Navigation systems on commercial airliners and private aircraft could be shut down while in flight by Internet-based hackers because of persistent cybersecurity weaknesses in the Federal Aviation Administration’s newest aviation control system.
The agency is transitioning to a satellite-based control system known as NextGen, but it lacks secure Wi-Fi resources on commercial and general aviation aircraft. Also lacking is technology to alert officials of hacker attacks, according to the Government Accountability Office.
The system isn’t so new now, having been initiated in 2004 to improve safety, reduce fuel costs and increase air traffic efficiency. The projected completion date is 2025 at an estimated total cost of $40 billion. The project has been plagued from its inception by development delays and cost overruns.
Among multiple cybersecurity risks identified by the accountability office was Wi-Fi vulnerability on airplanes. The wireless Internet used by cockpit navigational tools have firewalls but they aren’t sufficient to protect against attackers.
In fact, a hacker could plant a virus on a website visited by a passenger, which could then spread to the pilot’s navigational systems, since passenger cabins and cockpits often share internet routers.
Also, investigators found the aviation administration lacks an intruder-alert function and a tool to respond and recover from attacks. The system currently only reacts to cyberattacks, it doesn’t prevent them.
Without a comprehensive plan, some components of NextGen could be left vulnerable, while others are overprotected. As a result, a carefully targeted cyberattack could cut off communications and navigation systems to operating aircraft relying on NextGen.
For example, a 2014 attack disabled air traffic control communications and aircraft tracking. Though the attack was caused by arson in a ground facility, a skilled hacker could damage the same functions remotely.
Also, NextGen’s Internet usage makes cybersecurity even more necessary. Investigators reported that if even one system were penetrated, it would be easy for a virus to be spread across the entire network, since NextGen’s components are so interconnected.
The Internet connects an estimated 36 percent of the national airspace systems, but that number will increase to 60 percent by 2020.
The aviation administration doesn’t plan on developing a comprehensive cyber-security system because doing so would be “expensive and time-consuming to accomplish and maintain,” the accountability office said.
However, aviation officials told the accountability office “that they have not determined the funding or time needed” to develop such a system.
The Washington Examiner previously reported that the aviation administration also doesn’t practice “cyber hygiene,” like using passwords with expiration dates.
