Europe’s largest pilot union is expected to release a report Saturday highlighting the hazards of potential cyberattacks on future air-traffic control systems.
Prepared by the European Cockpit Association, which represents some 38,000 commercial aviators, the study spells out the stark consequences if a hacker were to disrupt such vital communication links. Security and safety experts have been studying the topic for many years, and development work under way on both sides of the Atlantic seeks to incorporate measures to reduce cyber vulnerabilities.
But the latest analysis is among the most pointed in laying out the importance of designing next-generation networks able to react to extreme emergencies, including “several aircraft being unlawfully controlled from the ground.” Coping with such events “should be fully taken into account in the overall design” of future traffic-control systems, according to the document.
Dubbed “The Future of Flying in a Single European Sky,” the publication stresses the importance of safeguards—including backup-radar surveillance of satellite-based navigation aids—from “a crew perspective.” It doesn’t provide specific threat scenarios or technical-design standards.
Plane maker Airbus Group NV, Thales SA and other major European aerospace suppliers have been cooperating to develop a modernized traffic-control approach. The union and its members have participated in validation tests and flights. The proposed system is based on advanced hardware and software focused on managing the trajectory of aircraft and allowing them to fly closer together than currently permitted, while reducing emissions and congestion.
After working on the various incarnations of the ambitious project for more than a decade, the union has now issued 20 principles it deems important to make any eventual system safe and efficient.
“The possibility of a cyberattack on airport, control tower and aircraft shall be envisaged” as part of any future pan-European system, according to the report, “and appropriate counter measures should be designed to minimize their impact.”
Separating in-flight entertainment from all other aircraft systems—a principle currently relied on by manufacturers and operators—“is highly desirable” and should continue, according to the union.
But perhaps the most disturbing aspect of the document is the portion that deals with “spoofing” of satellite-based navigation and position-reporting messages, called ADS-B broadcasts, which are at the core air-traffic control modernization efforts around the globe. Spoofing refers to outsiders introducing inaccurate information, or blocking transmissions of any information, from hacked ADS-B equipment on an aircraft.
As a result, according to the document, controllers could misinterpret position, speed or heading data they receive for aircraft.
“To address this threat and be able to cross-check information,” according to the union, traditional ground-based “radar should be available to confirm ADS-B signals.”
Such fail-safe measures generally haven’t been discussed publicly among U.S. government experts, industry officials and pilot-union leaders. In the long run, they likely would increase the cost and complexity of future systems.
Above all, according to the union, pilots in the end still must retain “full responsibility and capability” to navigate their aircraft and avoid midair collisions. The document stresses that regardless of what changes are made, reliance on onboard anticollision equipment that automatically warns cockpit crews to take evasive maneuvers should remain paramount.