Commercial aviation is focused only only one item more than making a profit – ensuring its safety record. Looking back over the industry’s history it is a very impressive record. There are literally hundreds of thousands of people in-flight at any given moment of the day. The odds of not arriving at a destination safely is amazingly low. In fact, the NTSB reports that for Part 121 carriers, there are 4.03 fatalities per million hours flown. The odds of having your life endangered while flying is very low – and it is certainly much more dangerous to drive an automobile.
Reassuring statistics then, right?
Well yes, but the world evolves. Take a look at this story from Bloomberg. This should certainly give anyone associated with commercial aviation pause. Flying is believed to be safe because of the industry’s record plus the fact that people within the industry are well trained to focus on safety first.
But there are people outside the industry with a desire to disrupt this. Take a look at the Cylance report here. As the Bloomberg article states: “….paints a picture of a persistent, aggressive operation aimed at undermining vital components of nations’ transportation systems, and highlights the growing danger that state-sponsored hacking poses to civilian infrastructure. ”
Commercial aviation needs to relentlessly focus on its cyber security vulnerabilities. Because it is a system, the threat can enter from the most obscure venue like a fuel supplier as Cylance points out. The likelihood of a cyber threat entering the system via a successful hack at a major airline is low – but not impossible. The typical reaction from the industry is to respond with “No Comment” whenever this issue is brought up.
While it is clear that information on protecting the industry needs to be kept secure, ongoing breaches at big companies offer no comfort. If US government agencies like the Navy and others can be breached, what can be assuredly secure? Even the the US Weather Service has been hacked. We expect interest in this area to keep growing both from within and without the industry.
The industry doesn’t speak about failed attempts and successful hacks of new, high-tech commercial airliners because it doesn’t want to alarm the traveling public, nor create “copy cat” attempts on aircraft once events have been publicized. Several incidents are known to industry insiders, and the good news is that behind the scenes, the OEMs and avionics manufacturers are taking action to review vulnerabilities and plug them. But with several million lines of code on a new airliner, that is an exceptionally difficult and time consuming task. Finding a back door that an outsourced programmer may have installed in an aircraft system is a painstaking task, as experts must examine every line of code.
There is a tradeoff between the use of open-source tools that are widely known by hackers, and the development of proprietary software that is not widely understood, engineered without back doors, and limits programmer ability to create them. Solutions are possible in today’s environment, but need the concerted effort of the industry to pull together with solutions.
“… the NTSB reports that for Part 121 carriers, there are 4.03 fatalities per million hours flown.” So, the longer the flight, the more likely it is that a fatality will occur… Shouldn’t the greater interest be in fatal events/million flights? There’s a lot of difference between boarding 100 60-minute flights/year from taking “only” ten 10-hour flights. With ten times as many flight cycles, there’s surely a change in risk.