Airlines step up efforts to tackle cyber security risks

Airlines step up efforts to tackle cyber security risks

BY VICTORIA BRYAN

The aviation industry is stepping up efforts

to enlist coordinated international

support in the battle against the threats

posed to airlines and passengers by

hackers and those seeking to exploit IT

systems

The security of commercial airlines and

whether the systems crucial to fly

planes are vulnerable to cyber attacks

hit the headlines in April after a security

researcher claimed that he had been

able to hack into flight controls via his

under seat entertainment unit.

Along with Wi-Fi and electronics on

board, airlines, airports and air traffic

management companies are sharing

more information than ever before to

make flying more efficient and deal with

increasing numbers of passengers.

But that provides more interfaces that

can be exploited by attackers, aviation

industry representatives said at the

AVSEC World aviation security conference

in Dublin on Monday. Those seeking

to do mischief also know that

attacking an airline will guarantee maximum

impact, they said.

As part of initiatives to shore up the industry's

defenses, a team has been put

together by leading aviation industry associations

to work on a declaration on

cyber security to put to members of the

United Nations' aviation safety arm next

year.

One of the issues being looked at, for

example, is the security of the ADS-B

system on aircraft, which sends information

on a plane's position. The data

is unencrypted, which could make it

susceptible to outside interference.

"Protecting our industry from cyber

threats is hard, probably one of the

hardest things we are facing because

we do not know what we are facing or

for what we have to prepare," said Jeff

Poole, director general of the Civil Air

Navigation Services Organization

(CANSO), highlighting the swiftness

with which the threat is changing.

UNITED NATIONS

Poole is part of the team coming up with

recommendations that will be presented

to the International Civil Aviation Organization

(ICAO) next September, when

the U.N. body holds its regular triennial

meeting.

It will then be up to ICAO member

states whether to sign the declaration or

not, though this would not impose any

mandatory standards.

Jim Marriott, the ICAO's deputy director

aviation security and facilitation,

said that signing a declaration would be

a statement from member states that

they are taking the issue seriously.

States are also free to take action at a

national level before then, he said.

"We can only go so far ourselves as an

industry. States have an important role

to play," Poole said.

Aircraft manufacturers can also do their

bit, said Tony Tyler, director general of

the International Air Transport Association

(IATA), particularly as they often

have experience in the military sector.

Boeing's director for aviation security,

James Vasatka, told the conference that

his company hires hackers to test the

systems and software it puts on its

planes.

"They (the hackers) are absolutely

stunned at the quality we put in our software

and products. It would be very difficult

in today's environment to disrupt

that for the flight-critical systems," he

said.