Sen. Ed Markey wants to know what airlines and airplane makers are doing to protect their computer networks from hackers.
The Massachusetts Democrat sent a letter on Wednesday to 12 U.S. air carriers and two airplane manufacturers asking them about everything from the security of onboard Wi-Fi networks to the screening process for employees who do cybersecurity checks.
“As we have witnessed recently in the automobile industry,” Markey said in a statement, “I am concerned that these technologies may also pose great threats to our security, privacy, and economy.”
Automobile cybersecurity became a national issue in July when two security researchers demonstrated that they could remotely control a Jeep, including stopping it dead in its tracks. As car manufacturers add more electronic features, it becomes easier for hackers to penetrate the car’s core functions, like steering and braking. Markey previously raised concerns about the security of connected cars and the privacy of the data they generate.
U.S. officials consider airports and airlines to be “critical infrastructure” because of the importance and sensitivity of their operations. But the airline industry does not have to report cyberattacks to Congress, a fact that concerned some lawmakers who raised the issue at an Federal Aviation Administration hearing in August. The Government Accountability Office said in April that the FAA needed to do more to prevent intrusions into air-traffic-control towers and the airplanes themselves.
Markey’s letter asks airlines and manufacturers eight specific questions, including whether they know of specific cyberattacks in the past five years; how they protect and share customer data; and whether the manufacturers monitor their planes for vulnerabilities after selling the aircraft to carriers.
Major commercial airlines, concerned about a rising tide of cyberattacks, have established an industry team to prepare a cybersecurity proposal for the International Civil Aviation Organization, the United Nations agency that oversees non-military air traffic.
In May, a security researcher claimed that United Airlines’ in-flight entertainment system had vulnerabilities that would let him control the plane’s movements. The FBI said that, in February, the researcher had told them that he had previously taken over another plane’s systems and turned it sideways.
Photo via Aero Icarus/Flickr (CC BY SA 2.0)