How cyber (in)secure is civil aviation?

IAI

If you have a spare 15 minutes it is worth looking at the Israel Aerospace Industries (IAI) video presentation on the state of cyber within the civil aerospace industry. It is not all bad but there is a real need to step up investment to guard against ever more sophisticated attacks. Cyber used effectively can thwart attackers but so many systems within airports are connected – passenger data, baggage handling, airport security. Air Traffic Control (ATC) can be hacked with ghost planes by spoofing messages and pretending the hacker is airborne.

IATA predicts that the number of passengers travelling by plane is set to double by 2035. In the IATA 2017 Annual Report it notes,

In 2016 some 3.8 billion passengers safely took to the air and some 54.9 million tonnes of goods were delivered as air cargo… There was one major accident for every 2.56 million flights using jet aircraft in 2016. While this was a slight step back on the five-year average (one accident for every 2.77 million flights), flying remains the safest form of long-distance travel…Aviation’s importance goes far beyond the 63 million jobs and $2.7 trillion in economic activity that it supports. 

There is no question the quality and advancement of hardware technologies in aerospace has been a large factor in improving safety. Whether the use of carbon fibre composites in fuselages and wings or the growth in ceramic matrix composites in engines to allow higher temps in the engine to raise fuel economy and reduce emissions. If we think that getting drugs approved by the FDA is hard, getting hardware approved by the FAA is even more difficult. A drug can cause side effects. A plane can’t afford to have any problems for the life of it, usually 25 years or more.

Software (e.g. TCAS, automated landing) has played no small part in enhancing safety but providing adequate protection to ensure systems function as intended is the weakest link. As the speaker says in this video, “we need to collaborate“.

We can’t afford to wait for the first aircraft to go down by such cyber attack means before we act. Remember post 9/11 that impregnable cockpit doors were made mandatory. The doors also allowed the pilots to prevent activation of the entry code to prevent would be hijackers from entering by taking a stewardess hostage. In March 2015 a Germanwings co-pilot Andreas Lubitz, activated this function when his pilot took a restroom break  to commit suicide along with 150 passengers. The activation codes used by the pilot did not work. Technology can sometimes have unforeseen consequences.

Slightly off topic, though no less important, alcoholism and flying is also an issue. The FAA sites, a minimum “8 hours from “bottle to throttle.”” Between 2010 and 2015, FAA records show 64 pilots in the US were cited for violating the alcohol and drug provisions, and in 2015, some 1,546 personnel who must ensure airline safety, including 38 pilots, tested positive for one or more of five illegal drugs. In India, between 2011 and 2016, a total of 188 pilots across the country were found to have high blood alcohol levels during checks.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s