Photo courtesy of Thinkstock
United States Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) — two longtime watchdogs of the aviation industry — have called on the Federal Aviation Administration to adopt robust regulations to ensure that aircraft and ground support equipment are not vulnerable to cyberattacks.
The two senators sent a letter to FAA Administrator Michael Huerta outlining their concerns and requests.
“As the steward of our nation’s aviation safety, it is the FAA’s responsibility to ensure that our aviation sector addresses cybersecurity vulnerabilities and threats,” said the Senators to Huerta. “As the Administration comes to a close and completes some remaining key priorities, we urge the FAA to initiate a rulemaking to ensure our aircraft, ground support equipment and operations and maintenance practices are protected from cyberattacks.”
A copy of the letter to the FAA can be found here.
In December 2015, Markey sent letters to 12 different airlines and two aircraft manufacturers to inquire about company protections and protocols against the threat of cyberattacks in relation to the integration of new technologies onboard modern aircraft. Seven airlines responded to Markey’s letter, and five did not. The five airlines (Alaska Air, American Airlines, Hawaiian Air, JetBlue, and United) that did not respond were represented in a collective letter from their trade organization, Airlines for America (A4A).
Among the findings:
• Airlines may experience frequent attempted infiltrations, but none have reported any successful attempts
• Aircraft manufacturers have not acknowledged any susceptibility to their avionics systems being hacked
• Cybersecurity testing by airlines is conducted unevenly and by different parties
• Uncertainty exists for whether background checks are standard for software installers
• There is collaboration, though inconsistent, with government agencies
• Information sharing across the industry may be uneven
• The impact of NextGen technology on cybersecurity is uncertain
• The FAA certification process involves some cybersecurity requirements
• On-flight Wi-Fi has not been universally adopted
• Airlines do not recognize the risk of hacking of in-flight entertainment systems as compromising critical avionics systems
In April, Markey introduced the “Cyber AIR - Cybersecurity Standards for Aircraft to Improve Resilience Act” to require the disclosure of information relating to cyberattacks on aircraft systems and establish standards to identify and address cybersecurity vulnerabilities to the United States commercial aviation system. The bill also seeks a report to study cybersecurity vulnerability of consumer Wi-Fi on planes.