post-img

By Dan Cook | 14 Jun 2024

Security features in EFB applications & how providers can safeguard airlines


In the modern flight deck, Electronic Flight Bags (EFBs) have digitally transformed the way pilots manage and access essential flight information.

Although with the increased reliance on digital technology, brings huge risks and the necessity for robust security features to protect sensitive data and ensure safety within aviation.

This article examines the security features needed in EFB applications and highlights questions to ask your provider to ensure compliance and resilience in protecting airlines.

EFB Data Encryption

One of the fundamental security measures in EFB applications is data encryption. This process converts sensitive information into a code to prevent unauthorized access.

Encryption ensures that data such as flight plans, weather updates, and operational messages remain secure. Advanced encryption standards (AES) are commonly used, providing a high level of security that is virtually impossible to breach without the appropriate decryption key.

Within skybook data is also secured end-to-end from our EFB app and browser based ground portal using industry standard SSL encryption. Data is encrypted at rest within the AWS infrastructure.


User Authentication & Authorization

Multi-factor authentication (MFA) is a common practice, requiring users to provide two or more verification factors, before gaining access to EFB applications.

Additionally, role-based access control (RBAC) restricts access to specific functions within the EFB based on the user's role within the organization, minimizing the risk of unauthorized actions.

It is also common practice for businesses to use Mobile Device Management (MDM) to automate, control and ensure the security of all employee devices.


Single Sign On (SSO)

Having the option for EFB single sign on (SSO) is an added benefit as many platforms natively support MFA, adding an additional layer of security beyond the password. 

By consolidating authentication ensures that access is managed consistently across all integrated systems, SSO not only simplifies the user experience and reduces password fatigue, but also strengthens organisational security. 

single sign on sso

Secure Communication Channels

The transmission of data between the EFB and ground systems, as well as between different components within the aircraft, must be secure to prevent interception or tampering.

EFB applications use secure communication protocols such as HTTPS and VPNs (Virtual Private Networks) to establish encrypted connections.

This ensures that data exchanged during pre-flight planning, in-flight operations, and post-flight reporting & analytics remains confidential and intact.

Does your EFB provider have an uptime SLA?

skybook has the ability to switch servers to ensure uninterrupted uptime, running on a fully fault-tolerant and load-balanced infrastructure within AWS.  This ensures our high uptime guarantee of over 99.95%.

efb app software uptime
EFB Software Updates

To protect against emerging threats, EFB applications require regular software updates and effective patch management. This also includes compatibility testing EFB’s with any tablet operating system updates.

Developers continuously monitor for software vulnerabilities and release patches to prevent any security issues. Ensuring that EFB software is up-to-date is crucial in defending against malware, viruses, and other cyber threats that could compromise flight operations.

How secure is your EFB provider?

skybook is hosted within Amazon Web Services (AWS).  Which resides within a Tier 1 data center, providing protection at the physical perimeter, infrastructure layer, data layer and environmental layer. 


Data Integrity and Auditing

Maintaining the integrity of data within EFB applications is essential to prevent any unauthorized modifications, and to ensure compliance with regulatory requirements.

Digital signatures and checksums are used to verify the authenticity and accuracy of data files. These techniques detect any alterations, ensuring that the information used by pilots and flight crews is reliable and trustworthy.

EFB providers should also carry out scheduled audits to maintain high information security management, and also agree to routine audits carried out by the airline customers.

Does your EFB software provider have an auditing process in place?

At Bytron we highly value our accreditations for ISO 27001 Information Security Management and ISO 9001 Quality Management; and demonstrate auditing to the highest standard to meet our customers expectations.

ISO 27001 and ISO 9001

Incident Response and Monitoring

Effective incident response and continuous monitoring are vital components of EFB security. EFB systems are equipped with tools that monitor for suspicious activities and potential security breaches in real-time.

In the event of a security incident, predefined response protocols are activated to contain and mitigate the threat. This proactive approach minimizes the impact of security breaches and ensures a rapid return to normal operations.

What is your EFB provider’s plan in the event of Data breach?

Within our Quality Management System we have a fully documented Incident Management procedure that lays out what needs to be done in circumstances such as a data breach.  This includes informing our CSO of a potential GDPR breach.


Data Backup and Recovery

To safeguard against data loss due to cyber-attacks, hardware failures, or other unforeseen events, EFB applications incorporate robust data backup and recovery solutions.

Regular backups should be performed, and secure storage solutions should be used to preserve critical information. In case of data corruption or loss, these backups enable swift recovery, ensuring that essential flight operations can continue with minimal disruption.

Does your EFB provider have a disaster recovery plan?

The skybook software is supported with a Disaster Recovery Plan which is fully documented within our QMS and is an integral part of our ISO 27001.


SLA support service is a must!

One last thing to consider in the event of any critical issues, is whether your EFB solution has service level agreements in place for customer support.

At Bytron we provide an industry leading 24/7 support service for our customers peace of mind in the event of anything critical that needs resolving.

 efb technical support service


The integration of security features in Electronic Flight Bag applications is crucial for protecting sensitive data and maintaining the safety and efficiency of aviation operations.

As EFB technology continues to advance, resilience and adaptation is key to safeguarding the skies. Now that you’ve learned about our security features, why not read about our guide to selecting EFB hardware, or better yet, get in touch below…

 

By Dan Cook | 14 Jun 2024

Have a question about skybook?

About the Author

Dan Cook

Head of Marketing

Bytron Aviation Systems

Latest News

Streamline your operations

Get in touch

Contact us

View Brochure

View the Skybook Brochure

Request a Demo

Get a free trial of skybook
Enquire now