on the laws of physics and the existence of wireless networks, but there is zero public evidence of an attacker successfully executing a mid-air drone hack against UHNW aviation.
SPEAKER_00And the paper consigns the really exotic side channel attacks to Appendix C, things like the MIT visual microphone.
SPEAKER_01Right. The visual microphone is a fascinating, demonstrated scientific technique.
SPEAKER_00How does it work?
SPEAKER_01Researchers proved they could recover audio-like human speech simply by analyzing the microscopic vibrations of objects captured on video. They filmed a potato ship bag or a soundproof glass window from a distance, measured the tiny visual distortions caused by sound waves hitting the surface, and reconstructed the audio of the conversation inside the room.
SPEAKER_00That sounds like science fiction.
SPEAKER_01It really does.
SPEAKER_00So an attacker could theoretically point a laser at the window of a private jet while it's taxiing on the runway and listen to the CEO's phone call.
SPEAKER_01Theoretically, yes. But the researchers exercise incredible restraint here. They classify these exotic threats as demonstrated in general, but speculative for aviation.
SPEAKER_00Because it's too hard to do on a plane.
SPEAKER_01Exactly. The physics are real, but maintaining a laser lock on the vibrating window of a moving aircraft cabin with engine noise and atmospheric distortion hasn't been proven outside a lab. By pushing that to the appendix, the paper maintains its credibility.
SPEAKER_00They force security teams to focus on the boring, highly effective attacks, like a compromise catering invoice, rather than the cinematic one.
SPEAKER_01Exactly.
SPEAKER_00Which leads to the ultimate question for the people actually tasked with protecting these VIPs. With this chaotic mix of vendor leaks, unencrypted satellites, and exhausted staff, how does a security fiduciary actually measure and govern all this risk?
SPEAKER_01Well, the paper introduces a mathematical framework for this called the Wemisa. That's the Wilson Exposure Model for Airborne Resilience.
SPEAKER_00Okay, Wemisa.
SPEAKER_01Yeah. It scores every potential exposure on a scale of zero to six based on a specific set of variables. It looks at the relevance to UHW individuals, the capability required by the attacker, the access needed, the attacker's motivation, the plausible impact, the observability of the attack, and the difficulty of mitigating it.
SPEAKER_00Aaron Powell Let's actually test this. Walk me through how the formula applies to a real scenario. Sure. Say I'm a high-profile executive and someone on the ground intercepts my unencrypted satellite Wi-Fi data at cruising altitude. How does the WemXa score that threat?
SPEAKER_01Let's run the variables. The relevance to a high profile executive is a six extremely high. The capability required by the attacker. We just established it only takes $300 of TV equipment, so the barrier to entry is very low, which paradoxically raises the risk score because anyone can do it. That makes sense. The attacker's motivation for corporate espionage might be a five, but the variable that acts as a massive multiplier in the formula is observability.
SPEAKER_00I noticed that in the methodology. If we look at this formula, lower observability actually increases the final risk score.
SPEAKER_01Yes, because it's the digital equivalent of a pickpocket. If someone physically mugs you in an airport, the observability is very high. You know you've been robbed, you cancel your cards, and you call security immediately. Right. But if an attacker sits in a parking lot miles below the aircraft and quietly vacuums up your unencrypted satellite data, the observability is zero. The principal has absolutely no idea it happened until weeks later when their private emails end up on the dark web or a corporate merger is mysteriously front-run by a competitor.
SPEAKER_00So the danger isn't just the data they steal, the danger is that you don't even know you've been robbed until it's too late.
SPEAKER_01Exactly. And that invisible metadata collection feeds directly into the paper's ultimate warning, which is digital kidnapping.
SPEAKER_00Right, going back to that term.
SPEAKER_01Yeah. The goal of these attackers isn't always to drain a bank account directly. The goal is to capture enough operational context to manipulate, extort, or operationally constrain the principle.
SPEAKER_00Just by knowing their moves.
SPEAKER_01Exactly. If I have a real-time feed of your unencrypted emails, your flight path from the raw ADSB data, and the passport photos your assistant emailed to the charter broker, I hold immense coercive power over your life and your business. The paper argues that physical discretion without digital governance is incomplete.
SPEAKER_00You can hire the best bodyguards, you can board the plane in total secrecy, but if your systems are leaking data, your seclusion is just a highly expensive illusion.
SPEAKER_01Synthesizing all of this, if we connect this to the bigger picture, seclusion is not security. Altitude is not isolation. The catastrophic risk to a high net worth individual doesn't come from a mastermind taking over the aircraft's controls mid-flight. It comes from the mundane service chains, the unencrypted satellite data, and the invisible digital exhaust generated by modern convenience.
SPEAKER_00And this is exactly why you, the listener, should care, even if you never set foot on a private tarmac in your life. The scale of the impact might be different, but the mechanics of the exposure are identical for the everyday traveler.
SPEAKER_01Absolutely identical.
SPEAKER_00Your data exposure usually happens in the exact same mundane service chains. It's the third party booking apps you use that sit on misconfigured cloud servers. It's the public airport Wi Fi you connect to without a VPN. It's those tired, high fatigue moments at the commercial gate where you desperately need 10% more battery and you plug your phone into a random USB port without thinking about the data pens.
SPEAKER_01The vulnerabilities. That expose a billionaire rely on the exact same human behaviors and systemic flaws that expose anyone else.
SPEAKER_00We started this deep dive talking about the illusion of the impenetrable fortress at 40,000 feet. And we've walked through the mechanics of exactly how that fortress crumbles into an invisible trail of digital breadcrumbs. It forces a pretty intense personal audit of how we all move through the world.
SPEAKER_01It really does make you think twice.
SPEAKER_00So I will leave you with this provocative final thought to mull over on your own. If a billionaire's private jet movement and highly sensitive corporate communications can be entirely intercepted by a data broker, a compromised caterer, or a $300 TV antenna, what kind of invisible digital exhaust is your daily commute broadcasting right now? And who is quietly collecting it?