United Airlines CISO on building resilience when disruption is inevitable
United Airlines CISO on building resilience when disruption is inevitable
Publish Date: 2026-02-09 01:30:00
Source Domain: www.helpnetsecurity.com
Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption can quickly become an operational and public trust crisis.
In this Help Net Security interview, Deneen DeFiore, VP and CISO at United Airlines, explains how the company approaches modernization without compromising safety-critical environments, why resilience and continuity matter as much as prevention, and how the airline manages risk across an interconnected ecosystem of vendors, partners, and infrastructure providers. DeFiore also shares how cross-functional collaboration shapes incident response when the stakes include passengers in the air.
Aviation operates on thin margins for error and long technology lifecycles. How do you reconcile the need for cybersecurity modernization with aircraft, operational, and safety systems that were never designed for frequent change?
In aviation, modernization cannot mean constant change for its own sake. Many aircraft and operational systems were designed for stability, determinism, and certification, not rapid iteration. The way we reconcile that reality is by being very intentional about where change happens and where it does not.
We focus on wrapping legacy and safety-critical systems with modern controls rather than forcing them to behave like cloud-native platforms. That means strong identity, segmentation, monitoring, and data protections around systems that may not be easily modified. It also means designing compensating controls and resilience strategies so that security improvements reduce risk without introducing operational fragility.
Modernization in aviation is less about speed and more about precision. Every change must measurably improve safety, reliability, or resilience. Cybersecurity must respect that bar.
-security.jpg?sfvrsn=982907ba_5 "A First Step to Unpacking Cyber, Deception, and Intelligence Contests")
