Recently the United States Government Accountability Office published a report warning the Federal Aviation Administration that aviation faces cybersecurity challenges in “at least three areas”, including the protection of aircraft avionics used to operate and guide aircrafts.
The media interpreted this warning to mean, “Modern aircrafts can be hacked and commandeered through onboard Wi-Fi”. But, is it really that bad?
We have a detailed statement made by Andrey Nikishin, Head of Future Technology Projects at Kaspersky Lab, on this controversial topic: “As a fairly frequent flyer, I had mixed feelings about the news that modern planes can be hacked. Readers who are not familiar with how modern planes operate might get the impression that an intruder with a laptop can easily seize full control of a plane. In reality, that isn’t quite the case. A modern passenger plane has multiple computer networks, and those networks share data of differing levels of importance, transferring the necessary information between them.
At the same time, there is another network, Information Management On-Board, which covers less important functions, such as monitoring the state of the plane’s various systems, weather data etc., as well as passenger Wi-Fi connections. The passenger network is isolated from other functions by a firewall. The article discussed the possibility of breaking though that firewall and getting into the Information Management network.
In other words, the safety-critical network is ultimately isolated from the Info Management network and nobody can just go ahead and hijack the plane’s operations via a computer. At the same time, at least in theory, an attacker might succeed in influencing the data coming from the health monitor, navigation or weather report systems.
Naturally, this would require familiarity with the relevant protocols and an understanding of the data formats involved. As far back as 2008, Boeing was warned that a passenger Wi-Fi network should not be physically connected to the plane’s internal and security networks. The manufacturer promised to fix this issue and, apparently, found an easy fix – that is, installed a firewall.
I believe, however, that the problem lies much deeper: we cannot use old technologies in the modern connected world and hope that nobody will hack them simply because it is difficult and expensive. It is high time to bring the communication protocols used in aviation up to date and in line with today’s realities. This is a process that should have started yesterday rather than today. Clearly, upgrading planes will be expensive – but new systems can and should be designed to meet today’s and tomorrow’s needs and requirements, and the highest level of security must be provided”.
The U.S. Federal Aviation Administration and its counterpart in the European Union have cleared the use of computers and mobile devices, though flyers will still be prohibited from using onboard Wi-Fi and from sending and receiving text messages, calls, and emails during takeoff and landing. Obviously, once in the air, travelers have for some time been allowed to connect to onboard Wi-Fi networks. It is likely however that this relaxing of rules will spur more people to connect to those networks than currently do, causing us to wonder, how safe is onboard Wi-Fi?