Cybersecurity Challenges in Aviation

June 2016

In recent years, the Federal Aviation Administration (FAA) has been stepping up modernization efforts that involve shifting air traffic control from ground-based technology to satellites. Airplane systems are also becoming increasingly automated and more connected to computer systems. While modernization has resulted in greater efficiency for the aviation industry, it has also made the industry vulnerable to cyber-attack. Aircraft Builders Council released a free, 5-page white paper that discusses aviation cyber security.

Responding to Cyber Challenges in the Aviation Industry

In the past decade, the Federal Aviation Administration (FAA) has been modernizing the Air Traffic Control (ATC) system through its Next Generation Air Transportation System (NextGen), an Internet Protocol (IP) based technology that will replace radio communications with satellite-based communications. While this new technology allows the FAA to efficiently gather and distribute data to effectively conduct ATC functions, ATC systems are now at a greater security risk.

In a report released by the U.S. Government Accountability Office (GAO) in 2015, the government agency that increasing interconnectedness in the aviation industry can potentially provide unauthorized remote access to aircraft avionics systems.

This paper looks into recent cyber-attacks experienced by the industry, as well as the steps being taken to ensure aviation safety amid cyber threats. It also discusses the Cybersecurity Standards for Aircraft to Improve Resilience Act of 2016, or the Cyber AIR Act (S.2764 – 114th Congress) which would require all domestic and foreign air carriers and manufacturers of aircraft or electronic control, communications, maintenance, or ground support systems for aircraft to report cyber-attacks to the FAA and for the for FAA to then report to Congress.

On May 9, 2016, the OIG released a report that the Transportation Security Administration (TSA) is failing to comply with the most basic of cybersecurity protocols. The OIG conducted a series of tests of checkpoint operations in real world conditions and the system as a whole: “The failures [found] included failures in the technology, failures in TSA procedures, and human error.  We found layers of security simply missing.