The Ever-evolving Cyber Threat to Planes

image-852231-panoV9free-oett.jpg

Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
But speaking at the Paris Air Show recently Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible.
Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.
"The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again," said Robic.
But there are plenty of other risks -- and although they are unlikely, companies such as Airbus and Boeing take them very seriously.
David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.
"If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes," said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground.
Stopping this kind of activity means preventing drones from flying near airports -- something which has only recently become possible with new forms of radar capable of spotting tiny aircraft.
Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft's systems.
"It could be a dissatisfied employee, or someone who has been bribed or who is doing it for a cause," he said.
Even this would be almost impossible, since airlines have highly complex, specially designed computing systems that only a handful of people know how to navigate.
Even if all those factors came together perfectly, hackers would almost certainly not be able to take full control of the aircraft since pilots have manual overrides.
While public concerns tend to focus on the terrorist risk, companies face a much more immediate and frequent threat from hackers trying to steal their commercial secrets. Hacks can cost tens of millions of dollars to repair and could be used to extort money by planting threats.
Many airlines are now issuing their pilots and cabin crew with iPads, because they weigh less than piles of charts and passenger logs. "The airlines are ultra-strict with us about the security of our iPads and everything else -- much stricter than with passengers because they worry about coercion, that our family has been kidnapped or something," said the pilot.
Robic said it was time for the whole aeronautic industry to create a joint cybersecurity organization to combine their efforts. "There is a whole eco-system of staff that needs to be secured.
There are a great many actors from development to maintenance, which exposes airlines to cyber risks," he said.
"What they're doing at the moment is not sufficient."
Security Week: http://bit.ly/1J664zE

 

« Cyber Insurers Won’t Cover Data Breach
Cyber attack on German Parliament Still Active »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Hogan Lovells

Hogan Lovells

Hogan Lovells is an international business law firm with offices across Europe, Asia and the USA. Practice areas include Privacy & Cybersecurity.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.