A long time ago I was so fascinated by how one air traffic control system could handle all the planes for three New York Area airports simultaneously, long before there was the internet or even multi user computers, that I wrote a paper on it for part of my post grad degree program. Recently the SenseCy blog has called out some highlights from the AIAA official release of ” A Framework for Aviation Cyber Security” which discussed the connectivity challenge in a networked world..
With the enormous number of computers involved today in air traffic control, airport and ground control, as well as on-board control, the concerns about cyber security in this special industry have expanded dramatically. Perhaps because air travel is the primary method of international travel, plus the fact that other transportation systems don’t fall out of the sky when they fail, more attention needs to be paid to aviation than rail, ship or car travel (not that these others aren’t susceptible to attacks too).
Since the development of drones and their much wider deployment in recent conflicts, even Joe Public knows you can take control of planes from the right computers. This has also been portrayed in movies and TV shows. My concern is that all the attention seems to be paid to protecting these “front end access” systems. But what if malicious code has infected the back end systems or embedded code, for example? Infections that may lie dormant for a long time but then cause a lot of problems. A virus made its way into the International Space Station via a simple USB drive some astronaut brought aboard – so this is not just a theoretical discussion.
I hope and trust that some more attention will be paid to making back-end and embedded systems more tamper-proof before I next leave for the airport.
(C) Copyright 2014 White Hawk Software