The Ever-evolving Cyber Threat to Planes

image-852231-panoV9free-oett.jpg

Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
But speaking at the Paris Air Show recently Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible.
Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
"The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again," said Robic.
But there are plenty of other risks -- and although they are unlikely, companies such as Airbus and Boeing take them very seriously.
David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.
"If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes," said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground.
Stopping this kind of activity means preventing drones from flying near airports -- something which has only recently become possible with new forms of radar capable of spotting tiny aircraft.
Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft's systems.
"It could be a dissatisfied employee, or someone who has been bribed or who is doing it for a cause," he said.
Even this would be almost impossible, since airlines have highly complex, specially designed computing systems that only a handful of people know how to navigate.
Even if all those factors came together perfectly, hackers would almost certainly not be able to take full control of the aircraft since pilots have manual overrides.
While public concerns tend to focus on the terrorist risk, companies face a much more immediate and frequent threat from hackers trying to steal their commercial secrets. Hacks can cost tens of millions of dollars to repair and could be used to extort money by planting threats.
Many airlines are now issuing their pilots and cabin crew with iPads, because they weigh less than piles of charts and passenger logs. "The airlines are ultra-strict with us about the security of our iPads and everything else -- much stricter than with passengers because they worry about coercion, that our family has been kidnapped or something," said the pilot.
Robic said it was time for the whole aeronautic industry to create a joint cybersecurity organization to combine their efforts. "There is a whole eco-system of staff that needs to be secured.
There are a great many actors from development to maintenance, which exposes airlines to cyber risks," he said.
"What they're doing at the moment is not sufficient."
Security Week: http://bit.ly/1J664zE

 

« Cyber Insurers Won’t Cover Data Breach
Cyber attack on German Parliament Still Active »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

Aztek

Aztek

Aztek is one of the UK’s leading Managed Service Providers, providing customer-focused IT, Communication and Cyber Security solutions to help transform and grow your business.