Another security related article from the WSJ, this time about how a US FAA convened panel intends to prevent cyber attacks against airplanes and the airline industry:
When it comes to protecting flight-critical software from hackers, Mr. Sinnett said, the systems can accept only “specific bits of information at specific preordained times, and it is all preprogrammed.” As a result, he added, “there’s no way for the flight-control system to pull in something” from an unauthorized source.
Such software and cockpit interfaces aboard commercial jets are tested extensively and have such a wide array of embedded safeguards that they are considered virtually impregnable to direct attack by industry outsiders, according to these experts.
Yet that hardly means airliners are beyond the reach of hackers. The biggest current risks, experts believe, stem from aircraft links to ancillary ground networks that routinely upload and download data when planes aren’t flying—including information used for maintenance, sending various software updates and generating flight plans before takeoff like those that affected LOT earlier this month.
“Where we are weak,” says Patrick Ky, executive director of the European Aviation Safety Agency, is in ensuring that a maintenance or air-traffic control system can’t be hacked and used as a conduit to get at aircraft. “What is not being done today,” he said, “is to have a view of aircraft operations in their entirety,” recognizing all the potential outside hazards.
It is good to read how the airline industry recognizes they have cyber security shortcomings and are actively engaged in closing those gaps. If only more industries followed in their footsteps.