Aviation… an important piece of the Critical Infrastructure
The federal government has deemed 16 sectors as critical infrastructure. They are transportation, water, energy, information, healthcare, government facilities, food, financial, nuclear, emergency services, defense, dams, manufacturing, chemical, commercial and communications. Each in its own way is important and together we depend on them all for our societal needs.
The general populace doesn’t often think of dams or emergency services, but at some level we all utilize our transportation systems. Lately, the headlines have given us much to think about with regard to public transport and safety. the train derailment outside Philadelphia, still under investigation, certainly has many commuters concerned…as well we should be. Millions travel by some sort of rail each day to commute, on holiday, or to visit friends and relatives.
Another subsector of the transportation system is aviation. According to the Department of Homeland Security (DHS) “Aviation includes aircraft, air traffic control systems, and approximately 450 commercial airports and 19,000 additional airports, heliports, and landing strips. This mode includes civil and joint use military airports, heliports, short takeoff and landing ports, and seaplane bases”. What is concerning many in the cyber community is what hasn’t happened in the aviation sector….yet.
According to reports “A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight…” Needless to say this is a terrifying revelation if proved accurate. There has been some concern that the ‘glass cockpits’ in our modern generation of airliners may be overly complex and susceptible to electronic interference. Air travelers are all too familiar with warnings to turn our cell phones to airplane mode once the cabin door is closed, but over time the industry has eased its restrictions on tablets and other electronic devices once in the air. According to a news report “…he used a modified Ethernet cable to connect his laptop to an electronic box underneath his seat that controls the entertainment system. From there, he hacked into the airplane’s computer nerve center”. Another report claims that “…he infiltrated the airplane’s thrust management computer and momentarily took control of an engine. …he reportedly told the agents that he was able to overwrite the code for the thrust management computer. When he ordered the hacked engine to climb, the plane moved sideways as it flew.
While the details of the incident and the intentions of the individual are still under investigation by the FBI, alarm bells should be going off all over the place. If indeed the individual did hack the electronic systems of the aircraft, something needs to be done….now….before those with evil intent capitalize on this information and commit an unthinkable act. The aviation industry is part of our critical infrastructure and needs to be protected, as do the millions of people that fly our friendly skies. Draconian restrictions may not be very welcome for business travelers, but until we can be assured that aircraft systems are completely isolated they may be necessary. We often sacrifice security for convenience, but cruising at 35,000 feet is not the place to take a risk on safety…..911 should have taught us that much.
Please join us on Twitter to receive our blogs.
Perez, E. (2015) FBI: Hacker claimed to have taken over flight’s engine controls. Retrieved from the Internet at http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-systems/index.html
FoxNews (2015). FBI affidavit claims security expert admitted to briefly hacking flight controls. Retrieved from the Internet at http://www.foxnews.com/us/2015/05/18/fbi-affidavit-claims-security-expert-admitted-to-briefly-hacking-flight/?intcmp=latestnews