A cyber attack grounded a fleet of aircraft in Poland on Sunday. All the planes were part of the Polish national airline, LOT. although the Polish domestic intelligence agency is being stingy with details, they claim the 1,400 passengers who were stranded were never actually in any danger. The flight plan systems that were affected are not used not used during actual flight. Therefore, none of the planes already en route were affected, only those on the ground at Chopin airport in Warsaw.
According to LOT airline spokesman, Adrian Kubicki, the hackers impeded the operation of the flight plan systems, but they did not gain direct access to any actual data.
The most frightening aspect of this aircraft attack is that practically every airline is vulnerable. All airlines use the same flight plan delivery protocol, and any interference means that planes stay on the ground.
Independent consultant, Peter Lemme, leads a subcommittee responsible for developing an across-the-board standard for end-to-end security on airplane systems. As far as improving security protocols, he states,
“There’s more we could do in this area as far as authenticating that the flight plan is coming from a legitimate source. Right now, [the system] is relatively trusting—if it comes in and it’s properly formatted, the system will accept it.”
DDoS attacks have yet to be reported on U.S. soil, but that doesn’t mean they haven’t occurred. Just last month, United Airlines flights were mysteriously grounded across the U.S. According to a tweet from someone seated on the tarmac, the pilot inferred it was due to a system hack creating false flight plans. Shortly after that, United raised the incentives to its bug bounty program by offering up to one million airline miles to security researchers who could identify specific flaws.