Can a Boeing 777 Airliner be Brought Down by a Cyber Attack?

15
146

Bottom line: It is not only conceivable, but Boeing itself has warned about it.

As a former United States Air Force Aviator, and also an Electronic Warfare Officer on B-52s for several years, I’ve learned that aircrafts are vulnerable, just like everything else. My time spent in service to our country provided me unique insight into these security vulnerabilities and that’s why I feel this is an opportunity for me to share the knowledge I’ve gained from my experience, especially as the discussion of airline safety fills daily headlines.

Some notable things (not always noted) about this threat:

  • First, listed in the Federal Register, (an item amazingly and often overlooked) is an issued guidance by the Boeing Company to the government on the special conditions on Boeing 777s.
  • Second, the mobile threat of information security no longer refers to our mobile phones, but rather, and more importantly, the embedded systems used in many of our modern day mechanical devices – cars, TVs, refrigerators, and yes, commercial aircrafts.

Why are these two points relevant? Because the cyber threats of yesterday were distant notions to the everyday common citizen. Businesses accosted by “cyber burglars” and threatened infrastructure of foreign countries weren’t and still aren’t relatable by everyone. This new threat hits home and is as real as the threat of terrorism the U.S. felt on Sept. 11th.

777

The following is the text listed by the US Gov’t on the Boeing 777 aircraft: “These special conditions are issued for the Boeing Model 777-200, -300, and -300ER series airplanes. These airplanes, as modified by the Boeing Company, will have novel or unusual design features associated with the architecture and connectivity of the passenger service computer network systems to the airplane critical systems and data networks.

This onboard network system will be composed of a network file server, a network extension device, and additional interfaces configured by customer option. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.”

Simply stated: the threat to an aircraft from a cyber attack has not been made part of the requirements for the airworthiness of modern day airliners.

Given that cyber attacks have become common and have even affected uranium enrichment centrifuges. (e.g. Stuxnet virus), why and how have we reached this conclusion? Shouldn’t modern day commercial aircrafts be tested for cyber security vulnerabilities prior to granting airworthiness certificates?

In case you’re thinking that we have some time to come up with compensating controls as the threat environment would need to change dramatically for these perceived threats to come together, there was a demonstration during the enormously popular trade-show crucible called “Blackhat.” Using approximately $1,000 of radio equipment, a security researcher demonstrated how an airplane’s signal to an air traffic controller could be “spoofed.”

Security professionals have long understood the threat that embedded systems create for modern day critical infrastructure. We need to test and protect these systems and it’s high time to drive these processes into modern day transportation vendors to ensure public safety.

Like this article? Receive similar articles by subscribing to our blog today!

15 COMMENTS

  1. ATC spoofing technique was demonstrated against new system that is not yet fielded, and certainly is not in use in SE Asia.

    I don’t see it as relevant to your headline regarding bringing down a 777 by cyber attack.

    • Richard, thanks for your comment. Cyber attacks and spoofing are two different threats that can harm commercial aircrafts. With regards to spoofing, you are correct. It refers to the new ATC system called ADS-B which is not fully on line. However, my point with spoofing is not saying it can take down a 777, but to show that this is an additional vulnerability that officials should heed.

  2. Why haven`t aircraft manufactures addressed these problems, or are they handicapped by governments and stupid red tape ..like our congress and senators in not keeping the government funded .! The President and his senate cronies managed to do just that.

  3. I am waiting for someone to address the problem of the cockpit fortress, and the possible mental breakdown of one of the pilots or persons in the cockpit. I believe at least two corrective moves must be made. First program in a lock to always have the transponder on when the aircraft is in the air, with no one in the plane able to shut it off. And second one or more switches located outside the cockpit fortress to activate 121.5, the emergency frequency on the transponder. Almost certainly there were flight members outside the cockpit that knew things had gone terribly wrong and were helpless to break in to the cockpit. There are strong negatives for having the cockpit fortress.

  4. Correction, 121.5 is on the radio transmission. This should still be available with a separate radio located outside the fortress.

  5. In other words, you need to equip your self with professional high end cameras and
    accessories such as flash, various types of lenses, rechargeable batteries, storage devices
    and cases, tripod and software. It even included a life-size wooden Indian that was Dee Flagg’s constant companion while he drove his
    1914 American La France fire truck around the Southwest selling
    his carvings. Wedding is something remembered for the rest of life.

LEAVE A REPLY

Please enter your comment!
Please enter your name here