Government Renews Efforts to Find and Fix Cyber Vulnerabilities in Aviation Systems
The Department of Homeland Security is refocusing its efforts on cyber threats to aircraft, and the Air Force is sponsoring “hacking villages” to discover hacking vulnerabilities.
- By Haley Samsel
- Oct 02, 2019
As the federal government becomes more aware of potential cyberattacks on airplanes, officials are taking new steps to identify and fight vulnerabilities in planes that make them vulnerable to hackers.
The Department of Homeland Security is leading the effort with the help of the Pentagon and the Department of Transportation, The Wall Street Journal reported this week. While the government is revealing little details about its revived program, it aims to improve “cyber resilience” in aviation, according to a DHS official.
Security officials continue to believe that aircraft are a key target for terrorists and worry that cyberattacks could be a new and dangerous method for malicious actors to carry out attacks. In July, DHS issued a cybersecurity warning for owners of small planes alerting them to the risk of hacking if someone gains unauthorized physical access to the aircraft.
In addition, the Air Force is also planning to take further steps to evaluate the security of commercial aviation systems, according to the Journal. Many of those systems are used by the military and pose risks to national security if they are not properly secured.
“If we don’t probe first, our adversaries will,” Will Roper, the service’s assistant secretary for acquisition, technology, and logistics, told the Journal. “We’ve been a little complacent in not trying to attack all of the parts of the airplane.”
Beyond the aircraft itself, airlines have been targeted for cyberattacks in recent years. After about 500,000 travelers were affected by a data breach in 2018, British Airways now faces a $230 million fine for not properly protecting customer data.
Jeffrey Troy, the president of the nonprofit Aviation Information Sharing and Analysis Center, said that there are many other risks in aviation that do not just involve the aircraft.
“It’s very important to be looking at the whole ecosystem and identifying key points where a digital system, if it were to malfunction, could cause a bad day for a lot of people,” Troy said.
In turn, the Air Force hosted its first-ever “hacking village” in August, inviting security researchers at Defcon to find cyber vulnerabilities in aviation systems.
Renewed efforts follow a partnership between Boeing and DHS that stalled after the two parties disagreed over early findings in cybersecurity tests of a used Boeing 757 airliner. Boeing told the Journal that it supports the new initiative led by DHS and may participate in the hacking village at Defcon in 2020.
“We need to bridge the gap between the hacking community and the industry,” an official said.