FAA Panel to Study Ways to Defend Flight Systems From Hackers
Now, of course, things have changed. The FAA, like its partner agencies in Europe and Asia, is updating its data systems. But those updates are part of a very ambitious, very long-term, plan. That plan needs to be able to meet the challenge of automating the ground-based flight management systems to keep up with advances in technology, and to allow aircraft of all types to stay safe in increasingly crowded skies. Commercial aircraft, meanwhile, are growing dramatically more sophisticated. Flight controls, navigation and other systems from fuel management to air conditioning are now automated. Flight crews may be communicating with their airlines by digital satellite links and of course passengers want WiFi and movies. This means that the FAA, which has already been hit by at least one cyber-attack, is trying hard to make sure its networks stay secure enough to keep hackers out. You may also recall another news report from a few weeks ago about a hacker who claimed to have taken over the engine management systems on board an airliner while he was a passenger. While it's possible that this did indeed happen, it's not necessarily the most critical problem faced by international airlines regulators. The fact is that even if such a thing is possible, the risk is very low because very few people can pull it off, and even fewer can do it without anyone noticing.While the attacks on flight planning and management systems don't necessarily put passengers at risk, because the flights affected are on the ground at the time, they are very expensive. Worse, they have the potential to affect the safety of such flights if the hackers tamper with the wrong data. A good example of this might be in aircraft refueling orders. Order the wrong amount and a flight might not have enough to reach its destination. The FAA is right to start worrying about these issues today. Until now, the airlines have been out of reach for cyber-criminals and hackers. But that only means that they'll try harder and it's a pretty safe bet that one way or another they'll be able to penetrate the networks. The question then becomes how to protect the data on the networks and how to protect the data that goes to the aircraft. Ultimately, the FAA needs to consider how to make sure the information that travels over those networks is safe and is delivered accurately, not on whether it's possible penetrate the network, because it will be penetrated. The problem to address is how to keep that from making a difference.
But other types of cyber-threats are very real. Earlier in June, for example, the operations of LOT Polish Airlines at Warsaw Chopin Airport were disrupted by a cyber-attack on LOT’s flight planning computers. The result was similar to what happened to American Airlines through a software bug, which is to say nearly a dozen flights were grounded and others delayed.