Cybersecurity’s Importance in Aviation Highlighted During SXSW

Pete Cooper, Deborah Lee James, Alan Pellegrini, and Elizabeth Wharton discuss the importance of cybersecurity in aviation during a SXSW panel (Photo: AirlineGeeks | Mateen Kontoravdis)

Every year, thousands of people from around the world come to Austin, Texas during the month of March to celebrate innovation, creativity and the arts at South by Southwest (SXSW). Panel discussions ranging from artificial intelligence to making politics go viral can be found throughout the various downtown hotels during the week of the interactive festival.

This year, multiple panels highlighted topics in the aviation industry, including one titled: “SkyHacking: Nose to Tail on Aviation Cybersecurity.”

The lineup for this panel featured four experts in the industry including Deborah Lee James, 23rd Secretary of the Air Force, and Alan Pellegrini, North American CEO for Thales Group. The speakers had one main goal for the event: highlighting to the audience, which consisted mainly of industry professionals and aviation enthusiasts, the importance of securing the technology onboard the thousands of aircraft currently flying around the U.S. and the rest of the world.

Cybersecurity has become a prominent point of discussion over the past few years in many fields. However, according to the panelists, it has not yet become as urgent of an issue in the aviation industry as it has in many others. Aviation’s first big breach was on April 15, 2015, when Chris Roberts, a passenger onboard a United Airlines flight, claimed to have taken over several systems of the aircraft through the in-flight entertainment (IFE) system.

Prior to the supposed 2015 hacking, between 2011 and 2014, he claimed to have hacked into IFE systems powered by Thales and Panasonic onboard Boeing and Airbus aircraft 15 to 20 times. During the April 2015 hacking, Roberts connected a modified ethernet cable from his laptop to the electronic box under his seat used for the IFE. He stated that he was able to hack into multiple systems and override code to issue a command to the aircraft to climb. Roberts, a cybersecurity consultant, claimed that he was just working to improve aircraft security.

The panel at SXSW denied that he was able to control any aircraft systems at any point during the flight in 2015, but referred to this incident multiple times while discussing the cyber threat that the industry is faced with today. Flying onboard a commercial flight in the U.S. is one of the safest ways to get from one place to another. Since 2009, zero passengers have died as a result of an aircraft incident in the U.S. involving an American carrier.

According to the panelists, aviation has become one of the most trusted industries in the U.S. as it has mastered the ability to ensure the safety of passengers and crew onboard every flight. But to keep this trust, all four speakers suggested that different sectors within the industry must prioritize operational and network security to be able to maintain the level of security and trust which has been nurtured over the years.

Most technological systems onboard planes have one level of defense in case of a security breach, but the panelists urged that more are required to keep planes as safe as they are right now in the future.

While no safety issues have arisen yet from any hacking related to aviation, the panel discussed the importance of being prepared for possible future attacks. Unfortunately, many airlines do not yet realize the potential risks and the current vulnerability of technology onboard airplanes. With all the technology onboard, aircraft rolling out of factories these days can be better described as flying computers.

This creates more platforms for hackers to take advantage of. In 2016, the Cybersecurity Division of the Department of Homeland Security was successful in accomplishing a “remote, non-cooperative penetration” of a Boeing 757.  Through radio frequency communications, the team of experts was able to successfully gain control of the aircraft while it was parked at an airport in New Jersey.

While the 757 is an older aircraft that is no longer produced by Boeing, there are still over 220 flying for the three U.S. legacy carriers and countless still flying around the world.

Elizabeth Wharton, Sr. Assistant City Attorney for the City of Atlanta and Hartsfield-Jackson International Airport, also touched on the importance of implementing better cybersecurity measures at airports around the nation. As aircraft maintenance and operations at the airport continue to depend more on technology, Wharton discussed how Atlanta’s airport is increasing its use of technology on the airfield via drones while also beefing up its cybersecurity.

Developing better security systems for technology onboard planes is not a top priority for many companies in the industry, as hacking has not yet caused any major threats to airliners. This needs to change as better information sharing between airlines, manufacturers and the government is key to keep technology onboard flights safe.

Today, it can cost an airline over $1 million to update just one line of code in the avionics system of just one aircraft. But if more airlines, manufactures and the government invest money to update security measures within the technology onboard aircraft and at airports, over time the risk of a cyber attack will lessen and so will the costs of maintaining a cyber-savvy fleet.

Former Air Force Secretary James suggested that there is not enough of a sense of urgency in aviation at present since there have not yet been any real threats to the technology onboard aircraft. She did, however, state that during her tenure at the Air Force, she witnessed multiple projects which tested situations where a hacker had overtaken an unmanned aerial vehicle operated by the U.S. military.

However, Secretary James said that there is still a lot of work to be done before we can be certain that technology onboard commercial planes are immune from cyber attacks.

As the panel discussion came to an end, Mr. Pellegrini added that we are currently in a transitional period from watching to acting in regards to fixing the problem the industry is faced with today. As various businesses work to protect themselves from cyber attacks, the aviation industry in the U.S. and around the world will surely follow and already are working hard to keep aviation as one of the safest and most trusted industries.

Mateen Kontoravdis

Mateen Kontoravdis

Mateen has been interested in aviation from a very young age. He got his first model airplane at six and has been airplane spotting since he was nine years old. He has always had a passion for aviation and loves learning about different aspects within the industry. In addition to writing for AirlineGeeks, Mateen is also an editor for his high school’s newspaper. You can also find him on Instagram (@Plane.Photos) where he enjoys sharing his aviation photography with thousands of people everyday.
Mateen Kontoravdis