Updated: Nov 14, 2019
Finding and fixing vulnerabilities across airport operational technology networks may not be exciting, but the damage and confusion a successful attack can cause is nothing short of sensational. These critical airport systems include baggage control, runway lights, air conditioning, and power, and they're managed by means of network-connected digital controllers. They are much less organized than conventional IT networks, are rarely monitored as closely, and are often left untouched for years.
It's an emerging threat that has sparked the attention of dozens of airport CISOs we speak with regularly. Their concerns run the gamut from the mundane to straight out of the movies. Here are four risk vectors we hear about often:
Threat 1: Baggage Handling
Baggage-handling systems consist of an intricate latticework of automatic conveyor belts that ensure that both person and luggage arrive together at the same destination. Because they are the most customer-facing OT system found in airports, they're a common target. For a variety of reasons, checked bags are regularly tagged for extra security checks. A malicious actor can easily hack into the baggage-handling system to either redirect a bag to another flight or prevent it from being subject to a secondary security check in order to smuggle something illicit or dangerous onto the plane.
These systems are extremly attractive targets for an attack because they can be executed remotely; the attacker wouldn't even need to board the plane. All that's required is for a single person to fall for a simple phishing email and an attacker can introduce OT-specfic malware into the airport network. This malware will find its way to the baggage handling system to execute the attack.
Threat 2: Aircraft Tugs
Most planes can't reverse or maneuver safely or efficiently on the ground without using aircraft tugs (the airplane equivalent of tugboats). Tugs are usually vehicles that latch on the wheel bar or axle and are essential to do the kind of maneuvering needed to back a plane into the gate to connect the jet bridge and other deplaning equipment. Many modern tugs are wireless, and there's a huge push to make all next generation wireless, driveless, and OT and IT connected.
Attackers could potentially hijack a tug's weight sensors and back a large jet into a gate at the velocity used for a small plane, causing it to crash through the wall of the airport. Creative attackers could also hack these systems for other purposes beyond physical damage, which is likely why CISOs frequently mention this risk vector.
Threat 3: De-icing Systems
De-icing is a routine maintenance function that is performed on the ground. Planes need to be de-iced because at typical cruising altitudes, around 35,000 feet, temperatures dip as low as minus 60 degrees Fahrenheit. To prevent ice from forming on the wings, body, and other critical mechanical structures, a special chemical treatment is applied to the outside of the plane.
The liquid chemicals used for de-icing are stored at on-site facilities. These facilities use OT devices to regulate and maintain the composition of de-icing chemicals. If those systems were attacked and the composition of the solution altered, this could easily cause ice to form on the body of a plane. Even a single millimeter of ice can dramatically affect the aerodynamics and ability of a plane to maneuver. Tampering with the aerodynamics of a plane by hacking into de-icing systems is one way to cause it to crash without loading explosives onto it, which is likely why as obscure a risk vector as it is, de-icing systems are often one of the first OT systems airports monitor.
Threat 4: Fuel Pumps
When planes are refueled at airports, this is done either by fuel trucks or hydrants that pump gas from storage tanks in the ground. These storage tanks, known as "fuel farms," are connected via a sprawling network of underground pipes that use OT systems to regulate the valves, controls, and equipment used to store, transfer, and dispense various types of jet fuel used by commercial aircraft.
An attacker could, for example, hack into a fuel farm, causing the wrong type or mixture of fuel to be pumped into a plane, resulting in anything from engine problems to an explosion.
These are not theoretical risks — chances are an airport you frequent is susceptible to one or more of the above attacks. However, especially in light of the recent Boeing 737 plane crashes, it's important that we don't lapse into fearmongering. These networks are not exposed because airport cybersecurity teams are asleep at the wheel. In fact, the only reason we even know about them is because they're making it a priority to address them in what we observe to be a thoughtful, responsible manner. And that's a good thing.
Credit: FAA.gov, AviationPros
© De Angelis & Associates 2019. All Rights Reserved.