Boeing Co. said on Friday that its subsidiary Jeppesen was involved in a cyber incident that affected some aviation products and services.
Jeppesen, which provides analytics services to airlines, has reported technical problems on its website with some products, services, and communication channels and is working to restore functionality as soon as possible.
“There have been some disruptions to the flight plan, but at this time we have no reason to believe that this incident poses a threat to the aircraft or flight safety,” Boeing said in an email.
The news comes after Boeing shared plans to accelerate its turnaround with increased aircraft deliveries and free cash flow at an investor meeting in Seattle on Wednesday.
While the extent of the disruption is unclear, the incident will at least affect the receipt and processing of current and new Air Service Notices (NOTAMs). This is an industry term for messages sent to aviation authorities to warn pilots of potential hazards on a flight path.
A Boeing spokesperson could not confirm to the Record that it was involved in the ransomware at the time of publication, saying it was “an ongoing active situation.”
The airline industry is regularly targeted by cyberattacks, including ransomware. In May, the Indian airline SpiceJet announced that it had been hit by ransomware, leaving hundreds of passengers stranded at airports. Accelya, a technology provider to many major airlines, announced in August that it had experienced a ransomware attack linked to the BlackCat group. Last August, Bangkok Airways announced that hackers had stolen passenger information in a ransomware breach.
Boeing reportedly suffered from the widespread WannaCry virus in 2018, although it quickly recovered. “The vulnerability was limited to a few machines,” a spokesperson told The Seattle Times. “We applied software fixes. “There were no outages in the 777 jet program or any of our programs.”
In recent months, the Transportation Security Administration (TSA) has sought to mandate that all cybersecurity incidents experienced by airlines be reported to the Cybersecurity and Infrastructure Security Agency (CISA) within 2 hours.