Hackers and cyber-terrorists present an evolving threat to airlines, and, consequently, experts must constantly test for new vulnerabilities. To address the growing challenges, some advocates now call for an industrywide cybersecurity initiative.
One concern stems from recent events in the automotive industry. Most automobiles now contain sophisticated electronic control units to collect vehicle data and improve performance, and nearly all also have wireless entry points that could act as a gateway for hackers. Indeed, in a 60 Minutes story last February, Dan Kaufman, who heads the Information Innovation Office for the U.S. military’s Defense Advanced Research Projects Agency (DARPA) demonstrated such vulnerabilities.
In a demonstration, Kaufman and his colleagues used a laptop computer to hack into a car being driven by reporter Lesley Stahl. To her surprise, they were able to take control of many of the car’s functions, including the braking and acceleration.
Are such actions possible with an airplane? It’s generally agreed that hacking a plane would be a near-impossible feat. On the other hand, some professional hackers have claimed airline computer systems have numerous weaknesses that could allow someone to break in—perhaps even through the in-flight entertainment system.
U.S. computer security expert Chris Roberts recently claimed to have hacked into a plane’s controls through the entertainment console and to have issued a “climb” command. However, speaking at the Paris Air Show earlier this month, cybersecurity expert Alain Robic, from Deloitte Consulting, said the claims weren’t credible, reports an Agence France-Presse article. Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
“The bosses were shocked,” Robic says in the article. “It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again.”
While the larger safety concern is preventing a hacker from taking control of an airplane in-flight, companies face a much more immediate and frequent threat from hackers trying to steal their commercial secrets. These hacks, which could come from disgruntled employees or employees who have been bribed, could cost tens of millions of dollars to repair and could even potentially be used to extort money by planting threats.
That’s why Robic now believes it’s time for the aerospace industry to create a joint cybersecurity organization to combine efforts. There is a whole eco-system of staff that needs to be secured, Robic says in the article. There are a great many actors from development to maintenance, which exposes airlines to cyber risks. What companies are doing at the moment isn’t sufficient, he says.
Faye Francy, a security expert from Boeing’s Aviation Information Sharing and Analysis Center (AISAC), shares similar thoughts in a Supply Chain Management Review article, explaining that cybersecurity should be proactive and not just an afterthought. An even better course of action is to gain “collective awareness” by banding together with other companies—even competitors—and setting up information-sharing committees, Francy says. For anyone concerned about sharing sensitive data, she says it’s possible to “anonymize” the data and either share with private-sector partners or give it to the government to disseminate.
What are your thoughts on cybersecurity in the aerospace industry? Considering supply chain complexity and the sheer number of involved organizations, do you think it’s time to create a joint cybersecurity organization to combine efforts?