Last month, the Government Accountability Office (GAO) reported that “significant” cybersecurity weaknesses at the Federal Aviation Administration (FAA) are “threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS).”
Now, there’s more frightening news for frequent fliers: a new report from the GAO reveals that many planes’ on-board electronic systems are connected to the same Wi-Fi network used by passengers – leaving them open to hacking from on board the plane, or even on the ground.
Gerald Dillingham, one of the authors of the report, told CNN that “the planes include the Boeing 787 Dreamliner, the Airbus A350 and A380 aircraft”, all of which “have advanced cockpits that are wired into the same Wi-Fi system used by passengers.” Theoretically, it is possible for hackers to access the Next Generation Air Transportation System (NextGen) to:
- “Commandeer the aircraft
- “Put a virus into flight control computers
- “Jeopardize the safety of the flight by taking control of the computers
- “Take over the warning systems or even navigation systems”.
The GAO says: “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.” It recommends including the FAA’s Office of Safety, which currently certifies the cybersecurity of aircraft, in the FAA Cyber Security Steering Committee to “develop a coordinated, holistic, agency-wide approach to cybersecurity.”
A coordinated, holistic, agency-wide approach to cybersecurity is set out in the international standard for information security management, ISO 27001. An information security management system provides all organizations with a best-practice framework for risk-based information security that can be used throughout the enterprise.
Thanks to IT Governance’s fixed-price ISO 27001 Packaged Solutions, US organizations can now take advantage of expert ISO 27001 consultancy to implement the Standard for as little as $6,120.
With their unique combination of standards, books, toolkits, software, training, and online consultancy, IT Governance’s packages provide US organizations with all they need to implement the Standard and ensure their cybersecurity.