On June 22, 2015, LOT, the stateâ€owned Polish airline had to ground at least 10 national and international ights because hackers breached the network at Warsawâ€™s Chopin airport and intercepted the ight plans that pilots need before taking off. The grounding affected about 1,400 passengers and lasted over ve hours before the problem was solved. A month earlier, United Airlines was reported to have experienced the same problem in the United States, and pilots reported bogus ight plans repeatedly popping up on the system.
A consultant explained that the radio network that carried ight plans did not need authentication and was designed to trust the communications. A committee was then set up to develop a proposed standard for ight plan security.
Fortunately, the ight plan did not control the plane, and a pilot had to accept and enter the plan. A strange result, such as heading to a distant city in the wrong direction, would not be entered or accepted. Even if the bogus plan were entered and accepted by the pilot, there was no danger of collision or crash because of the fraudulent plans.
Any changes received to the plan while in ight had to be conrmed with air trafc controllers, who analyzed the new plan for safety. Alarms would also indicate a possible collision.
Which of the two aircraft breaches is more serious: the breach described here or the breach created by the hacker (described earlier in the chapter) who took control of a planeâ€™s throttle briefly through the entertainment system and then tweeted about it? Why?
Which of the access controls and storage/transmission controls would be most helpful for the ACARS problem? The entertainment system problem? Why?
If password control is used to solve the ACARS weakness, what might hackers do next?
answer all of these questions and write a small essay. 2-3pages.