This issue is now getting a lot of attention. United just banned a passenger who is an IT cyber security expert, because the airline believes him to be a threat to their aircraft systems. We are not sure this was the best response from the airline.
The decision now will likely attract every IT person who flies to have at least a twinge of curiosity. IT people by training are smart and by nature inquisitive. Getting an IT person to accomplish just about anything can be done by saying these words “I bet you can’t….” – we know because we use it and it works every time. Smart IT people like these accept challenges because the determination to prove themselves to themselves is a constant driver.
Bear in mind in a knowledge economy, the IT worker is the sharp end of the sword. Which means that every IT person who flies United might now become a “threat” simply because among these curious people will be some who can’t resist trying out their capabilities to explore any system they can access. Post flight or even during flight the urge to say “I did it!” is going to be irresistible and will bring with it global fame and adulation from other IT people. These people are not being malicious. They don’t want to to hurt anyone. But United has now ensured its systems are very attractive to people with IT skills. Talk about unintended consequences.
But believe it or not, it gets worse. Now we see “the FBI and TSA have issued an alert to airlines advising them to be on the lookout for evidence of tampering or network intrusions.” Oh boy. Now if you are seen to be using an IT device, are you going to be watched closely by crew and fellow passengers? A passenger’s delight to escape the awful seating and crowded airplane environment has become a smartphone or tablet. That escape now is going to attract eyes who will want to see what you’re doing. This whole thing does not bode well for flying. Cabins have already become very uncomfortable places; with amazing intimacy among strangers seated cheek by jowl on 17 inch seats for hours on end. The well established protocol of looking off into the middle distance while your close, very close, neighbor watches a movie or types out emails or texts may be forever changed.
So can a person hack an aircraft? We would guess, most probably yes they can. It might be difficult and challenging. But not impossible. The on-board systems are created by programmers, so other programmers can understand the code if they can access it. The move to in-flight Wi-Fi means it becomes increasingly possible that a person with the right skills and IT tools probably can access something that normally would not be accessible. If people can hack banks and steal millions, why couldn’t somebody hack an aircraft’s systems? After all, on the face of it, you would expect a banks security systems to be far more secure. Yet we see banks hacked often.
The cat is out of the bag now that United has taken a stand. They can’t undo what they have done. In making this policy United, we fear, has put every airline on notice. And every passenger with IT skills or simply carrying a device into a cabin as well. And no airline is going to be secure enough to defeat repeated attempts at testing their systems by a global army of IT experts.