Prior to 9/11, plane hijackings were thought to be the stuff of Hollywood scriptwriters. Major movie plots frequently reflect current societal themes in character scenarios and, in some cases, technology.
There are numerous cyber-crime-themed films that accurately predicted our future. If we stop and think about it, nearly everything around us is becoming more digitized than ever before, from car navigation and control systems to Wi-Fi-enabled temperature sensors in backyard grills. You can't avoid it, so it's no surprise to learn how much technology goes into a modern aircraft. Aside from in-flight entertainment, Wi-Fi, and LED lighting, there are intricate sensors, controls, and computing systems that work together to provide the safest, best flights possible.
Unfortunately, in today's world, the general public is well-informed about how terrifying hijacked planes can be. And, as time has passed, the threat of terror in the skies has evolved technologically.
For many years, the terrifying prospect of cyber-attacks on commercial flights has haunted the airline industry. One of the first incidents to garner public attention was when security researcher Chris Robert was detained by the FBI on a domestic flight after claiming to have briefly seized control of the plane.
At the Black Hat cybersecurity conference in Las Vegas, another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while they were in flight from the ground. The cybersecurity researcher claimed he used flaws in satellite equipment to remotely hack into the planes.
We would be dealing with a very dangerous threat if a plane's technical systems were compromised by malicious hackers. And we've had some close calls. A malware infection, for example, prevented a Spanair flight from taking off several years ago. In that case, the detection occurred before the flight was even possible, but the entire scenario highlights a significant risk and an ever-present threat.
Protection in the air is important, as is protection from potentially malicious passengers-turned-hackers, but what about safeguarding at other points in the flight industry's technology chain? Is it possible that mission-critical IT systems will be as vulnerable as satellites and onboard computers have proven to be?
Consider it from the perspective of a hacker. Nobody attempts to enter a fort through the guarded front gates. They sneak in through an unguarded wall or disguise themselves as the gate maintenance team. In other words, hackers find ways to circumvent perceived barriers and all the costly fortifications or processes in order to find a vulnerable point of entry.
Bugs and malicious software, for example, can infiltrate a simple software update. Although updating software is a good practice, the possibility of something dangerous occurring during these specific times is always present.
Almost like the vulnerable moments when vigilance is low during a guard change. Conditions like these require us to validate versions, and baseline systems and understand how to identify and isolate threats. They compel us to keep an eye out for compromise behavior and metrics. As a result, the security challenges encountered are closely related to enterprise security.
The Real World vs Hollywood
Planes, like any other interconnected IT system, can and probably will be hacked at some point. At this point, the question is not if, but when. Using intelligent precautions, processes, and technologies, we can hopefully predict and prevent whatever that sober incident turns out to be. And, if this terrifying situation occurs, we hope that quick recovery is triggered in accordance with well-planned disaster plans. Even if we are not in the airline industry, we should have the same mindset when it comes to our mission-critical internal IT systems.
Throughout the service lifecycle of our own IT infrastructure, are we sufficiently monitoring and protecting our mission-critical systems from cyber threats? No enterprise IT system is safe if planes can be hacked. The same questions regarding vulnerability mitigation and disaster recovery planning should be directed toward every IT system in every organization.
It is critical to understand that when it comes to commercial flights, the stakes could not be higher because human lives are at stake. Fortunately, industry leaders and government task forces are committed to developing solutions that address cyber threats to the commercial flight industry in a proactive manner. Eventually, their awareness and diligence will ensure that this remains a plot line for Hollywood thrillers rather than a potential opportunity for another devastating terror attack that weaponizes commercial airliners.
