WASHINGTON
Hackers could
exploit inflight entertainment systems to fatally sabotage the cockpit
electronics of a new generation of airliners connected to the Internet, a
US government report warns.
It comes
weeks after a co-pilot crashed his Germanwings A320 into the French
Alps killing all 150 on board, prompting talk of airliners one day being
100 percent automated.
Inflight
cybersecurity is "an increasingly important issue" that the Federal
Aviation Administration (FAA) is just starting to address in earnest,
said the audit and investigative arm of the US Congress.
"Modern
communications technologies, including IP connectivity, are
increasingly used in aircraft systems, creating the possibility that
unauthorized individuals might access and compromise aircraft avionics
systems," the Government Accountability Office (GAO) report said.
CYBERSECURITY ASSURANCE
In
the past, the electronics used to control and navigate aircraft — known
as avionics — have functioned autonomously, said the GAO.
"However,
according to FAA and experts we spoke to, IP networking may allow an
attacker to gain remote access to avionics systems and compromise them,"
the GAO said.
In theory, firewalls
ought to protect avionics "from intrusion by cabin-system users, such as
passengers who use inflight entertainment systems."
But
four cybersecurity experts told the GAO that firewalls, being software
components, can be hacked and circumvented "like any other software."
The
FAA, the aviation authority of the United States, has yet to develop
regulations to make "cybersecurity assurance" for avionics part of its
process for certifying new aircraft.
FAA
officials told the GAO however that cybersecurity is an increasingly
important concern and that it is shifting its certification focus to
address it.
Gerald Dillingham, a
co-author of the GAO report, said the issue particularly affects a new
generation of Internet-connected aircraft that includes the Boeing 787
Dreamliner and Airbus A350.
To date,
he told AFP, there is no sign that any "bad actors" have successfully
planted a virus or malware into an avionics system.
"We
don't have any evidence that this has occurred and we are hoping that
raising this question will make it less likely to occur," he said.
PILOT REVIEW
Last
month's Germanwings crash, in which the captain was reportedly locked
out of the cockpit by his co-pilot, raised the spectre of robots one day
taking the place of humans at the controls to prevent a deadly repeat.
Responding
to the GAO report, Airbus said it was "constantly assessing and
revisiting the system architecture of our products with an eye to
establishing and maintaining the highest standards of safety and
security."
"Beyond that, we don't
discuss design details or safeguards publicly, as such discussion might
be counterproductive to security," its Washington spokesman Clay
McConnell told AFP by email.
In a statement to US media, Boeing said its aircraft are delivered with more than one navigational system available to pilots.
"No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval," it said.
"In
addition, other systems, multiple security measures, and flight deck
operating procedures help ensure safe and secure airplane operations."
No comments:
Post a Comment