FLY ME TO THE MOON…WELL…MAYBE NOT!
Background
Historically a plane’s control systems have been very manual, based on hydraulics and mechanical circuits, with some form of automation of the control systems, however in the last couple of decades the control system have been upgraded and today most modern jetliners are controlled by electronic control systems – Also known as a fly-by-wire controls.
These upgrades have been required in order to increase reliability as well as support the increased functionality required by the control systems to operate more and more sophisticated engines and bigger and bigger planes.
These electronic control systems have a lot of resemblance to the normal Ethernet cables that you know from at home, connecting your internet connection, telephones and all such of other electronic services.
However apart from a control system there is also other systems in a plane which relies on electronic systems – This being the inflight entertainment systems as well as the Wireless internet systems we utilize when we surf the internet on the plane.
The recent articles and speculation is around the interfaces between the control networks and entertainment networks, and if you can modify the planes control systems from the entertainment networks.
Should I worry:
There are some fundamental things which have been done to protect against such attacks – First of all there is a strong separation between the entertainment system and the avionics control systems.
Of course after the recent claims there is a lot of scrutiny around ensuring that this separation is sufficient – In fact the recent claims from Cyber Security researchers is in the longer run positive, as it hopefully allows us to identify the sufficient levels of separation and I am very certain that we are not even able in theory to do anything bad to a plane in the air.
We do not know too much about the actual claims made by the Security Researchers, however there is widespread speculation that he actually needed some form of physical access to the control infrastructure – But there are still no real public ressources saying what happened.
A small infographic was released by gulfnews based on the flood of speculations coming out right now on the internet and twitter, who is glowing with speculations and interest.
http://gulfnews.com/news/americas/usa/hacker-s-jet-control-sparks-flight-safety-worry-1.1516080
One thing I would like to highlight though is that I would much rather be on a modern plane with modern control systems then an older one, and the technology also holds a lot of benefits to safety – As an example the past couple of years we have seen some fatalities in airplanes caused by pilots on purpose crashing a plane – Here technology holds a lot of promise in making sure such actions are not possible etc.
It does highlight some other more general concerns which is that our world is becoming more and more connected – How do we deal with modern cyber security threats when our devices are becoming more and more connected.
A good example is the connected cars, which are starting to have various levels of automation, even to the level of being self-driving and steering – How do we protect these, and is the right level of cybersecurity resilience build into the design of such devices.
One thing is quite certain – When you buy an Airbus A380 for 450M USD there is bound to be more security investments in a plane, then in a 20.000 USD car – So how do we make security affordable and efficient enough even in consumer grade products?
It is also a more ethical problem we have, which is where does technology stop – As an example a lot of genome based medicine is created on computers today and we have seen huge leaps and benefits to mankind for this, but if we are utilizing computers for this, how do we ensure that a malware is not infecting how a medicine is working – Could a virus in a computer system actually build a virus in the human body? Maybe farfetched, but with the rate that our lives are impacted by the revolution of technology these are questions we need to start thinking about.
One of the philosophers of cyber security of Cyber Security (yes there is such a thing), Mr. Bruce Schneier presented his view on this at the resent RSA Conference in San Francisco, and it got me to think about that there may be limits to what we actually can achieve with technology.
We are of course no where near this today, but in the next 30-50 years these are some of the fundamental questions we will need to start thinking about.
Back to the topic of planes…Yes, it is safe to fly – There is more people injured in traffic on the way to the airport then in plane-crashes – but like anything else with security it is important to scrutinize any potential issue, especially as a sophisticated attack may become commodity the next day.
