Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    FAA Panel to Study Ways to Defend Flight Systems From Hackers

    By
    Wayne Rash
    -
    June 30, 2015
    Share
    Facebook
    Twitter
    Linkedin
      FAA Flight Security

      The Federal Aviation Administration has decided the time has come to take a close look at the security of its data systems. These systems, which include networks that help the agency run the air traffic control system, send radar images to flight controllers and control connections to the radios that keep flight controllers in touch with pilots in the air.

      The FAA has convened a committee of aircraft manufacturers, airline executives and pilots to look into ways to boost the security of these critical systems.

      The concern about data security is a fairly new thing for the aviation business. While airlines and aircraft manufacturers have the same exposure to hackers, malware and nation state spies as any other business, until recently little thought had been given to the data systems that support airline flight systems.

      But that was before things started to break. In April, American Airlines grounded several flights because their onboard flight planning software crashed as flights were leaving the gate in a number of cities.

      Some flights were cancelled and others were delayed. Social media lit up with word that the iPads that pilots were using for flight planning and terminal navigation had crashed and the software they were using had stopped working.

      As it turned out, the problem with the airline’s iPads wasn’t due to hackers or malware, but rather a bug in the mapping program provided by Jeppesen, an aviation and marine navigation software company owned by Boeing. The problem was fixed in a few days when the software was updated. In the meantime, the airline’s pilots flew using paper charts, just as they’d learned to do in flight school.

      However, the American Airlines flight groundings demonstrated clearly just how vulnerable aviation safety might be if something even more serious goes wrong.

      The potential vulnerability was underscored when the FCC admitted that the agency had been penetrated by a cyber-attack shortly before that and was hiring one of its existing consultants, SRA International of Fairfax, Va. on a sole-source contract to help deal with it.

      If you don’t recall hearing any news about an FAA cyber-attack, that’s because the FAA, unlike most businesses, isn’t required to disclose such attacks. But because it’s a government agency, it still has to make its procurement actions public and that’s how the information came to light.

      Fortunately, Washington is overrun with journalists who scour obscure reports for such things and it was Nextgov.com, which is part of Government Executive magazine that published the first reports about the cyber-attack that hit the FAA.

      The attack on the FAA is actually part of a much bigger and more difficult problem. How will the airline industry secure the global web of networks that aviation authorities use to provide data and flight clearances to planes, to update flight plans, and that pilots use to send flight plans and other data to the FAA and to their employers. Those networks, which have slowly evolved since they were first put in place in the 1960s, basically just grew. At first, they were never part of any overall plan.

      FAA Panel to Study Ways to Defend Flight Systems From Hackers

      Now, of course, things have changed. The FAA, like its partner agencies in Europe and Asia, is updating its data systems. But those updates are part of a very ambitious, very long-term, plan. That plan needs to be able to meet the challenge of automating the ground-based flight management systems to keep up with advances in technology, and to allow aircraft of all types to stay safe in increasingly crowded skies.

      Commercial aircraft, meanwhile, are growing dramatically more sophisticated. Flight controls, navigation and other systems from fuel management to air conditioning are now automated. Flight crews may be communicating with their airlines by digital satellite links and of course passengers want WiFi and movies.

      This means that the FAA, which has already been hit by at least one cyber-attack, is trying hard to make sure its networks stay secure enough to keep hackers out.

      You may also recall another news report from a few weeks ago about a hacker who claimed to have taken over the engine management systems on board an airliner while he was a passenger. While it’s possible that this did indeed happen, it’s not necessarily the most critical problem faced by international airlines regulators. The fact is that even if such a thing is possible, the risk is very low because very few people can pull it off, and even fewer can do it without anyone noticing.

      But other types of cyber-threats are very real. Earlier in June, for example, the operations of LOT Polish Airlines at Warsaw Chopin Airport were disrupted by a cyber-attack on LOT’s flight planning computers. The result was similar to what happened to American Airlines through a software bug, which is to say nearly a dozen flights were grounded and others delayed.

      While the attacks on flight planning and management systems don’t necessarily put passengers at risk, because the flights affected are on the ground at the time, they are very expensive. Worse, they have the potential to affect the safety of such flights if the hackers tamper with the wrong data. A good example of this might be in aircraft refueling orders. Order the wrong amount and a flight might not have enough to reach its destination.

      The FAA is right to start worrying about these issues today. Until now, the airlines have been out of reach for cyber-criminals and hackers. But that only means that they’ll try harder and it’s a pretty safe bet that one way or another they’ll be able to penetrate the networks. The question then becomes how to protect the data on the networks and how to protect the data that goes to the aircraft.

      Ultimately, the FAA needs to consider how to make sure the information that travels over those networks is safe and is delivered accurately, not on whether it’s possible penetrate the network, because it will be penetrated. The problem to address is how to keep that from making a difference.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×