The historical cause of airplanes being lost has been limited to operator error, a massive mechanical failure, weather, and a terrorist act. Technological advances, however, now require that we add to the list the potential for a cyber attack. This is not rank speculation, a conspiracy theory, or cyber hysteria. Rather, the potential for disabling a commercial aircraft using a cyber attack, while remote, is a fact well understood by both the Federal Aviation Administration (“FAA”) and the aviation industry. As the operation of planes—like everything else in society from cars to blenders—becomes more dependent on software and interconnectivity, the concept of a cyber attack on a commercial airplane should not be dismissed out of hand.
Why consider a cyber attack?
Start with the guidance offered by aviation and military defense experts. Last year, the North American Treaty Organization (“NATO”), the military organization whose essential purpose is to safeguard the freedom and security of most Western countries, held a meeting in Istanbul with senior executives from five international defense contractors to consider “[w]hat will be the biggest threats in the next 10 years?” Participants included aviation heavyweights Jeff Kohler, V.P. of International Business Development for Boeing, Steve Williams, President of Continental Europe for Lockheed Martin, and David Perry, Corporate V.P. for Northrop Grumman. This illustrious group concluded that, in light of computerization of important systems and the trend toward interconnectivity, the most significant threat was the potential for cyber attacks—in particular, attacks involving military/commercial/passenger aircraft.
Addressing the very topic of this article, Mr. Kohler acknowledged his company is “very concerned” about threats to software systems operating modern aircraft and the need for cyber protection. He then made two observations that, in light of current events, come across as ominous:
From our commercial aircraft side we’re very concerned about it. As commercial aeroplanes become more and more digital and electronic, we have actually started to put cyber protection into the software of our aeroplanes.
If they enter an airport environment, they are starting to exchange information and so we have to be able to protect the aircraft’s software itself, so there’s a lot of issues coming down the road just on cyber alone.
Driving home the point, Martin Hill, V.P. of Defence, EU, and NATO affairs for electronic systems company Thales, added: “Every single item that we have depends on cyber” and “[a]ll of our critical infrastructure is controlled by some sort of network. This has to be the area where we’re going to face problems and where we’ve got to spend a fortune.”
Mr. Kohler’s concerns are not surprising when one considers that in 2012, two Cambridge experts announced they had discovered a “back door” in a computer chip used in military systems and some newer passenger aircraft, which could allow the chip to be taken over via the Internet. A subsequent report by U.S. authorities found that a network in the cabin of the effected aircraft that were designed to give passengers Internet access could be used to access the aircraft’s control, navigation, and communication systems. For its part, Boeing indicated this security concern had been addressed before the official report was issued. In 2011, the threat of cyber terrorism was also the focus of the International Air Transport Association (“IATA”), which directed airlines to “remain on their guard” because cyber attacks poses “especially serious challenges for airlines that will be taking delivery of the new generation of aircraft.”
In addition to the observations discussed at the NATO Review in Istanbul and IATA guidance, on November 18, 2013, the FAA issued a “special condition” pertaining to Boeing Model 777-200, -300, and -300ER series airplanes. The FAA action addressed modifications that enabled connections between systems accessible by passengers (in-flight entertainment networks) to previously isolated data networks/systems that perform the functions required for the safe operation of the airplane. The FAA noted that the modifications:
… may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance.
The potential to use in-flight entertainment systems to access previously secure core systems was troubling because airplanes at issue have fly-by-wire controls, software-configurable avionics, and fiber-optic avionics networks.
To address the vulnerabilities caused by the in-flight entertainment systems, the FAA required Boeing to ensure that:
… the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations.
… appropriate procedures [be established] to enable the operator to ensure that continued airworthiness of the aircraft is maintained, including all post STC modifications that may have an impact on the approved electronic system security safeguards.
Note that these requirements apply only to the Boeing Model 777-200, -300, and -300ER series airplanes.
Unfortunately, as evidenced by the NATO Review and FAA action, when considering the cause of future plane crashes, cyber attacks will now be listed right alongside weather, mechanical failures, and human error. This means that the manufacturers and regulatory bodies responsible for the safety of air transportation must seriously focus on the potential for a cyber-hijacking and take all possible steps to prevent such a tragedy.