If you're old enough to remember the turn of the millennium, then you'll recall the big Y2K scare. Many people believed that computers that were never designed to accommodate the change of the millennium – from the year 1999 to 2000 – would have such crazy problems that airplanes in flight might fall out of the sky.
Fortunately that didn't happen, but something odd did happen this June that has caused quite a stir in the aviation industry. The Polish airline LOT experienced a first-of-its-kind denial of service attack against the computer used to send flight instructions to planes that were waiting to take off. Pilots sitting in planes on the tarmac could not receive their instructions, and at least 22 flights were delayed or canceled. The DoS attack didn't affect any flights that were already airborne.
"LOT became an object of a deliberate attack on the over-ground terrestrial telecommunication network," according to LOT spokesman Biuro Prasowe. "The attack was aimed at blocking our network and caused [us to lose the] ability to issue flight plans – documents required for each crew to depart." Prasowe says passenger-related data was not breached and passengers were never at risk of harm.
At this writing, authorities don't know who is behind the attack. An investigation is underway.
Aviation experts say that many other airlines could be at risk of a similar DoS attack because they use the same type of system to upload company-generated flight plans to planes. Although the potential exists for hackers to upload bogus flight plans, these plans are not directly input into onboard computer systems on the planes. What's more, pilots are most likely to notice if they are given incorrect flight plans. So within the aviation industry, the concern is less about hacking into flight plans than it is about DoS'ing the computers that communicate those plans to the planes that are preparing for takeoff.
United Airlines had some sort of incident a few weeks prior to the LOT attack. No one has said if the United experience also was a denial of service attack, but the outcome was similar: delayed flights for at least an hour due to unspecified computer problems.
It's disturbing to think that these aviation systems are vulnerable to DoS attacks. Imagine the global havoc this would cause if attacks on airlines became as commonplace as, say, attacks on gaming companies.
LOT reportedly has state-of-the-art computer systems, but someone forgot to build security around them. Following this attack, every airline in the world had better be looking at how to fend off any future attacks.