Background

Historically, cybersecurity in Air Traffic Control (ATC) has been based on the assumption of “security through isolation”. Systems were placed in controlled environments without access to the world outside, leading many to believe that securing internal protocols was unnecessary and would likely interfere with day-to-day operations.

Today, however, communication often occurs over untrusted networks, making every radio and recorder a potential target. While the threat landscape has evolved, the old way of thinking persists. Customers and integrators are afraid of delays, complicated systems, and interference to daily operations. Jotron is challenging this misconception by proving that end-to-end encryption can coexist with a seamless user experience and minimal operational impact.

Intuitive systems make for stronger security

The global threat landscape is continuously evolving and cybersecurity aims to reduce the amount of vulnerabilities. Yet, in high-pressure environments like ATC operations, human error is often where vulnerabilities emerge.

To avoid mismanagement or confusion among operators, we need to build user-friendly systems. For Jotron, this approach is focused on ensuring that keeping a system up to date is a simple task. Therefore, we have deliberately addressed customer pain points, such as the difficulty of maintaining security without disrupting operations, by introducing automation where security was previously manual and costly.

Demonstrating our perspective on cyber threats

In 2025, Jotron held a presentation at the VOTE (VoIP Implementation and Transition Expert Group) meeting. VOTE is a gathering of users and manufacturers of ATC equipment communicating over IP, where Jotron has been an active member since 2012.

To an audience of customers, integrators, and competitors, we demonstrated that top-of-the-line cybersecurity doesn’t have to be difficult. We showcased secure integrations using established technologies like:

• Secure voice encryption
• Certificate based authentication
• Trusted network protocols

By focusing on user-friendly interaction and regular penetration testing by independent security experts, we proved that advanced security can be implemented without sacrificing functionality or effectiveness.

How we work proactively with cybersecurity experts

Jotron’s “secure by design” philosophy means security is built in from the earliest development stages, not added as an afterthought. We implement industry-leading technologies, including voice data encryption, secure configurator access, and automated credentials.

These processes are powerful if used correctly but can become a critical issue if they are not implemented compliantly. They should never disrupt the operational system until operators or other personnel give the all-clear. That’s why we design secure processes within our products, which can be illustrated with our password rotation integration.

Example: Password rotation

A fear for system integrators is the downtime required for security updates. In a traditional encrypted system, changing a system-wide password requires updating all units simultaneously, leading to significant service interruptions.

To combat this challenge, Jotron integrated password rotation. This allows our radios to operate with two passwords simultaneously. When a password needs to be changed:

1. You update only one of the two passwords on the unit.
2. Peripheral units are updated one by one at your own pace.
3. Connections remain active using the “old” password during the transition.
4. Once all units are updated, the second password is changed, completing the cycle with zero operational downtime.

Cybersecurity is integral to our radio functionality

The radio is the final link in the voice communication chain. If security fails here, the entire chain is broken. This is why we treat cybersecurity as a core component of our hardware and software platforms. Whether it is our VHF/UHF radios or our world-leading Ricochet Recorder, every solution is continuously validated through independent penetration testing to ensure enough resilience against evolving threats. The result is a system with modern security that supports safe and continuous operations.

We do not only prioritize cybersecurity in our own product development, we are also dedicated to contributing to higher standards in our industry as a whole. In fact, Jotron has been elected Chair of the WG67 Cybersecurity subgroup for ATC communications, contributing with our expertise to enhance security standards across the industry. We are determined to make cybersecurity an integral part of ATC product development across the industry.

Safety is our vision, not an afterthought

Jotron is at the forefront of cybersecurity in Air Traffic Control (ATC) communications, addressing an ever-changing global threat landscape. All Jotron products are “secure by design”, with security built in from the earliest development stages to ensure robust, resilient, and future ready systems.

From strengthening the air traffic infrastructure in Azerbaijan to deploying the world's largest nationwide recording system with NAV CANADA, our goal remains the same: providing modern security that supports continuous, safe operations.

About the author

Jonas Trondsen Haflan is the Product Manager for Jotron’s Radio portfolio. Bringing 9 years of Jotron engineering and ATC experience, he has led product development and mechanical innovation. Since starting his career here, he has delivered major programs for CCL and PANSA and now guides the strategy and cybersecurity of Jotron’s radio portfolio.