Sponsor Message:
Civil Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Air Traffic Control Vulnerable To Cyberattack  
User currently offlineMadameConcorde From San Marino, joined Feb 2007, 10862 posts, RR: 38
Posted (5 years 2 months 4 days 2 hours ago) and read 2761 times:

Is this article realistic? Can the US Air Traffic Control systems be attacked by hackers? If true they better look into it before it is too late and the hackers bring planes down.

Study: US Air Traffic Control Vulnerable to Cyberattack

U.S. air traffic control systems are at high risk of attack due to their links to insecure Web applications run by aviation authorities around the country, according to a U.S. Department of Transportation audit.

http://www.pcworld.com/businesscente...rol_vulnerable_to_cyberattack.html


There was a better way to fly it was called Concorde
15 replies: All unread, jump to last
 
User currently offlineMke717spotter From United States of America, joined Dec 2005, 2434 posts, RR: 5
Reply 1, posted (5 years 2 months 4 days 1 hour ago) and read 2740 times:

They had this kind of scenario in the most recent season of 24. Whether or not it can actually happen, I'm not sure...


Will you watch the Cleveland Browns and the Detroit Lions on Sunday? Only if coach Eric Mangini resigned after a loss.
User currently offlineIAHFLYR From United States of America, joined Jun 2005, 4790 posts, RR: 22
Reply 2, posted (5 years 2 months 4 days 1 hour ago) and read 2714 times:

I really doubt that the computers and software used to actually control the sky has any connection to the internet.


Any views shared are strictly my own and do not a represent those of any former employer.
User currently onlineFlighty From United States of America, joined Apr 2007, 8369 posts, RR: 3
Reply 3, posted (5 years 2 months 4 days ago) and read 2706 times:

They do that in the movie Sneakers. It's a little spooky because the fun-loving characters in the movie joke about "anybody want to crash a passenger jet," which isn't funny at all.

User currently offlineGoldenshield From United States of America, joined Jan 2001, 5959 posts, RR: 14
Reply 4, posted (5 years 2 months 4 days ago) and read 2670 times:



Quoting Flighty (Reply 3):
They do that in the movie Sneakers. It's a little spooky because the fun-loving characters in the movie joke about "anybody want to crash a passenger jet," which isn't funny at all.

It's one of the signs of a psychopath, is all.  Wink



Two all beef patties, special sauce, lettuce, cheese, pickles, onions on a sesame seed bun.
User currently offlinePhoenix9 From Canada, joined Aug 2007, 2546 posts, RR: 8
Reply 5, posted (5 years 2 months 3 days 23 hours ago) and read 2647 times:

And why is this information being made public? It is a fairly serious security issue and I'm sure some unscrupulous people have taken notice of this.


Life only makes sense when you look at it backwards.
User currently offlineMir From United States of America, joined Jan 2004, 21421 posts, RR: 56
Reply 6, posted (5 years 2 months 3 days 19 hours ago) and read 2555 times:



Quoting MadameConcorde (Thread starter):
If true they better look into it before it is too late and the hackers bring planes down.

They'd also have to remove all the protections of TCAS, have the weather be at a point where see-and-avoid was impossible, and jam up the radio frequencies so that pilots can't talk to one another.

A hack into the ATC system is something that needs to be addressed, but should one happen, there would not be airplanes falling out of the sky. More likely, it would interfere with the ability of controllers to do their jobs, and the controllers would then reduce the airspace capacity to compensate. Delays would be massive and widespread, but whatever airplanes were able to takeoff would be safe. After all, you can separate aircraft with nothing more than a radio.

-Mir



7 billion, one nation, imagination...it's a beautiful day
User currently offlineEghansen From , joined Dec 1969, posts, RR:
Reply 7, posted (5 years 2 months 3 days 17 hours ago) and read 2502 times:



Quoting Phoenix9 (Reply 5):
And why is this information being made public? It is a fairly serious security issue and I'm sure some unscrupulous people have taken notice of this.

Because this is the United States and we have such things as a Constitution with a Bill of Rights that guarantees freedom of the press and laws such as the Freedom of Information Act which prohibits the government from keeping matters of public safety secret.....


User currently offlineDingDong From United States of America, joined Jan 2007, 661 posts, RR: 0
Reply 8, posted (5 years 2 months 3 days 16 hours ago) and read 2485 times:



Quoting IAHFLYR (Reply 2):
I really doubt that the computers and software used to actually control the sky has any connection to the internet.

In 2007, there was an IBM security researcher who hacked into a nuclear power plant and within a week, had access to the actual control systems via the Internet. Who's to say this isn't also an issue for ATC systems? Maybe, maybe not. But I've read too many stories about critical systems being hacked via the Internet to not dismiss this claim out of hand forthright without knowing more about how the ATC computer network is actually connected.

I would frankly hope they implemented it without touching any outside networks, though.



DingDong, honey, please answer the doorbell!
User currently offlineDingDong From United States of America, joined Jan 2007, 661 posts, RR: 0
Reply 9, posted (5 years 2 months 3 days 16 hours ago) and read 2479 times:



Quoting Phoenix9 (Reply 5):
It is a fairly serious security issue and I'm sure some unscrupulous people have taken notice of this.

According to my buddies in the security field who has direct access to non-public information, they just say that the bad guys already had an interest in this stuff for quite a while now, long before any public disclosures.

Publicity isn't going to lead the less scrupulous to sit up and take a sudden interest. Those who are truly dangerous already tried it (speaking of general sensitive control system access, not necessarily ATC's) -- some with some sort of success. The 'script kiddies' who reads this stuff and acts on it are more likely to be caught by leaving a noisy trail by now-more-alert operators.

The issues are already known as are the fixes. Publicity is of particular concern if the fixes (or suitable workarounds) weren't known or available to those who needs it.

With that said, there is honestly no real good reason why mission critical systems should ever be directly accessible to an outside network -- especially the Internet. These types of systems honestly has to be hardened since in a war, they're going to be the first things attacked by foreign operatives or sympathizers.



DingDong, honey, please answer the doorbell!
User currently offlineIAHFLYR From United States of America, joined Jun 2005, 4790 posts, RR: 22
Reply 10, posted (5 years 2 months 3 days 6 hours ago) and read 2399 times:



Quoting DingDong (Reply 8):
But I've read too many stories about critical systems being hacked via the Internet to not dismiss this claim out of hand forthright without knowing more about how the ATC computer network is actually connected.

I'm certainly no internet or computer surgeon, but in order to hack into something via the internet wouldn't the system which is being hacked into need to be connected to the web in some manner?

Quoting DingDong (Reply 9):
With that said, there is honestly no real good reason why mission critical systems should ever be directly accessible to an outside network -- especially the Internet. These types of systems honestly has to be hardened since in a war, they're going to be the first things attacked by foreign operatives or sympathizers.

 checkmark 



Any views shared are strictly my own and do not a represent those of any former employer.
User currently offlineLincoln From United States of America, joined Nov 2004, 3887 posts, RR: 8
Reply 11, posted (5 years 2 months 1 day 21 hours ago) and read 2256 times:



Quoting IAHFLYR (Reply 10):
I'm certainly no internet or computer surgeon, but in order to hack into something via the internet wouldn't the system which is being hacked into need to be connected to the web in some manner?

Either directly or indirectly... Say that you have the ATC system(s) isolated from the Internet, but there's a system/terminal connected to the ATC system(s) that also has access to the Internet. It's conceiveable that a malicious party could compromise that terminal via the Internet, then use it as a springboard to the ATC system.

(Hacker's PC) -> --Internet-- -> (System with access to secure system) -> --Secure network -- -> (Secure system to be compromised)

It's the old "a chain is only as strong as the weakest link" thing, in this case the system with dual access is the weakest link in the chain of the "secure" network



CO Is My Airline of Choice || Baggage Claim is an airline's last chance to disappoint a customer || Next flts in profile
User currently offlineOsiris30 From Barbados, joined Sep 2006, 3186 posts, RR: 26
Reply 12, posted (5 years 2 months 1 day 20 hours ago) and read 2237 times:



Quoting Mir (Reply 6):
They'd also have to remove all the protections of TCAS, have the weather be at a point where see-and-avoid was impossible, and jam up the radio frequencies so that pilots can't talk to one another.

Yes because the economic disaster of taking down the ATC system wouldn't be huge. It's not always about the direct cost in lives you know. You could cripple the US Economy at a very delicate time. I would wager shutting down the ATC system for a day or two would be the final tipping to a much bigger issue.

Quoting Phoenix9 (Reply 5):
And why is this information being made public? It is a fairly serious security issue and I'm sure some unscrupulous people have taken notice of this.

Security through obscurity NEVER works. There is *no* difference in releasing this information and keeping it secret. Either way, the relevant parties on either side know about it.



I don't care what you think of my opinion. It's my opinion, so have a nice day :)
User currently offlineAirNZ From , joined Dec 1969, posts, RR:
Reply 13, posted (5 years 2 months 1 day 19 hours ago) and read 2214 times:



Quoting Phoenix9 (Reply 5):
And why is this information being made public? It is a fairly serious security issue and I'm sure some unscrupulous people have taken notice of this.

Quite simply because anyone who has the inclination/will to do it already knows it. Do you really think terrorists go around reading newspapers etc. in order to get information?
Bit of over-reaction as well as the reality pointing to there is no real benefit in disabling the ATC system for that purpose.


User currently offlineMir From United States of America, joined Jan 2004, 21421 posts, RR: 56
Reply 14, posted (5 years 2 months 1 day 19 hours ago) and read 2190 times:



Quoting Osiris30 (Reply 12):
Yes because the economic disaster of taking down the ATC system wouldn't be huge. It's not always about the direct cost in lives you know. You could cripple the US Economy at a very delicate time. I would wager shutting down the ATC system for a day or two would be the final tipping to a much bigger issue.

The economic implications would be huge, no doubt, and that's exactly why this sort of thing has to be guarded against very seriously. My comment was in reference to the idea that terrorists could bring down airplanes by messing with the ATC system, which is a stretch.

-Mir



7 billion, one nation, imagination...it's a beautiful day
User currently offlineLincoln From United States of America, joined Nov 2004, 3887 posts, RR: 8
Reply 15, posted (5 years 2 months 1 day 19 hours ago) and read 2175 times:



Quoting Osiris30 (Reply 12):
Security through obscurity NEVER works.

It arguably causes more damage when the vulnerability is eventually utilized for evil than just disclosing the flaw in the first place.

For example, if you know that the lock on your front door is broken, you're more likely to take other precautions (or just fix the lock) than just trusting the lock as you likely would if you beleived that the lock was in good working order.

On the other hand, if the manufacturer knew that there was a defect with the lock and didn't tell you you would be left with a false sense of security and I can pretty much gaurntee who cared about compromising the lock either already knows or can figure out what the issue is.

There is little benefit to either over reacting or burrying your head in the sand; security through obscurity or just plain denial ("What potential vulenerabilities? There's nothing to worry about! Everything is just peachy!") won't actually fix the problems.

Lincoln



CO Is My Airline of Choice || Baggage Claim is an airline's last chance to disappoint a customer || Next flts in profile
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
DAY Could Lose Air Traffic Control Tower To CMH posted Mon May 8 2006 19:48:27 by KarlB737
Delayed Due To Air Traffic Control Constraints? posted Thu Nov 27 2003 04:36:34 by Corbin
Listening To Air Traffic Control posted Sun May 7 2000 20:43:40 by Catfan
Air Traffic Control Art Video posted Wed May 14 2008 20:11:13 by FlyDeltaJets87
Help With Research Paper On Air Traffic Control posted Wed Apr 30 2008 00:21:38 by Apollo13
Inside FAA's NextGen Air Traffic Control System posted Mon Jul 23 2007 20:31:05 by GothamSpotter
An Official Air Traffic Control Strike In Italy posted Tue May 22 2007 11:15:51 by OA260
Actual Air Traffic Control Transmissions.. posted Tue Feb 6 2007 06:40:31 by Jmhluv2fly
Work On ORD Air-Traffic Control Tower Begins posted Fri Dec 1 2006 17:40:09 by KarlB737
A380 And Air Traffic Control posted Tue Oct 3 2006 04:42:57 by Tockeyhockey