Aircraft entertainment systems and avionics are not linked.
A recent report about a cyber security consultant who allegedly hacked into the IT systems of a commercial airliner and gained access to its in-flight controls has made headlines across the globe. With security always being a prime concern in the airline industry, this has raised a number of questions, and experts as well as the general public are eager to know if the story is true. Modern passenger aircraft are controlled by electronic control systems – also known as a fly-by-wire controls. These controls have been used for more than two decades now, with upgrades, which have increased reliability as well as support the increased functionality of the systems to operate more sophisticated engines of bigger planes.
These electronic control systems have a lot of resemblance to normal Ethernet cables that are used to connect your internet, telephones and other such electronic services. However apart from a control system, there are also other systems in a plane which rely on electronics. These now include the in-flight entertainment systems as well as the Wireless internet systems we utilize when we surf the internet on the plane.
The report that recently made headlines has raised some speculation around the interfaces between the control networks and entertainment networks, and forced concerned parties to question whether a hacker can modify the planes control systems from the entertainment networks.
Should I worry?
There are some fundamental things that airplane manufacturers and their related partners have done to protect against such attacks. First of all, there is a strong separation between the entertainment system and the avionics control systems.
Of course, after the recent claims there has been a lot of scrutiny around ensuring that this separation is sufficient. Unfortunately, we do not know the veracity of the claim made by the security searcher, and until there is precise information, it is very difficult to say what is possible, or if it is indeed possible. The positive impact that this has had will be evident in the long run, as it will hopefully allow the cyber security community to identify and implement the necessary levels of separation such that passengers can be assured that hackers can do no harm to a plane in the air.
One thing I would like to highlight is that I would much rather be on a modern plane with modern control systems then an older one, and the technology in question still holds a lot of benefits to safety. As an example, during the past couple of years, we have seen some deeply disturbing fatalities in airplanes that have been traced to intentional or unintentional pilot error. In these cases, technology holds a lot of promise in making sure such actions are not possible.
This incident also highlights other general concerns because our world is becoming more and more connected. How do we deal with modern cyber security threats when our devices are linked? A good example is connected cars, which are starting to have various levels of automation, even to the level of being self-driven and steered. How do we protect these, and is the right level of cybersecurity resilience built into the design of such devices?
One thing is quite certain – when you buy an Airbus A380 for $450M, there is bound to be more security technologies installed in it than in a $20,000 car. So how do we make security affordable and efficient enough even in consumer grade products?
Yes, it is safe to fly. There are significantly more people injured in traffic on the way to the airport than in plane-crashes — but as with the security of anything else, it is important to scrutinise any potential issues that may arise in the future, especially in the cyber domain.
Nicolai Solling, a leading IT security expert, is the Director of Technology Services at Help AG