Senator Markey Queries Airlines and Airplane Manufacturers about Aircraft Cybersecurity Defenses

Senator also asks airlines about their practices to protect privacy of passenger information
 
Washington (December 2, 2015) – In his ongoing investigation of cybersecurity and privacy vulnerabilities of the transportation sector, Senator Edward J. Markey (D-Mass.) today sent letters to twelve domestic airlines and two airplane manufacturers requesting information on the cybersecurity protections on their aircrafts and computer systems. Much like the automobile industry, the aviation industry in recent years has become increasingly interconnected, and modern aircraft are more often connected to the Internet. Though these technological advancements offer many benefits, they also present possible dangers, such as new avenues for cyberattacks. A passenger earlier this year allegedly hacked into the inflight entertainment system from onboard a plane, potentially gaining access to the critical flight systems that control the movement of the aircraft. The Government Accountability Office (GAO) issued an April 2015 report addressing the increasing connectedness of modern aircraft, raising important concerns about possible unauthorized access to aircraft avionics systems.  
 
“As technology rapidly continues to advance, we must all work to ensure that the airline industry remains vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” writes Senator Markey, a member of the Commerce, Science, and Transportation Committee, in the letter.“With these technological advancements come great benefits, including improved flight navigation, greater communications abilities, and greater operational efficiency.  However, as we have witnessed recently in the automobile industry, I am concerned that these technologies may also pose great threats to our security, privacy, and economy.”   
 
Senator Markey sent letters to American Airlines, Delta Airlines, Southwest Airlines, United Airlines, JetBlue Airways, Alaska Airlines, Spirit Airlines, Frontier Airlines, Hawaiian Airlines, Allegiant Air, Virgin America, and Sun Country Airlines, as well as the airplane manufacturers Airbus and Boeing.
 
A copy of the letters to the airlines and airplane manufacturers can be found HERE.
 
In the letters to the airlines and airplane manufacturers, Senator Markey asked for responses to questions including:
·      What protections the company currently has in place to guard planes and systems against cyber-attacks
·      Whether the company has installed in-cabin wi-fi capabilities, which could serve as possible entry points for cyber-attacks
·      Whether the company conducts cybersecurity tests, either internally within the company or by independent third parties, for the purpose of identifying cybersecurity vulnerabilities
·      Who is involved in conducting any cybersecurity testing on the company’s planes, and whether these individuals are subject to background checks
·      Whether the company is aware of any actual or attempted cyber-attacks in the past five years
·      What protections are used by the airlines to keep flight customer data secure, and whether that data is shared with third parties
·      Whether the plane manufacturers continue to monitor planes for cybersecurity issues after the planes have been sold to airlines
·      Whether the company has collaborated with federal agencies and other industry stakeholders on cybersecurity issues.
 
Last year, Senator Markey released a report detailing major gaps in cybersecurity protections in automobiles.