Gogo Business Aviation adheres to the following best practices to ensure security at all stages in design and development of its network, products and processes. This is not intended to be a comprehensive list of all activities performed by Gogo’s cybersecurity personnel.
MONTHLY SYSTEM VULNERABILITY ASSESSMENTS
Independent third party security firms perform monthly external and internal assessments against Gogo’s assets. Results of these assessments are reviewed and any noted deficiencies are tracked and remediated.
ROUTINE PENETRATION TESTS AND FIREWALL ANALYSIS
Routine and ad-hoc external and internal penetration tests are performed against Gogo’s assets. Results of these penetration tests are reviewed and any noted deficiencies are tracked and remediated.
ROUTINE FIREWALL AUDITS
Security audits are performed monthly against all production firewalls. Both a manual review process and automated toolsets are utilized to ensure configurations are secure. Online backups of firewall configurations are maintained to make sure a rapid rollback can be performed successfully if there are any issues identified.
GENERAL SECURITY AWARENESS TRAINING
Both full-time employees and contractors are required to attend security awareness training within 30 days of their hire date and again at least annually.
SECURE CODING AWARENESS TRAINING
Both full-time employees and contractors who are members of the application development departments are required to attend annual awareness training focused on secure coding standards and best practices.
FAA CYBERSECURITY
Gogo works closely with the FAA and other aviation stakeholders to define new cybersecurity standards to anticipate and protect against current and future cyber threats.Gogo’s certification process follows the latest FAA and RTCA policies to ensure safety of flight for Gogo-equipped aircraft.
COMPLIANCE CERTIFICATIONS
Gogo is PCI:DSS Level 1 Certified.
SECURITY POLICIES
Cybersecurity policies are maintained and updated on an internal corporate site which is accessible to all employees and contractors. The policies, standards, and configuration guide are based on requirements sourced from the NIST CSF and ISO 27001:2015 frameworks.
EVENT LOG MONITORING
Gogo utilizes a trusted third-party security firm’s Security Operations Center (SOC) to monitor production system event logs 24/7/365. Any anomalies are reported immediately and thoroughly investigated.
ENDPOINT SECURITY
All Gogo employee workstations are encrypted and have updated anti-virus, anti-malware, intrusion prevention and firewall technology installed.
PRIVILEGED USER ACCESS REVIEWS
Ongoing user access reviews are performed against production systems. Business stakeholders verify appropriate access levels for identified users.
CYBERSECURITY STEERING COMMITTEE
Ongoing meetings of key business stakeholders ensure security is addressed from various departments of the organization. Updates are provided to key business stakeholders from the Cybersecurity team and takeaways are implemented based on the criticality of the information provided.
RISK ASSESSMENTS
Ongoing risk assessments ensure new risks to Gogo are quickly identified and remediation efforts are prioritized and implemented.
Talk to a connectivity consultant