Recent headlines have claimed that because the FAA Next Gen air control system uses unencrypted GPS signals, the system can be attacked, with false signals sent to planes in midair. These claims were made by a self-styled “cyber hacker” on CNBC on Monday June 3. CNBC had contacted the FAA but a spokesman told them the agency has an ongoing risk process in place and that any such identified risks were “security sensitive”. See the CNBC report online at http://www.cnbc.com/id/100784103 CNBC interviewed an expert on navigation systems, Prof. Todd Humphreys of UT, who told CNBC: “It ought to be obvious to the FAA. This is an obvious problem. This is something that’s using antiquated technology from the 1980s.”
Earlier, CNBC had reported how anyone could take control of an airplane from a remote location – again since the data signals are not encrypted. See report at http://www.cnbc.com/id/100634217 The claim was made at a cybersecurity conference in Amsterdam earlier this spring, reported by ComputerWorld blogger Darlene Storm: http://blogs.computerworld.com/cybercrime-and-hacking/22036/hacker-uses-android-remotely-attack-and-hijack-airplane
As with the power industry, now we see in the aviation industry, legacy systems designed when obscurity and difficulty of access were considered security features, have become extremely vulnerable because the state of technology has advanced – rendering obscurity transparent and access easy – while these systems did not.
Why are these risks not considered critical priorities for strategic impact and decision making?
Will it take tragedy and public indignation for progress? Where is the sense of urgency?
What do you think?