Joe Scarnici, Getty Images
Industryweek 8932 061715 Airport Airplane Security

The Evolving Cyber Threat to Airplanes

June 17, 2015
'If I could get a signal to the aircraft that caused it to become confused while it's on its final approach, could I cause an incident? My view is yes.'

PARIS Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities  including the fear that drones could be used to throw a plane off course.

Most agree that hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.

U.S. computer security expert Chris Roberts recently claimed to have hacked into a plane’s controls through the entertainment console and to have issued a “climb” command.

But speaking at the Paris Air Show this week, Alain Robic of Deloitte Consulting, an expert on cybersecurity, said the claims were not credible. Robic was working for Airbus in 2005 when a hacker showed them how he could penetrate the flight controls from a passenger seat while they were designing the new A380.

“The bosses were shocked. It was a revolutionary moment. They re-engineered everything to separate the systems so it could never happen again,” he said.

But there are plenty of other risks  and although they are unlikely, companies such as Airbus and Boeing take them very seriously.

David Stupples, a professor of electronic and radio systems at City University in London who advises Airbus, said the latest threat he was exploring was whether a drone could be used to send radio signals to an aircraft and confuse its systems.

“If I could get a signal to the aircraft that caused it to become confused while it’s on its final approach, could I cause an incident? My view is yes,” said Stupples, adding that flying near to the plane could allow the drone to overpower signals from the ground. 

Stopping this kind of activity means preventing drones from flying near airports  something that has only recently become possible with new forms of radar capable of spotting tiny aircraft.

The enemy within 

Stupples said there was a greater threat of an employee with access to the computer data hubs uploading malware to an aircraft’s systems. 

“It could be a dissatisfied employee, or someone who has been bribed or who is doing it for a cause,” he said.

Even this would be almost impossible, since airlines have highly complex, specially-designed computing systems that only a handful of people know how to navigate. 

“Between the probability of someone understanding what they’re doing, the probability of getting the malware in and the probability of it acting like they want  the odds are pretty remote,” Stupples said.

Even if all those factors came together perfectly, hackers would almost certainly not be able to take full control of the aircraft since pilots have manual overrides.

“But to crash, all you have to do is push the flight control systems into an unstable situation,” Stupples said. “I wouldn’t say it’s easy, but it’s possible.”

While public concerns tend to focus on the terrorist risk, companies face a much more immediate and frequent threat from hackers trying to steal their commercial secrets. Hacks can cost tens of millions of dollars to repair and could be used to extort money by planting threats. 

Constantly probing

As aviation goes increasingly digital, threats have adapted.

“A lot of data is now automatically uploaded to planes so they can remove the risk of human error as much as possible,” said a pilot for a major airline, who was not allowed to give his name.

Many airlines now issue their pilots and cabin crew with iPads because they weigh less than piles of charts and passenger logs. 

“The airlines are ultra-strict with us about the security of our iPads and everything else  much stricter than with passengers because they worry about coercion, that our family has been kidnapped or something,” the pilot said.

Robic said it was time for the whole aeronautic industry to create a joint cybersecurity organization to combine their efforts. 

“There is a whole eco-system of staff that needs to be secured. There are a great many actors from development to maintenance, which exposes airlines to cyber risks,” he said. “What they’re doing at the moment is not sufficient.”

Copyright Agence France-Presse, 2015

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!