Senator Probes Airlines, Manufacturers About CyberSecurity

U.S. Senator Edward J. Markey (D-Mass.) has sent a letter to 12 domestic airlines and two airplane manufacturers requesting information on the cybersecurity protections on their aircrafts and computer systems.

The letters were sent to American Airlines, Delta Airlines, Southwest Airlines, United Airlines, JetBlue Airways, Alaska Airlines, Spirit Airlines, Frontier Airlines, Hawaiian Airlines, Allegiant Air, Virgin America, and Sun Country Airlines, as well as the airplane manufacturers Airbus and Boeing.

The letters, Markey’s office said, are part of his ongoing investigation of cybersecurity and privacy vulnerabilities of the transportation sector. A passenger earlier this year allegedly hacked into the inflight entertainment system from onboard a plane, potentially gaining access to the critical flight systems that control the movement of the aircraft.

The Government Accountability Office (GAO) issued an April 2015 report addressing the increasing connectedness of modern aircraft, raising important concerns about possible unauthorized access to aircraft avionics systems. 

“As technology rapidly continues to advance, we must all work to ensure that the airline industry remains vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” Markey, a member of the Commerce, Science, and Transportation Committee, wrote in the letter. “With these technological advancements come great benefits, including improved flight navigation, greater communications abilities, and greater operational efficiency.  However, as we have witnessed recently in the automobile industry, I am concerned that these technologies may also pose great threats to our security, privacy, and economy.”  

Markey asked for responses to questions including:

• What protections the company currently has in place to guard planes and systems against cyber-attacks

• Whether the company has installed in-cabin Wi-Fi capabilities, which could serve as possible entry points for cyber-attacks

• Whether the company conducts cybersecurity tests, either internally within the company or by independent third parties, for the purpose of identifying cybersecurity vulnerabilities

• Who is involved in conducting any cybersecurity testing on the company’s planes, and whether these individuals are subject to background checks

• Whether the company is aware of any actual or attempted cyber-attacks in the past five years

• What protections are used by the airlines to keep flight customer data secure, and whether that data is shared with third parties

• Whether the plane manufacturers continue to monitor planes for cybersecurity issues after the planes have been sold to airlines

• And, whether the company has collaborated with federal agencies and other industry stakeholders on cybersecurity issues.

Follow @RichTravelPulse