Honeywell Forge’s Secure Solutions for Bizav Networking

September 2021

AIN is developing a 14-part series of articles, infographics and videos that speak to Tomorrow's Aviation Challenges. Sponsored by Honeywell Aerospace. Learn more. .


For most business aviation VIPs, fast, reliable internet connectivity—both on the ground and at 40,000 feet—is no longer a luxury. It’s a requirement. Bizav passengers expect the Wi-Fi to be just as fast and capable on their aircraft as it is at home or in the office. But with internet access increasing both on bizjets and in the countries business travelers fly over, the number of hackers targeting the aircraft and their high-net-worth passengers is also rising.

According to the Digital 2021 July Global Statshot Report posted on wearesocial.com, the number of internet users has increased by more than a quarter of a billion since July 2020 and now totals 4.8 billion or 61 percent of the world population. Meanwhile, data from Ookla on the same report shows the average mobile connection speed around the world has increased 60 percent since July 2020, with 13 countries now enjoying average mobile connection speeds of 100 Mbps or above, and all but a few countries averaging 25 Mbps or above.

What does this mean to the bizav operator or corporate flight department? More hackers around the world now have access to the equipment and infrastructure needed to break into an unprotected aircraft’s Wi-Fi network. A January 2020 Robb Report article by Martin Lerma indicated that out of 600 private aircraft being monitored by a satellite provider’s threat-monitoring service at the time, more than 80 percent experienced a cyberattack “that the firm’s software and human experts had to fight off.”

Given these stats and because FAA and EASA mandates for automatic dependent surveillance-broadcast (ADS-B) make even blocked tail numbers easier to track internationally, cybersecurity on the aircraft and across the entire network is more important than ever.

“Cybersecurity is inherent in our network,” said Curt Gray, senior director for customer operations, services, and connectivity at Honeywell Aerospace in Phoenix. “Nearly every commercial, defense, and business aircraft are built with our engines, cockpits, cabin electronics, or wireless systems, so we’re one of the founding alliances when it comes to defining standards in cybersecurity on aerospace. We ensure all of our products and services are built to exceed those industry standards for cybersecurity.”

With the breadth of Honeywell products on business and commercial aircraft, the company must take cybersecurity seriously. Regarding wireless internet access for the flight deck and cabin, Honeywell is both a manufacturer of hardware—its JetWave satellite communications system for in-flight connectivity on the Inmarsat GX Ka-band network—and a airtime connectivity provider with its Honeywell Forge (formerly GoDirect) suite of applications and services supporting many connectivity solutions.

“The Honeywell Forge network supports the high-speed [up to 20 Mbps] Ka-band connectivity through our Jetwave products but we’re a global service provider for business jets and military applications, and that same infrastructure network also supports other connectivity solutions such as Iridium, Viasat Ku [1.5 to 2 Mbps], and Ka [4 to 16 Mbps] bands, and the soon-to-come SmartSky air-to-ground service,” said Gray. “The network supports a variety of airtime products that are available to the aircraft beyond JetWave.”

One reason the Honeywell Forge network supports so many services is that customers often have more than one connectivity option to cover all the ways VIPs want to stay connected: satellite phone for voice communications, air-to-ground service for fast domestic internet connectivity, and satellite data service for international connectivity. Honeywell Forge seamlessly blends all the connections, integrating various levels of security while providing a simple dashboard that allows your corporate flight department to control who has priority access and ensure the VIP onboard can always connect.

“We encourage operators to try before they buy, bringing their laptops and other devices to Phoenix or Paris and testing them through the actual satellite links that they’ll be using on their airplanes,” Gray said. “Then we custom tailor their connections to the operation and set the security policies. Some customers want to use their company’s corporate security policies, some additional security from our network, and some use a mix of both. Every customer is a little different.”

One challenge for in-flight internet providers is that different customers have different needs. Some always want their interfaces to look the same; if a flight department is based in Cleveland, wherever they’re flying they want it to look to the VIP on board as if they’re still in Cleveland. Other customers just want the quickest and fastest connection to the internet. So, if they’re flying over Australia, they want to access the internet in that country for the quickest response time.

Using secure firewalled points of entry scattered across the world, the Honeywell network is flexible enough to essentially act as a flight department’s internet service provider—if they always want to come back to a common point—or provide secure access to the fastest internet connection available.

“A key part of cybersecurity is data privacy and sovereignty, which is how to securely transport that data from the aircraft to the destination and vice versa to make sure it’s always highly available with a low latency and a private network connection,” said Gray. “We have a feature called Country Lock where we set up private firewalled connections for each customer that originate from secure satellite ground stations. For example, if a Canadian operator wants his internet out of Canada, the system will access a ground station in New York using the security protocols, and then be routed through a firewalled ‘tunnel’ to Canada.” 

Gray says that most cyberattacks still result from the user bringing the infection onto the aircraft. While each aircraft on the Honeywell network is independent and cannot affect (or infect) the others, without adequate security a VIP opening a well-crafted phishing email can still release malware or viruses to other devices on the aircraft’s network.

“We’re focused on five key elements: identify, protect, detect, respond, and recover,” said Gray. “We use third-party security experts augmented with artificial intelligence software to scan and monitor the aircraft network and identify any type of data threat. We’ll detect and isolate the intrusion, and then it depends on how the customer wants us to deal with it. Some want to be notified through their Honeywell Forge dashboard or a text message and they’ll take care of it, and others want us to go as far as disabling the device—taking it out of the network and preventing it from having access to the internet. That’s all part of what we offer within our network.”