Since Sept. 11, 2001, the airline industry has been one of the fastest industries to upgrade their security procedures and protocols against various threats, both present and perceived.
Threats from possible terrorist bombs and improvised explosive devices have been curbed, and not one American plane has been hijacked since the tragic events of that fateful day.
However, hackers don't need to board an airplane to gain control of the systems set in place to control it.
Though cybersecurity breaches can cause devastating financial losses, losses to reputation, and threaten passenger safety; hacking the internal flight control systems of a passenger airplane or a fighter jet isn't something independent hackers would do for personal financial gain, rather it's something they would utilize for warfare.
A brief history
Prior to 9/11, the vast majority of attacks on the aviation industry were focused on infrastructure: forged security badges from various fictitious law enforcement agencies, spear phishing employee information at multiple levels in order to gain access to passwords, code words and access codes.
Usually the furthest aim was mafia-related robbery, as it was with the Lufthansa heist at John F Kennedy International Airport in December of 1978. At its worst: terrorist hijacking.
At DEF CON in 2004, hacker Jeremy Hammond stated, "If you’ve got your eye on Boeing, go for it. Download the code, modify the code just a little bit. I’d love to see those [expletive] go down."
During a hearing for the House subcommittee on National Security, Chairman Rep. Jason Chaffetz (R-Utah) stated in July of 2011 that the Transportation Security Administration suffered more than 25,000 security breaches in U.S. airports since 2001. This number goes up significantly when airports around the United States are taken into the equation.
The UK’s split from the EU through Brexit brings about major issues in cooperation between agencies in the United Kingdom and various agencies spread across the 27 countries in the European Union.
On June 21, 2015, LOT, the Polish national airline brought to light that an IT attack was responsible for 20 flight cancellations and delays after a hack prevented the creation of flight plans for planes departing Warsaw Chopin Airport.
More recently, in May of 2016, Egypt Air flight MS804 from Paris to Cairo disappeared off the coast of Alexandria, Egypt. The only wreckage recovered was two possible modules and a black box flight recorder, from which officials have yet to recover information.
In the United States, the number of airport security breaches since 2011 has gone down significantly, which would make the case that inter-agency cooperation and the changes implemented in aviation IT security have been working, but what has worked in the past and what works today does not promise tomorrow.
Sign up for CIO Asia eNewsletters.