US GAO Calls for Greater Cybersecurity for Commercial Airplanes

  • The US Government Accountability Business office (GAO) has urged the Federal Aviation Administration to take action to better secure modern-day business airplanes from cyber-dangers.

    In a submit on its website, the GAO wrote: “Modern airplanes are outfitted with networks and techniques that share data with the pilots, passengers, maintenance crews, other plane and air-website traffic controllers in methods that have been not earlier feasible.

    “To date, considerable cybersecurity controls have been executed and there have not been any reviews of productive cyber-assaults on an airplane’s avionics devices. However, the rising connections among airplanes and other systems, mixed with the evolving cyber-danger landscape, could lead to growing hazards for long term flight security.”

    The company warned that if avionics units are not appropriately guarded, they could be at risk to a wide range of potential cyber-attacks, with vulnerabilities happening due to factors this sort of as very poor patch management, insecure provide chains and out-of-date devices.

    The GAO has thus established out a 6-piece cybersecurity advice guidebook to govt action.

    Commenting on the information, Tim Mackey, principal security strategist at the Synopsys CyRC, mentioned: “Aircraft, like passenger autos, have found an increase in computerization with application controls getting an integral element of modern day flight systems. As with vehicle techniques, aircraft have a lengthy lifespan – that means that the software package applied in flight functions, both onboard aircraft and as section of flight activities, will be in use for much extended than that identified in buyer situations.”

    Effectively handling cybersecurity with extensive lifecycle solutions involves anticipating future threats when creating threat versions, he additional.

    “For illustration, in current decades the concept of a software program source chain vulnerability has become front of mind as the expansion of open up resource computer software usage grew. This sort of attacks can concentrate on not only open up source software package, but the industrial program constructed making use of compromised factors. Detecting these types of assaults is demanding in portion due to the probable for an attacker to mask their destructive code inside of a resolve for an impartial, but reputable software package bug. Although the major objective of such an attack may be monetary, were being a element compromised in this manner to be applied in flight operations, it could present an opportunity for a different malicious team to focus on an airline or airline functions. This is an example of how attackers determine the rules of their attacks and use the prospects offered to them and is also an illustration of the types of threats highlighted by the GAO.”