Cyber-Terror In The Skies

Before 9/11, airplane hijackings were seen as something out of a Hollywood screenwriter’s imagination. Major movie plots tend to echo the societal themes of the day, in character scenarios and in some cases, technology. There is quite a plethora of cyber-crime themed movies that accurately predicted our future. If we take a moment to stop and notice, nearly everything around us is becoming more digitized than ever – from the navigation and control systems on cars, or the Wi-Fi-enabled temperature sensor in backyard grills. You can’t escape it, so it is little surprise to discover how much technology goes into a modern aircraft. Beyond flight entertainment, Wi-Fi, and LED lights, are intricate sensors, controls, and computing systems that interconnect together to provide the safest, best flights possible. Sadly, in the modern world, the public now lives with a very real awareness about how real the terror of hijacked planes can be. And as time has passed the potential for terror in the skies has taken on a technological twist.

Been Hacking a Long Time

The horrifying possibility of cyber-attacks against commercial flights has haunted the airline industry for a number of years. One of the first incidents to capture public attention was when security researcher Chris Robert was pulled off a domestic flight by the FBI after he claimed that he had briefly seized control of the plane. Another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while in flight, from the ground at the Black Hat cybersecurity conference in Vegas. The cybersecurity researcher said he had exploited weaknesses in satellite equipment to hack into the planes remotely.

f a plane’s technical systems were compromised by nefarious hackers, we would be dealing with a very dangerous threat. And we have had some very close calls. For example, several years ago a malware infection prevented a Spanair flight from takeoff. In that case, the detection occurred before flight was even possible, but the whole scenario highlights a significant risk and a threat that looms as ever present.

Down To Earth

Protection in the air is one thing, protection from potential malicious passengers-turned-hackers is also noteworthy, but what about the protection to other points of the flight industry’s technology chain? Are mission critical IT systems as vulnerable as satellites and onboard computers have proven to be?

Think about this the way a hacker might look at it. When attacking a fort, nobody tries to go through the guarded front gates. They slip in over an unguarded wall or they show up disguised as the gate maintenance team. In other words, hackers find ways to go around perceived obstacles, and all the expensive fortifications or processes to find a vulnerable point of entry.

For example, bugs and malicious software can find their way in during a simple software update. Updating software is a good practice, but the potential for something dangerous to happen during these very specific times is ever-present. Almost like the vulnerable moments when vigilance is down during the changing of the guard. Conditions like this force us to validate versions, baseline systems, and to be aware of how to identify and isolate threats. They force us to monitor for behavior and metrics of compromise. In that way, the security challenges seen relate closely to enterprise security.

The Real World vs Hollywood

Planes like any other interconnected IT system can be hacked, and chances are they will be hacked at some point. The question at this point is not really if but when. Hopefully we can predict and preempt whatever that sober incident turns out to be using intelligent precautions, process, and technologies. And should this terrifying situation ever come to pass, we would also hope that swift recovery is triggered according to well-laid disaster plans. Even if we are not in the airline industry, we should adopt that same mentality for our own mission critical internal IT systems.

Are we sufficiently monitoring and protecting our mission critical systems from cyberthreats throughout the service lifecycle of our own IT infrastructure? If planes can be hacked, no enterprise IT system is safe. The same questions asked about addressing vulnerabilities and disaster recovery preparation should be directed toward every IT system, in every organization.

It is important to recognize that when it comes to commercial flights, the stakes could not be any higher as human lives are on the line. Thankfully, industry leaders and government task forces are dedicated to devising solutions that tackle cyberthreats against the commercial flight industry in a proactive fashion. Hopefully their awareness and due diligence will ensure this remains a theme for Hollywood thrillers and not a possible opportunity for another devastating terror attack that weaponizes commercial airliners.

This article was originally published in Forbes, please follow me on LinkedIn.