Looking to harden the nation’s aviation systems against cyberattack, a member of the US transportation security agency has announced plans for new cybersecurity requirements, in response to the recent denial-of-service attacks on the websites for several US airports. These requirements, which are to be targeted toward critical aviation systems, follow on earlier updates to aviation security programs which require airports and airline operators to “designate a cybersecurity coordinator and report cybersecurity incidents, conduct a cybersecurity assessment, and develop remediation measures and incident response plans.”
Additionally, last month, to encourage consideration of cybersecurity, the FAA released a notice stating airports must “consider and address physical and cyber security risks relevant to the transportation mode and type and scale of the project” as a condition of airport terminal grants. This follows a 2020 report from the GAO which stated the FAA should drive the implementation of practices which can help address cybersecurity risks.
While there are no reports yet of successful cyberattacks on the avionics of an airplane, the same GAO report noted the increased number of networks sharing data on airplanes do make them a target.
Source:
