ADVERTISEMENT
Manila Bulletin devider Philippines devider Cybersecurity seen as rising risk for airlines after 9/11

Cybersecurity seen as rising risk for airlines after 9/11

Published Sep 11, 2021 09:50 am

New York, United States --- After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety.

Since the tragedy 20 years ago on Saturday, airlines, and airports have fortified cockpits, barred sharp objects in carry-on luggage, and improved technology to detect explosives.

(AFP/NELSON ALMEIDA)

"We are more secure," said Willie Walsh, director-general of the International Air Transport Association.

Many of today's security risks are now viewed as targeting the networks and hardware planes and airlines rely on.

From the gradual shift to electronic tickets to the management of jet fuel, even more aspects of aviation go through digital channels now than they did two decades ago.

"We must stay ahead of emerging security threats," Walsh said. "To do this effectively, we need to take a more integrated approach on things like cyber risks, drones, and insider threats."

New entry points

Beyond new airline security rules mandated by governments worldwide, security experts say potential hijackers face an additional challenge: other passengers.

"Because of 9/11, if you're sitting in the airplane, and someone jumps up and tries to enter the cockpit, the passengers themselves are going to fight back and prevent that from happening," said Dan Cutrer, an expert in aviation safety at Embry-Riddle Aeronautical University.

However the embrace of digital technology has created new opportunities for trouble, with hackers able to penetrate systems through suppliers' software, online services or WiFi offered to passengers.

Experts consider the potential for a hacker to take control of the plane itself as unlikely since flight controls are separate from systems used by customers.

Even if plane systems "may exhibit cybersecurity weaknesses, they're not an attractive target for most actors because of the required access and expertise, plus the risk of loss of life," said Katelyn Bailey of cybersecurity company FireEye.

A realm of potential vulnerability is the communication system between pilots and air traffic controllers, said Pablo Hernandez, a researcher at Innaxis Research Institute.

The conversations "are open and they're not encrypted or confidential," he said. "Anyone with the right radio can join into this conversation."

However, key flight systems needed to run the plane and air traffic have been well secured, Hernandez said.

There have been some notable hacks of ground or ancillary systems, including a 2020 data breach at British airline EasyJet that exposed the personal data of some nine million customers.

There were 1,260 incidents last year against airlines and other aviation bodies, such as airports, according to Eurocontrol, an intergovernmental organization that supports European aviation.

"Every week, an aviation actor suffers a ransomware attack somewhere in the world, with big impacts on productivity and business continuity," Eurocontrol said in a note published in July.

Airports use "best practices" to try to mitigate this risk.

This includes sending employees fictitious emails with links such as the ones devised by hackers; workers who click on them then receive additional training, said Christopher Bidwell, senior vice president at the Airports Council International, North America.

Money and espionage

The implications of cyberattacks are significant for airlines.

"In the aviation industry, you can't have downtime," said Deneen DeFiore, chief information security officer at United Airlines. "Any system outage or disruption would be detrimental to any company."

Most hackers are motivated by money. They use or sell stolen credit card data or financial information and sometimes demand ransom from companies to recover their systems.

However, Bailey of FireEye said that because they often target the data of passengers, some hackers may be connected to states and engaged in espionage.

The airline industry benefited from the 2014 creation of an information-sharing body, Aviation ISAC, focused on cybersecurity, said United's DeFiore.

She considers cyberattacks an emerging risk throughout aviation that needs to be taken seriously by everyone from air safety directors to maintenance teams.

ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.