U.S. officials have been prompted to re-energise efforts to identify airliners’ vulnerability to hacking amidst concerns that planes could be targeted in cyberattacks
The revived program, led by the Department of Homeland Security, the Pentagon and Transportation Department, aims to identify cybersecurity risks in aviation and improve U.S. cyber resilience in a critical area of public infrastructure.
Few details have been released on the program but says it will involve some limited testing of actual aircraft.
“Improving the cybersecurity of aviation and, indeed, all areas of critical infrastructure, is an admirable goal.
“However, a stopgap, after the fact effort to evaluate security will provide only temporary benefits. To effect real and lasting change in critical infrastructure cybersecurity, the organisations that create the software products that are used in critical infrastructure must themselves be infused with secure software development practices.
“This includes a software development life cycle that considers security at every stage as well as the use of more and better testing tools such as source code analysis, software composition analysis, and fuzz testing.” , Jonathan Knudsen, senior security strategist at Synopsys
“Over the years, not only have airlines implemented more digital systems, but more people have gained the skills needed to poke and prod at networks, be that out of curiosity or with malicious intent.
“In such a climate, increased testing can only be a good thing. Gone are the days where systems could be tested once a year and signed off with a clean bill of health. Rather, security assurance should now be a continual and ongoing effort to ensure that any vulnerabilities can be fixed in the shortest time possible.” Javvad Malik, security awareness advocate at KnowBe4
