Aircraft cyber risks seen as low but potentially catastrophicPosted On: Jan. 8, 2018 12:00 AM CST
A reported incident of a Boeing 757 being hacked has raised concerns about the vulnerability of planes to cyber attacks, even though risk management experts believe the risk is relatively low.
During the November CyberSat17 Conference on security in aerospace in Tysons Corner, Virginia, Robert Hickey, aviation program manager at the Cyber Security Division of the U.S. Department Homeland Security’s Science and Technology Directorate, was quoted as saying he had remotely hacked into a narrow-body twin-engine jet airliner in 2016. While not going into details for security reasons, news accounts said Mr. Hickey said his team gained access into the aircraft through the 757’s “radio frequency communications.”
A DHS spokesman said in an email that “while certain details of the assessment remain classified, the comments made during the 2017 CyberSat Summit lack important context, including an artificial testing environment and risk reduction measures already in place.”
“Along with our federal and industry partners, DHS takes aviation cyber security seriously and works with both researchers and vendors to identify and mitigate vulnerabilities in the aviation sector,” the spokesman said.
In 2015, the U.S. Government Accountability Office said the Federal Aviation Administration “has taken steps to protect its (air traffic control) systems from cyber-based threats.” However, “significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system,” the GAO said in its report. “FAA has agreed to address these weaknesses.”
The Boeing 757 is no longer in production, though many are still in service. Chicago-based Boeing Co. said in a statement that “we firmly believe that the test did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”
Steve Bridges, Chicago-based senior vice president of the cyber and errors and omissions practice with JLT Specialty USA, a subsidiary of Jardine Lloyd Thompson Group P.L.C., said hacking into an airplane is something that’s “more theoretical than in practice.”
“We’ve seen white hat hackers go and prove they can get into a system,” Mr. Bridges said, “so in theory, yes, it could happen. When you think about the result, the losses are horrific. I’m sure the manufacturers and the airlines are doing everything they can to address that issue, but it’s a lot of work because it’s probably not something they considered years ago when these systems were built.”