By Martha Vazquez and Adam Lotia
Early this week United Airlines delayed flights at approximately 8am for “proper dispatching information.” This has caused heads to tilt because just recently a security researcher, Chris Roberts was removed from a flight after he joked about finding vulnerabilities in United’s airplane control systems through the inflight entertainment [IFE] systems. United Airlines has not said much regarding the issue, nor have other airlines or manufacturers spoken up about the potential security threat. Even the FBI’s report around the incident with Roberts is pretty light on what is being done to stop these kinds of security threats. Roberts claims he has asked airline industries to close the loopholes in multi-system requests, with no results. Because of the United’s lack of response and tight-lipped disclosures of the situation, concerns are on the rise and for good reason. We should be concerned that our computerized systems of passenger aircrafts could be hacked so easily.
Gogo and Panasonic, two of the companies within the connected aircraft space, are still pushing forward with various inflight electronics and more connectivity, yet no mention of added security. But, Gogo and Panasonic aren’t the only ones; an Irish firm, InFlight Dublin, is working on portable connected systems for smaller regional jets. However, none of these various systems providers talk about vulnerabilities.
This also comes at a time when we are looking at connecting every possible “thing” in the airline industry overall. Obviously vulnerabilities exist in the planes as well throughout the various support systems – we strongly believe that anything that is connected can be compromised.
At JBA, we speak to many companies regarding how they see security and one thing that stands out is how no one really ever wants to share too much. By not sharing, people are being kept in the dark of the potential security flaws that exist and the companies are neither confirming nor denying anything at all.
None of us like to expose our weaknesses so it is easy to understand that an industry without a good and defensible story on the subject might want to keep quiet. But as the saying goes, the first step is to recovery is admitting you have a problem. Let’s talk about before it’s too late for an intervention!