The Airline Industry Gets Serious about Cybersecurity

The airline industry is, some would say ‘finally’ making a concentrated push to engage and enlist international support on a global scale to combat the threat of malicious hackers and attackers.

It was in April this year when Chris Roberts, a professional security researcher and white-hat hacker took to twitter to claim the ease in which he could hack the inflight control systems by simply plugging into the airplane’s CAN (Controller Area Network), under his passenger seat.

Although it was meant as a joke at the time of posting his thoughts on Twitter, the two FBI agents waiting on arrival didn’t get the humor. Nor did United Airlines, the airline industry or law enforcement agencies, in general.

Roberts, for his part, eventually succeeded in doing what good white-hat hackers and security researchers do, bring attention to a vulnerability.

Also read:  Career Hacker Fleeced by the FBI in Syracuse

In a coming together in Dublin on Monday, the AVSEC World Aviation security conference took place to address, discuss and find solutions to all sorts of vulnerabilities that could cause havoc to the airline industry. The attendees and speakers agreed that unlike most other security breaches or cyber-attacks, a targeted airline will guarantee maximum impact, reports Reuters.

The conference has yielded several initiatives, chief among which a team of leading aviation industry associations have banded together in a solemn declaration on cybersecurity to put forward to members of the United Nations’ Aviation safety arm next year.

The director general of the Civil Air Navigation Services Organization (CANSO) Jeff Poole notes:

Protecting our industry from cyber threats is hard, probably one of the hardest things we are facing because we do not know what we are facing or for what we have to prepare.

An issue long highlighting the worrying lack of cybersecurity measures in an airplane is the Automatic Dependent Surveillance – Broadcast (ADS-B) system in an aircraft. Akin to a transponder, the system periodically determines the plane’s position via satellite before sending it to a ground station, ensuring that the plane can be tracked. Significantly, the data sent from the system is unencrypted, leaving it to an exploit by outside interference.

The team of experts will present recommendations and suggestions to improve cybersecurity measures at the International Civil Aviation Organization (ICAO) in September 2016 when hosting its third annual meeting.

Poole points to others such as nation states to mandate better cybersecurity measures, a move that could prove to be influential.

“We can only go so far ourselves as an industry. States have an important role to play,” Poole contends.

Airlines have taken their own measures to tackle concerns. United, for instance, rewarded two hackers with a million air miles each after the duo spotted significant vulnerabilities in the airline’s website, as a part of their bug-bounty program.

Image from Pixabay.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.