Risking chaos in the sky
Higher tech makes flight ops more vulnerable.
By Marvin Cetron
Pres, Forecasting Intl
An ATC meltdown could be just a few mouse clicks away, with dire consequences for controllers, professional pilots and the entire national airspace.
It happened in 1997. One afternoon, a teenage hacker in Massachusetts became curious about the local airport. Recognizing a possible vulnerability in its computer systems, he broke into the local phone company’s network and caused a crash that disabled the ORH (Worcester MA) telephone system for 6 hours.
The tower, security and fire departments, weather service and local air carriers all lost phone service. Also down were the control tower’s main transmitter, the aircraft-operated runway lights, and a printer that controllers use in monitoring local aircraft.
It could have been worse. At least that teen did not tamper with the air traffic control system itself. Today, a cyberwarrior could probably take it down. Not long in the future, an attack could seize the ATC system and reroute aircraft, or even take control of airplanes themselves.
Jeffrey Carr, principal investigator for the Project Grey Goose Report on Critical Infrastructure, reports that the study tried to find out whether hackers had already managed to disrupt utilities or ATC. He found more than 120 cases of successful attacks against the power grid since 2001. Of course, it might be simpler to tamper with GPS signals, causing chaos on the ground as well as in the sky.
Several months ago (Pro Pilot, Oct 2009, pp 16–22) we looked at the general issue of cyberwar and cyberterrorism. This time we examine what the risk of cyberattack means for professional pilots, and what it could mean in the future. There are some alarming possibilities.
“Cybersecurity is the soft underbelly of this country,” outgoing National Intelligence Dir Mike McConnell declared in 2009. He rated this problem equal in significance to the potential development of atomic weapons by Iran.
McConnell was not worried so much that hackers or spies could steal classified information from computers owned by government or the military, or by contractors working for them on secret projects. He was afraid they might erase it and thereby deprive the US of essential data. That kind of attack is not critically important for business aviation.
Free-enterprise hackers have been known to encrypt corporate data and hold it for ransom, but that is a matter for the execs at company headquarters. It is not likely to affect flight operations unless the firm has trouble paying its fuel and maintenance bills.
However, cyberattacks can be far more dangerous than that. An assault might alter or erase navigation information, radio and GPS data, and critical weather data that could lead a single flight astray or disrupt the national airspace. It also is possible to do real-world damage over the Internet. In Mar 2007, the Dept of Energy’s Idaho Lab conducted an experiment to determine whether a power plant could be compromised by hacking alone.
By sending malicious data that could have come over the Internet from anywhere in the world, they destroyed a $1-million diesel generator, leaving it smoking and on fire. Known as the Aurora vulnerability, this particular security weakness affects rotating machinery connected to the nation’s power grid.
Hackers exploiting it could cause any motor, generator, pump or turbine to spin out of control and self-destruct. Electric utilities, pipelines, railroads, and oil pipelines and refineries use remotely controlled and monitored valves, pumps, switches and other mechanisms that are vulnerable to attack.
In Jan 2008, a CIA analyst told American utilities that hackers had infiltrated electric companies in several locations outside the US. In at least one case, they had managed to shut off power to multiple cities. Although we have not been able to obtain confirmation, we take it for granted that main power to local airports went down, leaving control towers operating on backup generators.
There is no obvious reason why those generators could not have been taken down as well. Last year, the US Dept of Transportation (DOT) examined FAA’s ATC system and found it vulnerable to cyberattack. Not that this came as a surprise—a few months earlier, hackers gained access to personal information on some 48,000 people who had been on the FAA payroll during the previous 3 years.
In 2008, hackers had taken control of some FAA network servers. Although intrusions to that date had been limited to support systems, DOT’s inspector general warned that they could spread to computer systems that control communications, surveillance, and the flight information used to separate aircraft. According to the report, “In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations.”
FAA’s William J Hughes Technical Center, just outside Atlantic City NJ, is the birthplace of NextGen, with its many new opportunities for cyberattack.
Since our last look at cyberwar, there have been some significant developments in computer insecurity. There is reason to believe they point toward a challenging future for aviation, as well as for government and other industries. First came Operation Aurora (no relation to the Aurora vulnerability.)
This was the attack that famously targeted Google and 32 other companies including Lockheed Martin and Northrop Grumman. Active in Dec 2009 and Jan 2010, it was the 3rd major cyberattack believed to have originated in the People’s Republic of China. Its obvious purpose appears to have been to spy on the source codes for their software and gather information about their critical infrastructure.
Yet security experts believe there may have been at least 3 other goals—to test for security holes, to insert custom designed Trojan horses and worms so that the hackers could take over the target computers at will, and ongoing intelligence gathering. It was an extraordinarily sophisticated attack—one that computer security specialists say changed the threat model.
“Attackers used nearly a dozen pieces of malware [malicious software] and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity,” says McAfee VP Threat Research Dmitri Alperovitch. “We haven’t seen encryption in the public sector at this level. Ever.”
Based on the sophistication of the attack, Frank Sowa—a forecaster and computer security specialist—suspects that “these attacks left behind coding to conceal ongoing access at later dates, infecting computers, siphoning additional data, potentially taking over the hardware, making it unworkable, or even modifying data without detection.
“Attacks like those used for Operation Aurora can be used as stepping stones to take down critical infrastructures and launch attacks of mass disruption,” he adds. “They could target the power grid, chemical and petroleum plants, financial trading and banking systems, GPS uplinks and downlinks worldwide, the FAA ATC network—even missile defense systems.”