Gogo Business Aviation cybersecurity summary

Leading the way for secure access and use of our inflight connectivity network

inflight cybersecurity and airplane

Cybersecurity: It’s in our DNA

You should take cybersecurity seriously because security threats are real.

That’s why at Gogo, we realize the ever-pressing need to be vigilant to stay ahead of potential security threats. Security isn’t something we have added after the fact. Since our start, we’ve built security into the design and delivery of our networks and systems. You could say security is in our DNA. We’ve secured and protected tens of millions of flights over the lifetime of our networks.

At Gogo, we operate and manage our systems end to end and we monitor and analyze the security of our networks and onboard systems 24/7/365. Through our own standards or in partnership with the FAA and other aviation stakeholders, we’ve been a leader in defining and implementing best practices for airborne cybersecurity. We’re solving cybersecurity problems before they happen, so you can connect confidently when you fly.


Our secure Air-to-Ground and Low-Earth-Orbit satellite networks

We leverage the most advanced network designs to provide comprehensive security for our air-to-ground (ATG) and Low-Earth-Orbit (LEO) satellite networks. Gogo is current with the latest innovations and security

standards which allows us to quickly identify, protect, detect, respond, and recover from potential cyber threats. Our Business Operations Center (BOC) and Managed Security Operations Center (MSOC) provide continuous monitoring and troubleshooting.

The following information details how we provide secure airborne connections through our ATG and LEO satellite network connections, onboard aircraft equipment configurations, and the Gogo BOC and MSOC.

Gogo Biz ATG network communications: Gogo secures all communications that occur on our ATG network that use our licensed spectrum. This includes any data transferred between the aircraft, network cell towers and Gogo’s two data centers in the continental United States. We provide secure network design with next-gen

firewall protection (NGFW), intrusion prevention, and utilize geographic redundant data centers for resiliency and high availability.

Gogo Galileo network communications: Gogo secures all communications that occur on our global LEO satellite network via proprietary encapsulated tunneling. This includes any data transferred between the aircraft, ground stations, and eight global data centers.

The Gogo Galileo network adheres to the latest developments in enterprise networking design. We provide secure network design with next-gen firewall (NGWF) protection, intrusion prevention, and utilize geographic redundant data centers for resiliency, high availability, and low latency.

Onboard aircraft equipment: The process of protecting your inflight Wi-Fi experience starts from day one in engineering design and development, and security is built into all of our connectivity solutions. Gogo secures all onboard aircraft equipment that is manufactured and delivered as part of the Gogo Business Aviation inflight connectivity system.

By design, Gogo onboard aircraft equipment is secured through network isolation, which includes:

• Open 802.11 and secure 802.11 Wi-Fi/wireless via WPA-2 encryption.

• All Gogo AVANCE products, LX5, L5, L3, and SCS, are shipped with the router technology built in and receive digitally signed software updates approximately every six months.

• Any connection to avionics and other flight systems are listen-only, meaning that the other systems are not accessible through the Wi-Fi components.

• Other airborne system components are inaccessible from the Wi-Fi clients through network isolation.

End to end security built in

Plans to innovate and enhance our security measures

Gogo Business Operations Center (BOC): The Gogo Business Operations Center (BOC) provides Tier 1 and Tier 2 monitoring and troubleshooting of all elements of the Gogo Business Aviation mobile broadband networks. Located in Broomfield, Colorado, the BOC provides continuous, round-the-clock operations support.

Gogo Managed Security Center (MSOC): Gogo’s Managed Security Operations Center (MSOC) is a dedicated team of cybersecurity professionals responsible for monitoring and protecting an

organization’s network infrastructure — 24/7/365. The core mission of the company’s MSOC is to proactively detect, analyze, and respond to cybersecurity threats, ensuring the safety and integrity of critical systems and data. This highly specialized team leverages a suite of advanced security tools, including machine learning algorithms, threat detection software, monitoring systems, and real-time analytics, to identify and respond to potential cyberattacks.

Aircraft cybersecurity

Gogo Cybersecurity Best Practices

Gogo Business Aviation adheres to the following best practices to ensure security at all stages in design and development of its networks, products and processes. This is not intended to be a comprehensive list of all activities performed by Gogo’s cybersecurity personnel.


Monthly System Vulnerability Assessments

The Gogo team performs monthly assessments of its assets. Results of these assessments are reviewed, and any noted deficiencies are tracked and remediated.


Routine penetration test

Routine and ad-hoc external and internal penetration tests are performed against Gogo’s assets. Results of these penetration tests are reviewed, and any noted deficiencies are tracked and remediated.


Scheduled Firewall Audits

Security audits are performed against all production firewalls. Both a manual review process and automated toolsets are utilized to ensure configurations are secure. Online backups of firewall configurations are maintained to make sure a rapid rollback can be performed successfully if there are any issues identified.


Business Continuity Disaster Recovery (BCDR)

Gogo has implemented a robust Business Continuity and Disaster Recov- ery (BCDR) program designed to safeguard not only its internal business operations but also the critical services provided to its customers. This comprehensive BCDR program ensures that in the event of a disruption— whether due to natural disasters, cyberattacks, or system failures—the company can maintain operational resilience and minimize downtime.


Risk Assessments

Gogo conducts comprehensive third-party cybersecurity risk assessments to thoroughly identify, classify, and prioritize vulnerabilities, risks, and potential threats that could impact our organization. These assessments provide crucial insights that enable us to implement more effective secu- rity controls and mitigate risks proactively.


Cybersecurity Governance Committee

Quarterly meetings of key business stakeholders ensure security is ad- dressed across the organization. Updates are provided to key business stakeholders from the cybersecurity team and takeaways are implemented based on the criticality of the information provided.

Simple cybersecurity measures can make a big difference.

Every individual in an organization, regardless of their role or position, has a responsibility to protect themselves and their organization from cyber threats by practicing safe online habits and being aware of potential risks. Simple practices like using strong passwords, being cautious with email attachments, and reporting suspicious activity can significantly reduce cyber risks.

Learn more about Gogo