U.S. Airliners Could Be Vulnerable to In-flight Hacking, GAO SaysEngineering360 News Desk | April 16, 2015
A report from the U.S. Government Accountability Office (GAO) is warning that domestic commercial airliners could be hacked in-flight by passengers using a plane's wireless entertainment system to access its flight controls.
That is just one of the cybersecurity weakness pointed out by the GAO report, which says that the Federal Aviation Administration (FAA) must address these issues as air traffic control systems continue to evolve with next generation technology.
"Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors," the report is quoted as saying.
One cybersecurity expert said that even "a virus or malware" planted on websites visited by passengers could offer an opportunity for a malicious attack.
The GAO report says the FAA faces cybersecurity challenges in at least three areas:
(1) protecting air-traffic control information systems,
(2) protecting aircraft avionics used to operate and guide aircraft and
(3) clarifying cybersecurity roles and responsibilities among multiple FAA offices.
Cybersecurity experts told GAO that the on-board firewalls intended to protect avionics from hackers could be breached if flight control and entertainment systems use the same wiring and routers.
GAO recommends that the FAA:
1) assess developing a cybersecurity threat model,
2) include the agency's Office of Safety as a full member of the Committee and
3) develop a plan to implement National Institute of Standards and Technology revisions within with federal Office of Management and Budget's time frames.
The report says FAA concurred with the first and third recommendations, but believes that its safety office is sufficiently involved in cybersecurity.
The news was reported by the Reuters news agency.