Protecting Civil Aviation from Cyberattacks (CRS Report for Congress)
| Release Date |
June 18, 2015 |
| Report Number |
IN10296 |
| Report Type |
Insight |
| Authors |
Elias, Bartholomew |
| Source Agency |
Congressional Research Service |
Summary:
Cybersecurity is a growing concern for civil aviation, although the significance of reports in May that a computer security researcher hacked into aircraft control systems while flying as a passenger aboard commercial jets is still unclear. The probe into the alleged hacking incidents unfolded just weeks after the Federal Bureau of Investigation (FBI) and the Transportation Security Administration (TSA) alerted airlines to be on the lookout for passengers trying to tap into aircraft electronics and for evidence of tampering or network intrusions. It is not just systems aboard aircraft that are potentially vulnerable. The ongoing transformation from stand-alone navigation equipment, radar tracking, and analog two-way radios to highly integrated and interdependent computers and digital networks, both onboard aircraft and in air traffic control facilities, creates inherent security vulnerabilities. In April 2015, a Government Accountability Office (GAO) study found that the Federal Aviation Administration (FAA) faces ongoing challenges to protect air traffic systems from cyberattacks, and warned that the increasing interconnectedness of aircraft systems makes them vulnerable to unauthorized remote access. Air traffic control systems and airport and airline information technology systems have been identified as critical transportation infrastructure covered under national policy to strengthen security and resilience to cyberthreats. Although federal laws, criminal statutes, regulations, and oversight all play roles in cybersecurity, much of the responsibility rests with industry working groups that develop standards and guidelines for air carriers and equipment manufacturers to follow.
