Cyber risk is top of mind for many in the insurance industry at the moment, and the aviation industry faces increased risk according to a new report.
Perhaps the most shocking revelation is that a plane's Wi-Fi system could be hacked which could then lead to the attackers controlling the plane as both the Wi-Fi and control system on some planes are linked.
Modern aircraft may be safer than ever but “significant security control weaknesses remain,” which leave them open to cyber attacks, according to the US Government
Accountability Office (GAO).
“As GAO reported in January 2015, FAA has taken steps to protect its ATC systems from cyber-based threats; however, significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system,” the GAO reports.
“Modern aircraft are increasingly connected to the Internet.
“This interconnectedness can potentially provide unauthorised remote access to aircraft avionics systems. As part of the aircraft certification process, FAA's Office of Safety (AVS) currently certifies new interconnected systems through rules for specific aircraft and has started reviewing rules for certifying the cybersecurity of all new aircraft systems.”
According to wired.com,
the Boeing 787 Dreamliners as well as the Airbus A350, use interconnected systems that link avionics with passenger Wi-Fi which could potentially increase “opportunities for systems to be compromised and damaged,” according to the report.
The report also notes that hackers could target planes from the aircraft or from outside thanks to the interconnectivity of these systems.
“One cybersecurity expert noted that a virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines.
“According to five cybersecurity experts, the threat of malicious activity by trusted insiders also grows with the ease of access to avionics systems afforded by IP connectivity if proper controls, such as role-based access, are not in place.
The report stresses that risk mitigation needs to be implemented in the manufacture and designs of aircraft as well as in simple processes that can cut down the risk of attack.
“For example, the presence of personal smart phones and tablets in the cockpit increases the risk of a system being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems.”