Capitol launches new master of science in aviation cybersecurity, prepares students to protect the nation’s critical infrastructure

June 5, 2019

According to the operational arm of the Federal Aviation Administration (FAA), more than 43,000 flights manned by the Air Traffic Organization run daily, transporting passengers across millions of square miles of airspace.

Many of us are well-versed in the air travel routine: follow the 3-1-1 liquids rule when packing, remove shoes in the screening lane, oh, and remember hand sanitizer for your carry-on so you can ward off some of those germs! It seems we have the routine down pat – at least in the physical sense. What about when we’re talking back-end technologies, the ones that run everything from avionics software to baggage-handling systems? It gets a little more complicated.

In May 2019, the Institute for Critical Infrastructure Technology published a report, “Hacking Our Nation’s Airports,” that provides insight into the many areas that form the information and operational technology framework of airport operations, resulting in passengers being able to get to their destinations unscathed.

“As part of a nation’s critical infrastructure, airports are highly symbolic, integral to the economy,” the report notes. “For these reasons, airports are high-profile targets for malicious nation-state actors who seek high-profile attacks that will disrupt daily life, cause mass causalities, and damage a country’s reputation.”

In nearly all cases, the vulnerabilities can be linked to cyber, with ramifications ranging anywhere from an irksome baggage-handling system disruption to a deadly terrorist attack. Aviation agencies report increasingly higher numbers of cyberattacks with each passing quarter. For professionals in the industry, aviation is no longer only the task of flying airplanes. It has far-reaching implications in the global, environmental, integration, and security aspects of society.

77,000+ pieces of equipment. 517 airport control towers. 6,000+ airway transportation system specialists. 14,000 air traffic controllers. The FAA provides these statistics and more to illustrate the complex systems that work together to drive the aviation industry. A single glitch in any of the systems can be costly.

Airplane takeoff

The Institute for Critical Infrastructure Technology report describes some major aviation systems that are vulnerable to exploitation by cybercriminals.

Avionics Software

“Planes depend on millions of lines of code to operate safely,” the report explains. “Poorly developed code, which is often the result of irresponsible development practices on the part of the airline or its suppliers, can result in errors or vulnerabilities that can be exploited by bad actors and result in catastrophic impacts.”

Baggage Handling

Sound trivial? While baggage-handling system disruptions may often be more irritating than dangerous, these systems are some of the most accessible to hackers. Think about it – in order to compromise a baggage-handling system, an attacker does not need to step foot on a plane, and in some cases, may not even need to clear airport security.

Aircraft Tugs

“Aircraft tugs are vehicles that latch onto the wheel bar or axle of a plane and guide it into a gate to connect the jet bridge and other deplaning equipment,” the report notes. Many modern tugs are wireless, increasing their susceptibility to a cyberattack. If cybercriminals infect a tug with malware, for example, “they could back a large aircraft into the airport itself by forcing the system to use the parameters for a smaller and lighter aircraft.”

De-icing Systems

Brrr! Pretty easy to imagine the consequences of a compromised de-icing operational system, which could lead to a dangerous amount of ice buildup on the plane. The report explains that “even a single millimeter of ice can dramatically affect the aerodynamics and maneuverability of a plane.” Furthermore, a compromised de-icing system could potentially lead to a plane crash, which would be more difficult to identify as a terrorist attack than a traditional threat.

Fuel Pumps

There is a complex operational system behind refueling, including valves, controls, transfer, and disposal. Malicious hands in the mix could cause the wrong type of fuel to be pumped into a plane, resulting in a range of issues from engine problems to explosion.

Airport Smart Devices

Similar to baggage-handling systems, airport smart devices are especially vulnerable since they can be compromised remotely or via malware through physical media. A cybercriminal can corrupt airport smart systems such as check-in machines, passport control gates, and smart building management systems.

Third-Party Systems

Just think the April 2019 third-party AeroData computer outage. The result? Grounded flights on a number of affected airlines, including Southwest, American, Delta, United, Alaska, and JetBlue. Delays. Frustration. Loss of revenue. And importantly, culpability in instances like this one are of little consequence to the consumer. Regardless of whether a third-party system or an airline is to blame, the impact on travelers is the same.

Facial Recognition

No passport or boarding pass needed! Several major airline early adopters are experimenting with facial recognition as part of the boarding process. Consumer response is divided, but no doubt, the technology is here to stay. The report notes, “The information from the scan will only be used once and will be deleted out of the system within a few hours.” U.S. Customs and Border Protection is then brought on board to cross-reference data. Systems that are not secured properly face a host of breaches, from compromise of personal data to intentional false approval of an attacker for travel.

Want to learn more? Read the full Institute for Critical Infrastructure Technology report by Drew Spaniel and Parham Eftekhari.

Lots of complexity. Lots of vulnerability. Lots of opportunity to effect change…

One of the best ways to combat the growing challenges in aviation related to cybersecurity is to prepare a pipeline of leaders in the field, who are equipped with the know-how to protect the aviation industry from those who seek to harm others.

Capitol Technology University is excited to launch its new master of science in aviation cybersecurity, as part of its mission to offer programs in relevant, high-demand technology fields.

Per the FAA, there are 10,600,000 U.S. jobs generated from aviation, many requiring a cyber background. Ready to do your part and meet the challenge? For more information or to apply, contact gradadmit@captechu.edu.