US GOA Calls for Greater Cybersecurity for Commercial Airplanes


The US Government Accountability Office (GOA) has urged the Federal Aviation Administration to take action to better protect modern commercial airplanes from cyber-risks.

In a post on its website, the GOA wrote: “Modern airplanes are equipped with networks and systems that share data with the pilots, passengers, maintenance crews, other aircraft and air-traffic controllers in ways that were not previously feasible.

“To date, extensive cybersecurity controls have been implemented and there have not been any reports of successful cyber-attacks on an airplane’s avionics systems. However, the increasing connections between airplanes and other systems, combined with the evolving cyber-threat landscape, could lead to increasing risks for future flight safety.”

The agency warned that if avionics systems are not properly protected, they could be at risk to a variety of potential cyber-attacks, with vulnerabilities occurring due to factors such as poor patch management, insecure supply chains and outdated systems.

The GOA has therefore set out a six-piece cybersecurity recommendation guide to executive action.

Commenting on the news, Tim Mackey, principal security strategist at the Synopsys CyRC, said: “Aircraft, like passenger cars, have seen an increase in computerization with software controls becoming an integral component of modern flight systems. As with vehicle systems, aircraft have a long lifespan – meaning that the software used in flight operations, both onboard aircraft and as part of flight activities, will be in use for far longer than that found in consumer situations.”

Properly managing cybersecurity with long lifecycle products requires anticipating future risks when building threat models, he added.

“For example, in recent years the concept of a software supply chain vulnerability has become front of mind as the growth of open source software usage grew. Such attacks can target not only open source software, but the commercial software built using compromised components. Detecting such attacks is challenging in part due to the potential for an attacker to mask their malicious code within a fix for an independent, but legitimate software bug. While the primary goal of such an attack might be financial, were a component compromised in this manner to be used in flight operations, it could offer an opportunity for another malicious group to target an airline or airline operations. This is an example of how attackers define the rules of their attacks and use the opportunities available to them and is also an example of the types of threats highlighted by the GAO.”



Source link

Recent articles

Watergate Led to Reforms. Now, Would-Be Reformers Believe, So Will Trump.

Among their ideas:Revise the authorization of force passed after Sept. 11, 2001, to prohibit humanitarian military intervention without additional votes by Congress and...

PlayStation Camera Adaptor Packaged in New PSVR Bundles in Japan

PlayStation VR works with PlayStation 5, Sony confirmed previously. However, PS4’s Camera requires an adaptor for playing PSVR titles on PS5, and the new PS5...

‘I Came From Nothing’: An Undocumented Writer Defies the Odds

I came from nothing. I created all of this world myself, just like my parents as immigrants created a world themselves. These kids...

At the end of the month, my son asks me to pay his rent and says, ‘You don’t want us to be evicted do...

My adult son lost his job when he became disabled. He is married with one child. His wife — who has degrees in...

Compositing and Scene Referred Data

Peetie writes: A tutorial about compositing in Blender while respecting the scene linear data. I would say it's a video on intermediate level, because...

2K Responds To NBA 2K21 Unskippable In-Game Ad Backlash

Earlier this week, 2K was in the hot seat once more when NBA 2K21 players noticed unskippable ads that prevented them from making...

Leave a reply

Please enter your comment!
Please enter your name here