Airline 'Hack' Was Denial of Service'Deliberate Attack' Disrupted Issuing Flight Plans
The airline had already confirmed that it was forced to cancel 10 flights and delay 12 other flights - temporarily grounding 1,400 passengers at Warsaw Chopin Airport. It now says those delays and cancellations were caused by a cyber-attack that disrupted its ability to issue flight plans, which are written accounts of the path that pilots propose to fly. Until LOT airplanes could receive valid flight plans, they would not be allowed to depart.
"LOT became an object of a deliberate attack on the over-ground terrestrial telecommunication network," LOT spokesman Biuro Prasowe tells Information Security Media Group. "The attack was aimed at blocking our network and caused [us to lose the] ability to issue flight plans - documents required for each crew to depart."
But he emphasized that fliers and airplanes were never at any risk from the disruption, and that all related passenger-related data remains safe. "The aircraft which took off before the attack could continue their journey without any disruptions," Prasowe says. "We would like to highlight that passengers' safety was never at risk. All the sensitive data always was - and still is - safe within our database."
LOT says that this was the first attack of its kind that the airline had seen, and that it is cooperating fully with a related police investigation. "We support all efforts aimed [at finding] the perpetrators of this attack as soon as possible," Prasowe says, adding that finding ways to prevent repeat attacks was essential not just for LOT, but the entire airline industry, because any airline could be at risk from similar types of disruptions.
The good news, says Sean Henry, president of CrowdStrike Services, is that the attack against LOT involved a system disruption, rather than a hack attack that exploited some vulnerability in the system used by the airline to generate flight plans, or systems on airplanes themselves. "The [denial of service] is easier to address than an actual breach within their system, though it is still a vulnerability impacting their operations," he says in a SANS Institute research note.
Flight Plan Security Challenges
Aviation experts say that airlines use their ground computers to generate flight plans - and such plans must be approved and entered by pilots into airplanes' flight systems - in different formats for every different type of airplane. A Boeing 747, for example, requires a different flight-plan format than a Boeing 767. But as noted, disrupting any of those systems, or using them to issue bogus flight plans, will ultimately prevent flights from being able to depart.
One potential information security challenge with flight plans, however, is that no matter which software is used to generate the flight plan, the related protocol contains no built-in authentication mechanism, Peter Lemme, an independent consultant who chairs the Ku/Ka band satcom subcommittee, tells Wired. His subcommittee, which is sponsored by the SAE Industry Technologies Consortia, is developing a proposed standard for end-to-end broadband satellite networking systems for airplanes.
Lemme says that while flight-plan disruptions pose a nuisance, they are not a safety risk. "[The flight plan] doesn't just go into the system and take over the airplane," Lemme tells Wired. "The pilot has to accept it or has to manually transcribe it into the flight avionics system." And if the flight plan does not look right, then pilots will see that, he adds. "The pilot will see a presentation of the flight routing, like with a car GPS, and he'll say, 'What the hell, it has me going out to Alabama when I'm going to California. That's not right'."
One of the systems involved is the Aircraft Communications Addressing and Reporting System. "ACARS is used to upload company-generated flight plans," according to a post from a self-described airline pilot to the "Plane Talking" aviation blog. "The pilot requests the plan via the FMC - the flight management computer - and executes the flight plan once it has been checked and confirmed by both pilots on the flight deck. Unless both pilots are 'useful idiots' there is no prospect of this routine being a security risk."
Another self-described pilot, also on the Plane Talking forum, likened the systems in question to calculators, saying they have very specific - but restricted - capabilities. "FMCs were designed to remove the flight engineer and navigator from the cockpit. They're nothing more than a calculator with pre-programmed algorithms that pilots use as a tool for finding speed/distance/altitude/fuel calculations in conjunction with navigation information from Inertial Reference Systems and GPS," the Plane Talking forum user commented. "The pilots use these tools to fly - control - the aircraft, the tools don't control the pilots."