Everyone who has traveled by plane in the United States is aware of the extensive security measures taken to protect airlines and passengers alike. Everyone is required to pass through security technology, shoes have to be taken off, and carrying any liquids over a certain size is forbidden. Physically, passengers are able to experience how secure flights have become. However, not many people are aware of security measures that are being taken to protect a flight’s technology. Very recently, cybersecurity became a focal point of airport security, and the Cybersecurity Standards for Aircraft to Improve Resilience Act was passed as a response to growing concern.
Last year, the FBI became aware of just how vulnerable planes were to cyberattacks when an agent was basically able to hack into an airplane and make it change course. For years, there has been a burgeoning concern about the ease with which people are able to use perks like in-flight entertainment systems to gain control of air traffic control systems, navigation systems, and even the email accounts of fellow passengers. The focus on aviation security comes at a time in which cybersecurity in transportation has become a hot topic. This sort of security for cars was brought up in a bill last year, for example, to protect drivers and their personal information.
There has even been a push for the past two years to create a cyber division of the National Transportation Safety Board (NTSB.) The NTSB is a government faction that studies transportation accidents to determine what went wrong. This would be ideal, as many different organizations would have to come together to determine the cause of cybersecurity incidents, as well as with whom the blame lies. However, actually instituting such a sector of the NTSB has proven to be difficult.
Ironically, much of the government’s notion of security has been shaped by the aviation industry. It seems that, with the heightened security measures in airports and organizations like the NTSB, transportation has it all figured out. However, on a technological level, they still sorely lack a comprehensive security approach.
The threats being dealt with on the cyber front of the aviation industry are aviation specific. Hacking into a plan to change its course is just the tip of the iceberg. Creating an organization like the NTSB, or even just a section of the NTSB, to focus specifically on cybersecurity in transportation will only bring us closer to the level of security for which the United States aims in its aviation.