Homeland Security Today
Aviation Cybersecurity – Could the Strongest Link Become the Weakest?
by Kylie Bielby
The Federal Aviation Administration is putting airlines, travelers and the United States at risk from cyber attacks, according to a rather damning report from the Government Accountability Office (GAO).
GAO highlighted a number of weaknesses in the FAA’s cyber defense of avionics systems, including a failure to test vulnerable systems, a lack of cybersecurity training, and not prioritizing cyber risks.
The FAA received $3 million in funding in fiscal year 2017 to develop and implement an integrated cyber testbed at the FAA Technical Center in Atlantic City, New Jersey, to address cybersecurity requirements for air traffic control and to identify and address cybersecurity risks in avionics systems. However, FAA officials told the recent GAO review that the cyber testbed does not test avionics systems for cyber vulnerabilities.
Terrorism’s big prize
Modern commercial airplanes use avionics systems and networks to share data—for GPS, weather, and communications, for example—with pilots, maintenance crews, other aircraft, and air traffic controllers. Airplane manufacturers have high-level cybersecurity controls in place for these systems, but the FAA is responsible for overseeing the safety of commercial aviation, including avionics systems. The growing connectivity between airplanes and these systems presents increasing opportunities for cyber attacks on commercial airplanes, and with attacks increasing in sophistication and number across all sectors, it is only a matter of time before hackers turn their attention to the big prize and attempt to create another 9/11.