Virtually everything that’s connected to the internet can be hacked.
With that in mind, questions have been raised over the past few years regarding whether the increasing digitization of airline operations and flight controls puts in-flight aircrafts at risk of becoming the victims of cyber threats.
The DHS isn’t ruling out the possibility of remotely hacking an airplane
The U.S. Department of Homeland Security (DHS) reported in government documents, obtained by Motherboard, that it’s “only a matter of time” before cyber criminals are able to hack and remotely control an airplane.
“Potential of catastrophic disaster is inherently greater in an airborne vehicle,” a section of a recent presentation from the Pacific Northwest National Laboratory (PNNL), a Department of Energy government lab, reads.
WATCH: “That data is pretty easy to get” High-profile hacks have experts urging caution
The presentation discussed methods used to identify vulnerabilities in commercial aircraft, which expanded on research where the DHS successfully hacked a Boeing 737 by remote means late last year.
The document adds that it’s only “a matter of time before a cyber security breach on an airline occurs.”
Aircraft manufacturers are aware of the risk, and they’re responding
According to Greg Phillips, head of the Department of Electrical and Computer Engineering at the Royal Military College of Canada, the cybersecurity of commercial aircraft is indeed a major concern for the industry, but not one that aircraft manufacturers are unaware of.
“Any significant systems that involve human life are potentially targets for hacking, and that’s everything from the power grid to the water supply to the sewer to any kind of transportation, so aircraft, rail, etc. They’re all potentially vulnerable because they’re all controlled by computers, so yeah, we do need to worry about them,” explained Phillips.
He adds, however, that airlines are “acutely aware” of the threat and are evaluating their systems as we speak.
“I do know that all of the major aircraft manufacturers are acutely aware of this and they are looking at evaluating their systems for risk, and they’re looking at identifying ways of mitigating the risk,” said Phillips.
A representative from Airbus also responded to Global News’ request for comment on the severity of these risks.
WATCH: NDP calls out feds inaction after news of banking breach by hackers
“This is an industry issue, and one that we take seriously. However, we do not see any way for this to happen today, and we are constantly reviewing our systems and security procedures to continue to protect against potential cyber-attacks,” said a representative in a statement.
Aircraft manufacturers are currently working on redesigning systems that weren’t originally built with cybersecurity in mind to either remove vulnerabilities entirely or prevent those vulnerabilities from leading to security emergencies.
WATCH: What you should do if your email gets hacked
“This is, in a sense, very, very similar to what commercial computer manufacturers are doing all the time by adding antivirus and anti-malware to their systems. It’s very similar to what internet service providers are doing all the time where they’re finding ways to shut down attacks on the network,” he said.
Is it possible for cyber criminals to remotely control airplanes today?
In short, the answer to this question is probably not, though he won’t rule it out entirely.
He explained that the chance of a cyber criminal finding a way to remotely bring down an airplane — undoubtedly the greatest fear among passengers and industry experts — is possible in theory, but he calls it “a long shot.”
He explained that the networks which control the aircraft are built so in-flight airplanes cannot be impacted by any items on the ground.
“You’d have to be able to communicate with the aircraft either on the ground or while it’s in flight, and ideally what you’d want to be able to do is communicate with it in real time so you could tell it to do something like go into a power dive right now and kill everybody,” said Phillips.
WATCH: The West Block Primer: Election Hacking
“Doing that is just really hard, because aircraft do have digital communications systems that run through computers, but they are quite specialized and they don’t provide any ability for items on the ground to affect the in-flight systems,” he explained.
There has been some research that cyber criminals could find a way into the system through other channels, such as the networks that control the entertainment systems on the plane or through one of the flight control systems’s mandatory software updates.
WATCH: Hackers can exploit built-in speakers of smartphones and devices
However, he says this is unlikely because there is no known way to bridge between the networks which operate the main flight controls versus the networks that operate the in-flight Wi-Fi and entertainment systems, though there has been some research suggesting this can be done.
Are airplanes safe today?
For now, yes. Phillips emphasizes that, though the technical skills of cyber criminals are improving every day, we haven’t reached the point where remotely controlling an aircraft is comparable to a hacker sending out an email phishing scam, or taking advantage of the security vulnerabilities in personal devices to deploy a virus.
In other words, cyber criminals gaining control of in-flight aircraft is not currently an imminent threat. Phillips adds that if you asked him tomorrow to get on a plane, he absolutely would.
“Yes, absolutely. I believe commercial aircraft are perfectly safe at the moment.”