The Jetsons. Back to the Future. We’ve long held expectations that flying cars were on the horizon. Although it’s taken longer than we expected, Advanced Air Mobility (AAM) is no longer a distant vision; it is a near‑term transportation reality that will reshape how communities move people, critical supplies, and data.
Promisingly, the recently issued AAM National Strategy and its accompanying Comprehensive Plan place security as a central pillar, providing strategic direction for industry and government that promotes their ability to innovate, build, maintain, and operate AAM systems. The strategy’s approach—anchored in outcome‑based expectations, early engagement with security agencies, and international collaboration—offers a practical roadmap to reduce security risk and enable U.S. and partner nations to lead this market, rather than ceding it to competitors like China.
Security in from the Start – Not After the Fact
Security considerations are a core element of AAM design. The AAM National Strategy recognized this reality, describing six pillars, including Security, necessary to reach our national goals. DOT’s process for building the AAM National Strategy ensured security agencies were part of the strategy’s design from the outset, as well as integrated into the implementation life cycle. This approach responded to the lessons learned from prior policy and strategy efforts, where late engagement with security experts resulted in stalled momentum or derailed progress as critical risks were identified.
Threat Context – What We Must Guard Against
AAM security is only credible if it is grounded in realistic threat scenarios:
- Cyber takeover or disruption– through of control links via jamming/spoofing, DoS, or MITM—leading to loss of control or mission denial.
- Physical misuse—AAM employed as a delivery platform for explosives or as a ramming device, particularly in dense urban environments.
- Supply chain compromise—malicious firmware, counterfeit components, or sensitive dependencies creating embedded vulnerabilities.
- Privacy erosion—pervasive sensing and data exchange without strong PII protections undermines trust and adoption.
Outcome and Risk–Based
The AAM National Strategy organizes 40 recommendations around risk‑aligned outcomes. It calls for leveraging existing programs and authorities while articulating the security results expected of AAM operators, manufacturers, infrastructure owners, and service providers. This outcome‑based framework encourages innovation and promotes maturation in industry offerings, by setting expectations for security posture based on the risks presented in specific use cases.
That pragmatic orientation carries forward into the associated Comprehensive Plan, which sequences actions through the LIFT phases—Leverage, Initiate, Forge, Transform—so agencies and industry can use current tools, scale what works, and only then introduce new policy models responsive to public needs.
Holistic Security Approach
The strength of the strategy lies in its integration of existing protocols and security programs, as well as recommendations from prior research and operational reviews, across an array of security parameters, creating a comprehensive and actionable security approach:
- Aircraft and Airport Security: AAM aircraft and ground infrastructure must be safeguarded against weaponization or use to deliver explosives. The AAM Strategy incorporates recommendations from notable sources, such as Safe Skies’ PARAS 0041, that promote perimeter/access assessments, vertiport siting, and response coordination with local law enforcement.
- Screening of People and Cargo: The strategy emphasizes the use of current TSA regulatory requirements, systems and processes for information-based vetting and physical screening of people and cargo, and emphasizes potential for reuse of existing authorities and infrastructure. These measures promote an integrated approach to not only passengers and cargo, but the identification of insider threats.
- Cybersecurity Resilience: The strategy aligns closely with NASA’s findings on cyber vulnerabilities for UAM, adopting their identified threat vectors—such as GPS spoofing, RF jamming, and man‑in‑the‑middle attacks—as baseline risks. It also reflects NASA’s recommended mitigations, including encryption, redundant navigation systems, and secure communication protocols, by directing agencies to evaluate these vulnerabilities and develop policy or regulatory measures to address them.
- Supply Chain Risk Management: Building on Department of Homeland Security, Department of War, and Department of Commerce assessments and resilience frameworks, the strategy emphasizes vendor vetting, software integrity, and component traceability, ensuring that prevention and mitigation of adversarial exploitation of critical systems are explicitly identified.
- Privacy and Transparency: The strategy’s requirement for Privacy Impact Assessments (PIAs) and privacy‑by‑design principles aligns with best practices identified in earlier reviews of mobility systems, ensuring public trust through transparency and accountability.
Importantly, the AAM Strategy recognizes that security threats are dynamic and emphasizes the need to regularly:
- Review intelligence and update security risk assessments to guide both policy decisions and approach to operational risk posture;
- Evaluate AAM cyber vulnerabilities, and develop recommendations for legislative, policy, or regulatory changes;
- Leverage ongoing Department of Homeland Security, Department of War, and Department of Commerce supply chain resilience analyses to inform actions needed to ensure supply chain resilience; and
- Identify, assess, and mitigate risks to privacy, publishing PIAs and other mechanisms to promote transparency.
Why Outcome Focused Security Enables Innovation – and U.S. Security Interests
The Strategy’s six pillars (including Security) and its actionable roadmap are designed to catalyze innovation while reducing systemic risk. By focusing on results—secure operations, resilient supply chains, privacy protections, workforce readiness—rather than requiring a rigid one-size-fits-all program, the AAM Strategy promotes fit-for-purpose solutions and encourages the private sector to compete on capability. That creates space for domestic and allied firms to build differentiated, secure products and services, outpacing competitors who rely on state subsidies or closed ecosystems.
Security alignment with partners multiplies that effect. The AAM Strategy will benefit from the U.S.’s participation in the Five‑Nation AAM Framework, ensures early lessons from certification projects are shared, speeding safe entry into service across multiple jurisdictions, and tightening the net against malicious supply chain practices and software integrity issues. This alignment accelerates safe rollout, reduces regulatory gaps, and strengthens trusted supply chains—critical to countering adversarial attempts to dominate global markets.