main

Attack Types & VectorsSecurity

Aviation Accidents: Many Risks Move from Mechanical Failures to Terrorism. Are Cyber-Attacks Next?

May 26, 2016 — by Carl Herberger5

EgyptAir’s 20 Year Terror History:

Some quick thoughts on the most recent loss of EgyptAir’s flight 804 and how persistent terror has been one of the leading causes of accidents in this airlines history. The main questions to be asked as we move forward are as follows:

– If physical terror has played such a major role in aviation accidents, can cybersecurity sabotage be far behind?

– What controls / testing are done to ensure the ongoing operations of jets that rely increasingly on computers are safe and sound?

– What personnel controls are placed on those conducting tests and coding for these aviation systems?

Let’s take a look at EgyptAir’s history and you can be the judge if we have potential future risk.

aviation-industry

EgyptAir Flight 804 Loss in Mediterranean Sea, May 2016

With the loss of EgyptAir’s Flight 804 from Paris to Cairo, we’ve already begun to learn a lot lessons about the state of the aviation industry’s security apparatus. Questions now linger about terror’s human factor in piloting, maintaining and otherwise accessing these aircraft.

In fact, even if this flight accident is deemed a mechanical or geo-political accident (e.g. a missile shoot-down like Malaysian Airlines incident over the Ukraine), it still leaves EgyptAir with nearly a 50/50 chance over the past 20 years of data of an accident originating from terrorism versus mechanical failure, according to statistics from aviation-saftey.net

Then we have the Islamic State, which issued a chilling threat to ‘kill France’ just days before EgyptAir flight MS804 from Paris vanished with 66 people on board. Only days before the disappearance, ISIS gave a murderous warning to France in an online video. The message gives no other clues and seems to give a hint that a convert joined ISIS and was ready to give punishment to the French. Although most of the casualties are Muslim Egyptians, this threat has not been confirmed to link to the crash yet as investigation continues. Also, ISIS does not care about killing Muslims since their code allows it.

[You might also like: Cybersecurity in the Real World: 4 Examples of the Rise of Public Transportation Systems Threats]

EgyptAir Flight 181, Hijacked, March 2016

EgyptAir Flight 181, a domestic flight from Alexandria to Cairo, was hijacked by a male passenger in March 2016. The aircraft, an Airbus A320, departed Alexandria-Borg El Arab Airport (HBE) about 06:30 and was in descent towards Cairo International Airport when it was hijacked. The aircraft turned to the left and headed north, and an uneventful landing was carried out at Larnaca Airport, Cyprus. The hijacker who was arrested claimed to have an explosive belt, however released all occupants except for the pilot, co-pilot, three cabin crew members and three passengers before being taken into custody.

EgyptAir Flight 738, Hijacked, October 2009

A Sudanese passenger on board the EgyptAir flight pulled a knife on a female attendant just minutes after takeoff, saying he wanted the flight diverted to Jerusalem “to liberate it.” Two air marshals overpowered the hijacker, who later turned out to be intoxicated. News media reported the airplane involved to be a Boeing 737 while the EgyptAir timetable suggested the airplane usually used on that flight was an Airbus A320.

EgyptAir Flight 233, Hijacked, May 2000

A man brandished a jar of hair gel and claimed it to be a bomb on board EgyptAir flight 233. The hijacker told the chief flight attendant that he wanted to go to Afghanistan so that he could find a job. After making the demand, the hijacker attempted to storm the cockpit of the Airbus A321 aircraft but was unable to gain entry and was overpowered by crew members. The plane landed in Aswan, where the hijacker was taken into custody and charged with air piracy and threatening the lives of airplane passengers. None of the 19 people on the flight were injured.

EgyptAir Flight 990 loss near Nantucket Island, MA, October 1999

EgyptAir Flight 990 departed Los Angeles International Airport, destined for Cairo, with a scheduled intermediate stop at New York-JFK airport. Two designated flight crews (each crew consisting of a captain and first officer) boarded the aircraft at JFK. After takeoff and leveling off at 33,000 feet four minutes later, the command captain decided to go to the toilet and left the flight deck. About 21 seconds after the captain left the cockpit, the cockpit voice recorder (CVR) picked up the relief first officer quiet statement of “I rely on God.” Shortly thereafter, the autopilot was disconnected and once again the relief first officer stated quietly, “I rely on God.” Again, shortly thereafter, the engine throttle levers were moved from their cruise power setting to idle, and, one second later, the flight deck recorder (FDR) recorded an abrupt nose-down elevator movement and a very slight movement of the inboard ailerons. Subsequently, the airplane began to rapidly pitch nose-down and descend. The relief first officer quietly repeated, “I rely on God,” seven additional times.

[You might also like: 4 Reasons to Believe that Future Cyber Attacks Will Terrorize]

During this time, as a result of the nose-down elevator movement, the airplane’s load factor decreased from about 1 to about 0.2 G (almost weightlessness). Then the elevators started moving further in the nose-down direction. Immediately thereafter the captain entered the flight deck and asked loudly, “What’s happening? What’s happening?” As the airplane’s load factor reached negative G loads (about -0.2 G) the relief first officer stated for the tenth time, “I rely on God.” As the airplane exceeded its maximum operating airspeed (0.86 Mach), a master warning alarm began to sound and the relief first officer stated quietly for the eleventh and final time, “I rely on God,” and the captain repeated his question, “What’s happening?” The US National Transportation Safety Board determined that the probable cause of the EgyptAir Flight 990 accident was the airplane’s departure from normal cruise flight and subsequent impact with the Atlantic Ocean, as a result of the relief first officer’s flight control inputs. The reason for the relief first officer’s actions “was not determined.”

Summary

Aviation terror threats, like water, tend to take the path of least resistance. When thumbs are stuck in the dike new holes are made where the foundation is most weak. We now know through numerous external analysis and documented evidence that the aviation sector is vulnerable to cyberattacks. How long will it be before the terror strikes will evolve in the aviation industry, like they did around the world, to the cyber front? Should you have responsibility for any aspect of these areas please don’t be a bystander and be proactive about onboarding controls and saving peoples lives.

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

5 comments

  • Hopkinton auto body

    February 9, 2017 at 8:28 pm

    So how do you determine that your car may want its brakes repaired or replaced?

    Reply

  • Voucher Codes

    September 13, 2018 at 12:30 pm

    When someone writes an post he/she keeps the plan of a user in his/her brain that how a user can be aware of it.
    Therefore that’s why this piece of writing is outstdanding.

    Thanks!

    Reply

  • rstate

    December 14, 2018 at 11:40 am

    Excluding entire asset classes generally is a tough sell, some financial
    advisers say. Investors ought to be asking instead whether
    an asset class is performing as it should.

    “You could come up with a low-volatility portfolio of hedge funds, and they can end up consistent
    return,” Mr. Stackman of UBS said. “But you’re failing to get the
    generous returns the S. & P. continues to be delivering since 2009.”

    That might be around 2 percent a year for hedge funds versus about 18 percent for the
    S. & P. 500. Many asset classes now take over
    were built with a good run.

    There’s another cautionary argument on private investments.

    Since they are inherently risky, they ought to be undertaken only with the most experienced investors.

    Michael W. Sonnenfeldt, founder and chairman of Tiger
    21, a wise investment club if you have $10 million to $1 billion, said
    the group’s 630 members had increased their investments in private equity and real estate.

    Reply

  • bootstrap 4 hamburger menu

    May 30, 2019 at 2:01 am

    I used to be recommended this blog by way of my cousin. I’m not sure whether this submit is
    written by way of him as no one else realize such distinctive approximately my difficulty.
    You are incredible! Thank you!

    Reply

  • açıkhava

    August 25, 2019 at 9:24 pm

    What a information of un-ambiguity and preserveness of precious know-how on the topic of unexpected
    feelings.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *