(Sputnik) Security systems in the aviation industry are facing an increased threat from hackers who have the capabilities to not only breach data security but also to place at risk the lives of passengers.
With the Farnborough airshow starting on Monday (July 11), the issue of aviation security has come up. David Cameron speaking at the event said that it was imperative for Britain to maintain close ties with the EU in order to have high levels of security.
As airlines and airports increasingly become targets of cyberattacks, the EU Aviation Safety Agency (EASA) has urged taking cyber threats “seriously,” by launching a common strategy.
In the US, Turkey, Spain, Sweden and recently in Poland, aircraft infected with malware or security breaches have provoked delays, loss of information and a wave of growing concern among public authorities, regulators and the industry.
“We have to be prepared always for the worst,” Luc Tytgat, EASA director of strategy and safety management said.
Tytgat said aviation systems were subject to an average of 1,000 attacks each month.
However, the biggest concern has come from the fact that there is potential for a plane to be brought down by someone who is able to hack into its internal system.
A hacking expert, who wished to remain anonymous, speaking to Sputnik, confirmed that an individual with the right knowledge and capabilities could in fact bring a plane down, if they wished.
“So there are two things happening, the impact an attack has on data security, so that means access to financial details, passenger history and dates of flights. The second issue is the risk to personal safety. Customer data can be accessed if internal networks are not protected, but the serious negligence comes when someone can break into a system and causes a plane to crash,” a hacker told Sputnik.
The possibility of this happening is not an unlikely one, if the hacker or terrorist is on the plane this sort of attack can occur. At the 2015 SteelCon conference, a information security meet-up, speaker Dr Grigorios Fragkos spoke about the possibility that there are flaws and the only equipment needed to cause a crash is a simulator.
There was also the story in 2015 of a computer security expert that managed to hack into a plane’s in-flight entertainment system and briefly made it fly sideways, by telling one of the engines to go into “climb mode.”
“The websites being attacked isn’t a real concern, but plane security is. The guy that demonstrated he could make a plane turn sideways — that was really bad. What if he couldn’t get the plane to turn back, there could have been causalities… He didn’t fully understand what the impact was,” the hacker told Sputnik.
So, what can and should be done to prevent further attacks and to stop potential fatalities? One of the issues is that when software is being developed, the engineers often have more important concerns other then security — and this is a key problem.
“They should be looking at the likelihood of something happening, so the impact is high but the reality of it taking place is low. If you have a risk acceptance process, there should be a list of risks and this should be backed up, based on the existing security problems that may occur,” the hacker said.
There is also a need for security standards to be put in place so that if a security hack were to take place, people would be alerted before a plane was placed in jeopardy.
“There is a saying in Russia, ‘trust but verify,’ so assume security is good but back it up. Also the most important thing is logging and alerting any security issues, so that guys who are managing the network know the details such as time and IP address, so they can at least know who was on the plane and what can be done and all of this should be sent to the black box, so that it can be examined,” the hacker told Sputnik.
