US Revives Airplane Cybersecurity Bug Hunt

An aeroplane or airplane at an airport. UK border, Heathrow.

Department of Homeland Security revives program to identify cybersecurity flaws in modern aircraft

The United States is taking action over the nightmare scenario that could allow hackers to seize control of passenger aircraft.

US officials are reportedly reviving their efforts to identify vulnerabilities in modern aircraft that hackers could exploit.

It comes after it revealed last week that European aerospace and defence giant Airbus had been hit by series of cyber attacks, via its suppliers’ computer networks.

Aviation security

Security sources revealed that the hackers had targetted Airbus suppliers in a search for commercial secrets, and they believed there is a Chinese link to these attacks.

There were at least four major attacks on Airbus suppliers in the last 12 months.

The scale of the danger to the third party supplier chain was also shown in June this year, when a ransomware attack on one of the world’s largest suppliers of aeroplane parts, caused it to cease production in factories across four countries.

That attack also reportedly impacted Airbus production.

ASCO Industries based in Belgium, reportedly had to send home the vast majority of its workforce after the ransomware attack.

Into this comes growing concern in the US that aeroplanes could be targeted in cyberattacks.

This has resulted in the US reviving a program, led by the Department of Homeland Security and involving the Pentagon and Transportation Department, which aims to identify cybersecurity risks in aviation and improve US cyber resilience in a critical area of public infrastructure, a DHS official told the Wall Street Journal.

It reported that there there is limited information about the DHS program, but it will apparently involve some limited testing of actual aircraft.

Airline hacks

Until now most cyber-attacks against airlines have typically involved attacks on their websites, loyalty programs, or even their apps.

Last November Hong-Kong-based airline Cathay Pacific admitted that its “data security event” that affected passenger data, was much worse than first reported.

In October 2018 the airline had admitted that the personal data for 9.4 million passengers had been compromised in a hack.

But that hack went undetected for at least six months.

Aircraft security

But concerns remain around the cybersecurity of the aircraft themselves.

In 2015 a security expert (Chris Roberts of One World Labs) who provided warnings to a number of journalists about the vulnerabilities associated with in-flight technology, was removed, detained and interrogated by the FBI after taking a civilian flight.

The US Government Accountability Office has previously warned that in-flight Wi-Fi could be used by terrorists or other hackers to take control of an aircraft’s avionic systems.

“The threat of cyberattacks against the aviation industry has raised concerns for a long time,” said Andrea Carcano, co-founder and CPO at Nozomi Networks. “Commercial airplanes often do not have the necessary cybersecurity protections in place, which leaves systems increasingly vulnerable to attack.”

“The airline industry needs to pay closer attention to the risk of cyberattacks to their systems,” said Carcano. “This revived program led by the Department of Homeland Security is an important step forward in securing such a critical area of public infrastructure. Taking this pre-emptive step will enable us to manage and mitigate against vulnerabilities and security weaknesses.”

“Manufacturers that take aviation cybersecurity seriously and work with hardware vendors, information security experts and government officials to identify and mitigate vulnerabilities will be in the best position to ensure the security of all critical systems and customer data,” Carcano concluded.

Do you know all about security? Try our quiz!