In the 15 years since 9/11, passenger air travel has changed significantly with a variety of measures put in place to ensure passengers’ safety and the nation’s security. Opportunities for physical terrorism are significantly reduced, and the measures have indeed prevented major incidents. However, an important question remains: Are we truly safer?
Despite leaps and bounds in physical security, there are new major security risks in the airline industry coinciding with the proliferation and increasing centrality of digital technology and information systems. Opportunities for those who seek to threaten the economy, political stability and safety are just as prevalent, if not more so, through cyber attacks.
The recent past has given us many examples of cybersecurity threats and actual incidents in passenger aviation: Chinese-origin hackers who stole millions of individuals’ information from the US government systems are said to have stolen customer data from two major US airlines. Polish flag carrier airline LOT was forced to ground its fleet when fake flight plans were loaded into its system by an unknown agent. In February, USA Today reporter Steven Petrow’s computer was hacked in mid-air while connected to in-flight Wi-Fi onboard an American Airlines flight from Dallas to Raleigh, N.C. Aircraft systems are increasingly connected to the Internet.
Even legacy point-to-point systems, generally considered to be limited in their risk of exposure to hacks, are becoming greater points of vulnerability due to the expansion of hybrid systems as modernization of onboard avionics and control systems take hold elsewhere in the ecosystem.