Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems -- Security Today

Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems

The Department of Homeland Security is refocusing its efforts on cyber threats to aircraft, and the Air Force is sponsoring “hacking villages” to discover hacking vulnerabilities.

By Haley Samsel
Oct 02, 2019

As the federal government becomes more aware of potential cyberattacks on airplanes, officials are taking new steps to identify and fight vulnerabilities in planes that make them vulnerable to hackers.

The Department of Homeland Security is leading the effort with the help of the Pentagon and the Department of Transportation, The Wall Street Journal reported this week. While the government is revealing little details about its revived program, it aims to improve “cyber resilience” in aviation, according to a DHS official.

Security officials continue to believe that aircraft are a key target for terrorists and worry that cyberattacks could be a new and dangerous method for malicious actors to carry out attacks. In July, DHS issued a cybersecurity warning for owners of small planes alerting them to the risk of hacking if someone gains unauthorized physical access to the aircraft.

In addition, the Air Force is also planning to take further steps to evaluate the security of commercial aviation systems, according to the Journal. Many of those systems are used by the military and pose risks to national security if they are not properly secured.

“If we don’t probe first, our adversaries will,” Will Roper, the service’s assistant secretary for acquisition, technology, and logistics, told the Journal. “We’ve been a little complacent in not trying to attack all of the parts of the airplane.”

Beyond the aircraft itself, airlines have been targeted for cyberattacks in recent years. After about 500,000 travelers were affected by a data breach in 2018, British Airways now faces a $230 million fine for not properly protecting customer data.

Jeffrey Troy, the president of the nonprofit Aviation Information Sharing and Analysis Center, said that there are many other risks in aviation that do not just involve the aircraft.

“It’s very important to be looking at the whole ecosystem and identifying key points where a digital system, if it were to malfunction, could cause a bad day for a lot of people,” Troy said.

In turn, the Air Force hosted its first-ever “hacking village” in August, inviting security researchers at Defcon to find cyber vulnerabilities in aviation systems.

Renewed efforts follow a partnership between Boeing and DHS that stalled after the two parties disagreed over early findings in cybersecurity tests of a used Boeing 757 airliner. Boeing told the Journal that it supports the new initiative led by DHS and may participate in the hacking village at Defcon in 2020.

“We need to bridge the gap between the hacking community and the industry,” an official said.

FCC Bands Equipment Authorizations for Chinese Telecommunication, Video Surveillance Equipment Deemed Threat to National Security

ISC East Recap: The Proof is in the Puddin’

Ahead of Current Events

In this episode, Ralph C. Jensen chats with Dana Barnes, president of global government at Dataminr. We talk about the evolution of Dataminr and how data software benefits business and personnel alike. Dataminr delivers the earliest warnings on high impact events and critical information far in advance of other sources, enabling faster response, more effective risk mitigation for both public and private sector organizations. Barnes recites Dataminr history and how their platform works. With so much emphasis on cybersecurity, Barnes goes into detail about his cybersecurity background and the measures Dataminr takes to ensure safe and secure implementation.

Digital Edition

September / October 2022

Featuring:

• New Benchmarks in Biometrics
• Tips for Homeowners
• An Emergency Voice
• Reducing Overall Costs
• Closing Staffing Gaps
View This Issue