Flight or Fright: The Reality of Cyber-Attacks on Planes

21.05.2023

Picture yourself sitting in an airplane, thousands of feet above the ground, when suddenly you realize that someone, somewhere, is trying to take control of the aircraft remotely.

The world has become more interconnected and vulnerable to cyber-attacks as technology advances, and the aviation industry is not immune. This is not a far-fetched, Imaginary scenario. Cyber-attacks on airlines are happening, and this is a nightmare for every airline.  

Even without disastrous consequences, this notion of someone hacking the aircraft systems would scare most passengers and airlines and will cost hundreds of thousands of dollars for the airline. Let’s explore this idea in detail.

Modern airplanes are incredibly complex machines controlled by a network of computer systems, responsible for everything from monitoring the plane’s engines to managing its navigation. While these systems have improved safety and efficiency, they also introduce new potential cyber-attack vulnerabilities. In recent years, there have been several incidents that highlight these vulnerabilities. In 2015, security researcher Chris Roberts claimed to have taken control of an airplane’s engine during a flight using his laptop. While his claims were met with some skepticism, they raised concerns about aviation systems’ security. Over the past 12 months, multiple malfunctions have happened during flights worldwide. As these incidents could not be explained otherwise, they are considered to have occurred by cyber-attacks.

Is it possible for a cyber-attack to remotely take control of a plane? 

The short answer is that it’s possible – yet complicated. While a skilled hacker can gain access to some of the aircraft’s systems, taking control of the entire plane would be much more challenging.

One reason for this is that airplanes are designed with multiple layers of security. To illustrate this point, the cockpit systems are typically isolated from the passenger entertainment systems to prevent unauthorized access. Moreover, many aviation systems use specialized communication protocols that are more difficult to hack.

That being said, a determined attacker can exploit a vulnerability in one of these systems. A case in point is a cybercriminal accessing the plane’s navigation systems and changing its course or interfering with its communication systems. Such attacks could have devastating consequences, primarily if carried out during critical phases of flight.

The aviation industry is partially aware of these risks and is gradually introducing steps to address them. Another aspect to consider is that the Federal Aviation Administration (FAA), the European Union Aviation Safety Agency (EASA), Transportation Security Administration (TSA), and other related organizations have issued guidelines for aviation cybersecurity, and airlines must adhere to some of these requirements by early 2026. 

Additionally, aviation manufacturers are continually improving the security of their systems to make them more resilient to cyber-attacks. It is also worth mentioning that the industry is investing in research and development to stay ahead of emerging threats, but much more is needed.

While the threat of cyber-attacks on airplanes is real, some steps can be taken to mitigate these risks. Awareness, knowledge sharing, proper training and education, and multiple technological solutions can help airlines reduce potential risks. Companies like Cyviation are doing just that and are dedicated to providing top-notch cybersecurity solutions for the aviation industry, helping to ensure that passengers and crew can travel safely and securely.

References:

Wired – “Feds Say That Banned Researcher Commandeered a Plane”

Available at: https://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

FlightGlobal – “Cyber security and the future of aircraft certification.”

Available at: https://www.flightglobal.com/strategy/cyber-security-and-the-future-of-aircraft-certification/136450.article

TSA – “TSA Issues New Cybersecurity Requirements for Airport and Aircraft”

Available at: https://www.tsa.gov/news/press/releases/2023/03/07/tsa-issues-new-cybersecurity-requirements-airport-and-aircraft

EASA – “Upcoming European Regulation – Part 3 Explained”

Available at: https://www.easa.europa.eu/community/topics/upcoming-european-regulation-part-explained-israel-aviation-cybersecurity-summit

FAA – “Avionics Safety: Secured Connectivity – DO-326A/ED-202A, DO-355, DO-356”

Available at: https://www.tripwire.com/state-of-security/avionics-safety-secured-connectivity-do-326a-ed-202a-do-355-do-356

OTHER NEWS

Cyviation-Raises-an-Additional-$4M-Investment
26.06.2024
CyViation Welcomes Eliran Almog as CEO
Cyviation Announces Strategic Partnership
01.12.2023
Cyviation Announces Strategic Partnership on Aviation Cybersecurity Intelligence and Monitoring Solutions
13.11.2023
Hacking the Sky: Planes Need Patching, Too – Interview with CEO Avi Tenenbaum