Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems

Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems

The Department of Homeland Security is refocusing its efforts on cyber threats to aircraft, and the Air Force is sponsoring “hacking villages” to discover hacking vulnerabilities.

As the federal government becomes more aware of potential cyberattacks on airplanes, officials are taking new steps to identify and fight vulnerabilities in planes that make them vulnerable to hackers. 

The Department of Homeland Security is leading the effort with the help of the Pentagon and the Department of Transportation, The Wall Street Journal reported this week. While the government is revealing little details about its revived program, it aims to improve “cyber resilience” in aviation, according to a DHS official. 

Security officials continue to believe that aircraft are a key target for terrorists and worry that cyberattacks could be a new and dangerous method for malicious actors to carry out attacks. In July, DHS issued a cybersecurity warning for owners of small planes alerting them to the risk of hacking if someone gains unauthorized physical access to the aircraft. 

In addition, the Air Force is also planning to take further steps to evaluate the security of commercial aviation systems, according to the Journal. Many of those systems are used by the military and pose risks to national security if they are not properly secured. 

“If we don’t probe first, our adversaries will,” Will Roper, the service’s assistant secretary for acquisition, technology, and logistics, told the Journal. “We’ve been a little complacent in not trying to attack all of the parts of the airplane.”

Beyond the aircraft itself, airlines have been targeted for cyberattacks in recent years. After about 500,000 travelers were affected by a data breach in 2018, British Airways now faces a $230 million fine for not properly protecting customer data. 

Jeffrey Troy, the president of the nonprofit Aviation Information Sharing and Analysis Center, said that there are many other risks in aviation that do not just involve the aircraft. 

“It’s very important to be looking at the whole ecosystem and identifying key points where a digital system, if it were to malfunction, could cause a bad day for a lot of people,” Troy said. 

In turn, the Air Force hosted its first-ever “hacking village” in August, inviting security researchers at Defcon to find cyber vulnerabilities in aviation systems. 

Renewed efforts follow a partnership between Boeing and DHS that stalled after the two parties disagreed over early findings in cybersecurity tests of a used Boeing 757 airliner. Boeing told the Journal that it supports the new initiative led by DHS and may participate in the hacking village at Defcon in 2020. 

“We need to bridge the gap between the hacking community and the industry,” an official said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3