A commercial airplane hack is just a matter of time research reveals
Washington - When you're planning your next trip, you might want to consider the fact that experts from several government organizations, the U.S. Department of Homeland Security amongst them, have warned that sooner or later a commercial aircraft will be a victim of a cyber attack that will end in catastrophe.
Government concerns were revealed via a Freedom of Information Act demand, which resulted in previously unreleased DHS memos and risk assessments being supplied. Studies made by the DHS have shown that the majority of airlines do not have the ability to resist cyber attack, a worrying revelation.
Some of the documentation is from a Pacific Northwest National Laboratory (PNNL) consultation; PNNL is a research entity that is an offshoot of the Energy Department. The laboratory undertook experiments at the beginning of this year, trying to take control of an airplane through its Wi-Fi Internet offering.
The January 10th document appears to show that the researchers were partially successful, stating that the scientists managed to hack into at least one of the airplane's in-flight systems. Other parts of the documentation, however, state that the full aim of the experiment was not achieved.
What is apparent is that the danger of a cyber attack on an airplane's systems is clearly potentially achievable and is regarded as severe. The documentation notes that aircraft have a far more significant potential for catastrophe than other vehicles and that a successful cyber attack on an aircraft will inevitably occur at some point.
Although these documents date from 2018, the DHS has been looking into the likelihood of commercial aviation suffering from cyber attacks over a longer period. In 2017 an internal paper noted that there were vulnerabilities in commercial aircraft whereby an attacker could usurp some or all of flight control. It has been reported that a research team from the DHS managed to hack into a commercial airliner's electrical matrix in 2017, confirming the belief that terror groups or other criminal entities could do the same.
Further cause for concern is the fact that in 2016 the DHS noted that the majority of commercial airliners presently in service have weak or no protection against cyber attack. The majority of planes in service are expected to last for two decades or longer, meaning that the problem of cyber attack will be present for at least the next 15 to 20 years.
The DHS states that during this time span, airlines will be relying on their current systems to prevent them being hacked; the DHS calls the current situation "a network of trust" – essentially the airlines are simply hoping that a cyber attack won't happen.
The DHS has been critical of the aerospace business for the way in which it has not been willing to invest the necessary funds in enhancing protection against this form of attack. It should be noted that Boeing has stated that it is satisfied that its airplanes are safe against cyber attack.
If a successful cyber attack were to take place, it could be catastrophic for airlines. Beyond the potential disaster for the aircraft, its passengers and those on the ground, it would severely undermine public confidence in aircraft safety. Such an attack might also lead to commercial and/or military flight operations being suspended and have serious economic consequences for aircraft manufacturers.
A DHS statement has confirmed that this matter is being taken seriously and that scientists and manufacturers are working together to find and fix potential attack points on aircraft.
It has been noted that over the last twelve months DHS research has shifted its focus from assessing whether an attack is possible to ascertain how such an attack can be repulsed, which suggests that, together with interested parties, defense is now the primary aim.
A DHS spokesperson confirmed that the aerospace sector had made a considerable investment in making airliners more secure against cyber attack and that the work was ongoing.