By Nicolai Solling, Director of Technology Services at Help AG
The recent story about a cyber security consultant who allegedly hacked into the IT systems of a commercial airliner and gained access to its in-flight controls has made headlines across the globe.
With security always being a prime concern in the airline industry, this has raised a number of questions and experts as well as the general public are eager to know the extent to which this story is true.
A brief background
Historically a plane’s control systems have been very manual, based on hydraulics and mechanical circuits, with some form of automation of the control systems, however in the last couple of decades, the control systems have been upgraded and today most modern jet-liners are controlled by electronic control systems – also known as a fly-by-wire controls. These upgrades have been required in order to increase reliability as well as support the increased functionality required by the control systems to operate more sophisticated engines and bigger and bigger planes.
These electronic control systems have a lot of resemblance to the normal Ethernet cables that you know are likely to have used at home in order to connect your internet connection, telephones and other such electronic services. However apart from a control system, there is also other systems in a plane which rely on electronics. These now include the in-flight entertainment systems as well as the Wireless internet systems we utilize when we surf the internet on the plane.
The article which recently made headlines has raised some speculation around the interfaces between the control networks and entertainment networks, and forced concerned parties to question whether a hacker can modify the planes control systems from the entertainment networks.
Should I worry?
There are some fundamental things that airplane manufacturers and their related partners have done to protect against such attacks. First of all, there is a strong separation between the entertainment system and the avionics control systems.
Of course after the recent claims there has been a lot of scrutiny around ensuring that this separation is sufficient. Unfortunately, we do not know the veracity of the claim made by the Security Researcher, and until there is precise information, it is very difficult to say what is possible, or if it is indeed possible. The positive impact that this has had will be evident in the long run, as it will hopefully allow the cyber security community to identify and implement the necessary levels of separation such that passengers can be assured that hackers can do no harm to a plane in the air.
One thing I would like to highlight though is that I would much rather be on a modern plane with modern control systems then an older one, and the technology in question still holds a lot of benefits to safety. As an example, the past couple of years, we have seen some deeply disturbing fatalities in airplanes that have been traced to intentional or unintentional pilot error. In these cases, technology holds a lot of promise in making sure such actions are not possible.
The story also highlights some other more general concerns which is that our world is becoming more and more connected. How do we deal with modern cyber security threats when our devices are becoming more and more connected? A good example is connected cars, which are starting to have various levels of automation, even to the level of being self-driving and steered. How do we protect these, and is the right level of cybersecurity resilience build into the design of such devices.
One thing is quite certain – When you buy an Airbus A380 for $450M, there is bound to be more security technologies installed in it than in a $20,000 car. So how do we make security affordable and efficient enough even in consumer grade products?
It is also raises more ethical problems such as the question of where does technology stop? As an example, a lot of genome based medicine is created on computers today and we have seen huge leaps and benefits for mankind from this. But if we are utilizing computers for this, how do we ensure that a piece of malware is not infecting how medicines are working. Could a virus in a computer system actually build a virus in the human body? While at present, this may sound a bit far fetched, with the rate that our lives are impacted by the revolution of technology these are questions we need to start thinking about.
Back to the topic of planes however. Yes, it is safe to fly! There are significantly more people injured in traffic on the way to the airport then in plane-crashes – but as with the security of anything else, it is important to scrutinize any potential issues, especially in the cyber domain as a sophisticated attack today may become commodity the next day.
Picture Courtesy: www.freedigitalphotos.net