Published Date: 2015-04-15
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident happened in January 2015 [Article 35207]. 2. The software failure incident happened in January 2015 [Article 35127]. |
| System | 1. Firewalls [35207, 35127] 2. Internet-based networks [35207, 35127] |
| Responsible Organization | 1. Hackers (as mentioned in Article 35207 and Article 35127) |
| Impacted Organization | 1. Airlines 2. Federal Aviation Administration (FAA) [35207, 35127] |
| Software Causes | 1. Vulnerabilities in firewalls due to being software components that could be hacked like any other software [35207, 35127] 2. Lack of cybersecurity verification by the Federal Aviation Administration (FAA) for new airliners before certification, leading to potential cybersecurity risks [35207] 3. Weaknesses in the ability to prevent and detect unauthorized access to the vast network of computer and communications systems used by the FAA to process and track flights, posing a risk of being hacked [35207, 35127] |
| Non-software Causes | 1. Lack of physical segregation between passenger-accessible systems and avionics systems on aircraft [35207, 35127] 2. Inadequate cybersecurity measures in place to prevent unauthorized access to critical flight systems [35207, 35127] 3. Reliance on firewalls as the primary defense mechanism against cyber attacks, which can be breached due to their software nature [35207, 35127] |
| Impacts | 1. The software failure incident highlighted the vulnerability of modern aircraft to cyber attacks through on-board Wi-Fi, potentially allowing unauthorized remote access to aircraft avionics systems [35207, 35127]. 2. The incident raised concerns about the possibility of a terrorist using a plane's on-board Wi-Fi to take control of the airplane, posing a serious threat to aviation security [35207, 35127]. 3. The Federal Aviation Administration (FAA) was criticized for not verifying the cybersecurity of new airliners before certifying them for use, indicating a gap in ensuring the safety and security of aircraft systems [35207]. 4. The incident exposed weaknesses in the FAA's system for guiding planes and other aircraft, increasing the risk of unauthorized access to critical computer and communication systems used for air traffic control [35207, 35127]. 5. The incident prompted calls for greater security measures on flight controls beyond relying solely on firewalls, as firewalls, being software components, were identified as potential points of vulnerability that could be hacked [35207, 35127]. |
| Preventions | 1. Implementing stronger cybersecurity measures beyond just firewalls, such as intrusion detection systems and network segmentation to prevent unauthorized access to critical systems [35207, 35127]. 2. Conducting thorough cybersecurity assessments and testing of new aircraft technologies before certifying them for use to identify and address potential vulnerabilities [35207]. 3. Ensuring that flight control systems and passenger entertainment systems do not share the same wiring or internal networks to prevent potential hacking through shared infrastructure [35127]. 4. Enhancing collaboration and coordination within the Federal Aviation Administration to streamline cybersecurity responsibilities and ensure a more cohesive approach to addressing cybersecurity risks in aviation systems [35207]. |
| Fixes | 1. Implementing stronger cybersecurity measures to protect aircraft systems from unauthorized access, such as enhancing firewall security and ensuring separate networks for critical systems and passenger entertainment systems [35207, 35127]. 2. Conducting thorough cybersecurity assessments and verifications of new airliners before certifying them for use [35207]. 3. Addressing the split responsibility for cybersecurity within the Federal Aviation Administration to ensure a more cohesive and effective approach to cybersecurity [35207]. 4. Collaborating with government security experts, including the National Security Agency, to identify and implement necessary changes to enhance cybersecurity in aviation [35127]. | References | 1. US Government Accountability Office (GAO) [35207, 35127] 2. Federal Aviation Administration (FAA) [35207, 35127] 3. Rep. Peter DeFazio [35207, 35127] 4. Cybersecurity experts [35207, 35127] 5. FAA Administrator Michael Huerta [35127] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | unknown | (a) The software failure incident related to potential vulnerabilities in aircraft systems due to internet connectivity and firewall weaknesses has been highlighted in reports by the US Government Accountability Office (GAO) concerning the Federal Aviation Administration (FAA) [35207, 35127]. The incident involves the risk of hackers exploiting the interconnectedness of modern aircraft to gain unauthorized remote access to avionics systems through shared IP networks. The GAO reports emphasize the concerns raised by cybersecurity experts regarding the potential for firewall vulnerabilities, as firewalls, being software components, could be hacked and circumvented like any other software. (b) The software failure incident involving cybersecurity risks in aircraft systems due to internet connectivity and firewall vulnerabilities has not been specifically mentioned as happening at multiple organizations in the provided articles. The focus is primarily on the potential risks and vulnerabilities within the aviation industry, particularly concerning the FAA's system for guiding planes and aircraft. |
| Phase (Design/Operation) | design, operation | (a) The articles discuss the potential software failure incident related to the design phase. The failure is attributed to vulnerabilities introduced by the modernization of planes and flight tracking with internet-based technology. The interconnectedness of modern aircraft to the internet provides unauthorized remote access to aircraft avionics systems, which could be exploited by attackers [35207, 35127]. (b) The articles also mention the software failure incident related to the operation phase. The failure is linked to the operation of the on-board Wi-Fi systems, which could potentially allow hackers to infiltrate flight systems and take over cockpit controls. The use of the same wiring and routing for flight systems and entertainment systems on planes could create a vulnerability that could be exploited by terrorists [35207, 35127]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident related to the potential vulnerability of aircraft systems to hacking through on-board Wi-Fi is primarily within the system. The articles highlight that the interconnectedness of modern aircraft to the internet, shared IP networks between passenger-accessible systems and avionics, and reliance on firewalls as software components contribute to the within-system factors leading to the vulnerability [35207, 35127]. (b) outside_system: The software failure incident also involves contributing factors that originate from outside the system. Specifically, the articles mention the external threat posed by hackers or terrorists who could exploit the vulnerabilities in the aircraft systems through on-board Wi-Fi, indicating an external origin of the potential failure [35207, 35127]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The articles discuss the vulnerability of aircraft avionics systems to potential unauthorized remote access due to the increasing interconnectedness of modern aircraft with the internet [35207, 35127]. - The connection between passenger-accessible systems and the avionics of the plane is moderated by firewalls, but experts point out that firewalls, being software components, could be hacked and circumvented like any other software [35207, 35127]. - The articles highlight the concern that internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, including potential malicious actors [35207, 35127]. (b) The software failure incident occurring due to human actions: - The articles mention the possibility of a terrorist with a laptop sitting among passengers and taking control of the airplane using its passenger Wi-Fi as a serious vulnerability that the FAA should address promptly [35207, 35127]. - There are calls for greater security on flight controls beyond just relying on firewalls, as experts point out that firewalls, being software, could be hacked, leading to potential breaches in protecting avionics from hackers [35207, 35127]. |
| Dimension (Hardware/Software) | hardware, software | (a) The articles discuss a potential software failure incident related to hardware vulnerabilities. The articles highlight the concern that modern aircraft are increasingly connected to the internet, which could potentially provide unauthorized remote access to aircraft avionics systems [35207, 35127]. The connection between passenger-accessible systems and the avionics of the plane is moderated by firewalls, but experts point out that firewalls, being software components, could be hacked like any other software and circumvented [35207, 35127]. The articles also mention that as airlines update their systems with Internet-based networks, it's not uncommon for Wi-Fi systems to share routers or internal wiring, potentially creating vulnerabilities for hackers to exploit [35127]. (b) The articles also discuss a software failure incident related to software vulnerabilities. Cybersecurity experts mentioned in the articles highlighted the fact that firewalls, which are used as barriers to protect avionics from hackers, are software components that could be hacked [35207, 35127]. The articles emphasize that internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, including potential malicious actors, indicating a software vulnerability that could be exploited [35207, 35127]. Additionally, the articles mention that the FAA's system for guiding planes and other aircraft was at an increased risk of being hacked, indicating software vulnerabilities in the aviation systems [35207, 35127]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The objective of the software failure incident was malicious: - Hackers could potentially bring down a plane by exploiting vulnerabilities in the on-board Wi-Fi system, allowing unauthorized remote access to aircraft avionics systems [35207, 35127]. - There are concerns that terrorists could use the on-board Wi-Fi to infiltrate flight systems and take over cockpit controls, posing a serious vulnerability that needs to be addressed by the Federal Aviation Administration [35207, 35127]. - The report highlights the possibility of a worst-case scenario where a terrorist with a laptop could sit among passengers and take control of the airplane using the passenger Wi-Fi [35207, 35127]. (b) The objective of the software failure incident was non-malicious: - The failure was not due to non-malicious factors introduced without intent to harm the system; the focus of the incident was on the potential malicious exploitation of vulnerabilities in the on-board Wi-Fi system by hackers or terrorists [35207, 35127]. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The intent of the software failure incident related to poor decisions can be inferred from the articles. The failure in this case is primarily due to poor decisions made in the design and implementation of the aircraft systems. The articles highlight that as airlines and the Federal Aviation Administration attempt to modernize planes and flight tracking with internet-based technology, attackers have a new vulnerability they could exploit [35207, 35127]. The decision to connect modern aircraft to the internet without adequate cybersecurity measures in place, such as relying solely on firewalls that can be hacked like any other software, reflects poor decision-making in ensuring the security of the systems [35207, 35127]. (b) The intent of the software failure incident related to accidental decisions or unintended consequences is also evident in the articles. While the failure was not intentional, it resulted from mistakes or unintended decisions made during the integration of internet-based technology into aircraft systems. The articles mention that the avionics in a cockpit operate as a self-contained unit and aren't connected to the same system used by passengers, but as airlines update their systems with Internet-based networks, it's not uncommon for Wi-Fi systems to share routers or internal wiring, potentially leading to vulnerabilities [35207, 35127]. This unintended consequence of sharing infrastructure between critical flight systems and passenger entertainment systems highlights the accidental decisions or oversights that contributed to the software failure incident. |
| Capability (Incompetence/Accidental) | accidental | (a) The articles do not provide information about the software failure incident occurring due to development incompetence. (b) The software failure incident reported in the articles is related to the potential risk of a terrorist using a plane's on-board WiFi to bring down the plane. This incident is considered a security vulnerability that could be exploited by hackers due to the increasing connectivity of modern aircraft to the internet. The vulnerability arises from the interconnectedness of passenger-accessible systems and the avionics of the plane through shared IP networks, which could potentially provide unauthorized remote access to aircraft avionics systems [35207, 35127]. The incident highlights the accidental introduction of a security vulnerability due to the modernization of planes and flight tracking with internet-based technology, creating a new attack surface for potential malicious actors to exploit. |
| Duration | unknown | The articles do not provide information about the duration of the software failure incident related to the potential vulnerability of aircraft systems to hacking via on-board Wi-Fi. |
| Behaviour | omission, byzantine | (a) crash: The articles do not mention any instances of a system crash where the software fails due to losing state and not performing any of its intended functions. (b) omission: The articles discuss the potential for failure due to omission, where the system omits to perform its intended functions at an instance(s). This is highlighted in the concern that as airlines modernize planes with internet-based technology, attackers could exploit vulnerabilities in the interconnected systems, potentially leading to unauthorized access to aircraft avionics systems [35207, 35127]. (c) timing: There is no specific mention of a failure due to timing issues, where the system performs its intended functions correctly but too late or too early. (d) value: The articles do not explicitly mention a failure due to the system performing its intended functions incorrectly. (e) byzantine: The articles discuss the potential for a byzantine failure, where the system behaves erroneously with inconsistent responses and interactions. This is illustrated by the concern that firewalls, as software components, could be hacked like any other software and circumvented, potentially leading to unauthorized access to aircraft systems [35207, 35127]. (f) other: The articles do not describe a specific behavior falling outside the options of crash, omission, timing, value, or byzantine. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | processing_unit, network_communication, embedded_software | (a) sensor: The articles do not specifically mention a failure related to sensors. (b) actuator: The articles do not specifically mention a failure related to actuators. (c) processing_unit: The failure discussed in the articles is related to the processing unit of the cyber-physical system. It highlights the vulnerability of modern aircraft due to their interconnectedness to the internet, potentially providing unauthorized remote access to aircraft avionics systems. The report mentions that cockpit electronics are indirectly connected to the passenger cabin through shared IP networks, and cybersecurity experts pointed out that firewalls, as software components, could be hacked and circumvented, leading to potential control of the airplane by malicious actors [35207, 35127]. (d) network_communication: The failure discussed in the articles is related to network communication. It points out that as airlines and the Federal Aviation Administration attempt to modernize planes and flight tracking with internet-based technology, attackers have a new vulnerability they could exploit. The articles highlight the concern that internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, including potential malicious actors, indicating a failure in network communication security [35207, 35127]. (e) embedded_software: The failure discussed in the articles is related to embedded software. The articles mention that airlines are relying on firewalls, which are software components, to create barriers against potential cyber threats. However, cybersecurity experts highlighted that firewalls could be hacked like any other software, leading to potential breaches in the security of the aircraft's systems. This indicates a failure in the embedded software's ability to protect against cyber attacks [35207, 35127]. |
| Communication | connectivity_level | The software failure incident discussed in the articles is related to the connectivity level of the cyber-physical system that failed. The failure was due to contributing factors introduced by the network or transport layer. The articles highlight how the interconnectedness of modern aircraft to the internet, including passenger-accessible systems and avionics, poses a cybersecurity risk. The use of shared IP networks, firewalls, and internet connectivity in the cabin creates a direct link between the aircraft and potential malicious actors, emphasizing the vulnerability at the network layer [35207, 35127]. |
| Application | TRUE | The software failure incident described in the articles is related to the application layer of the cyber physical system. The failure was due to vulnerabilities in the firewall software that could be exploited by hackers, indicating a failure at the application layer caused by bugs and potential hacking threats [35207, 35127]. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | non-human, theoretical_consequence | (a) death: People lost their lives due to the software failure - The articles do not mention any incidents of people losing their lives due to the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] (b) harm: People were physically harmed due to the software failure - The articles do not mention any incidents of people being physically harmed due to the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] (c) basic: People's access to food or shelter was impacted because of the software failure - The articles do not mention any incidents of people's access to food or shelter being impacted due to the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] (d) property: People's material goods, money, or data was impacted due to the software failure - The articles do not mention any incidents of people's material goods, money, or data being impacted due to the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] (e) delay: People had to postpone an activity due to the software failure - The articles do not mention any incidents of people having to postpone an activity due to the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] (f) non-human: Non-human entities were impacted due to the software failure - The potential impact of the software failure incident is on the aircraft systems and avionics, which could be compromised by hackers through on-board Wi-Fi. [35207, 35127] (g) no_consequence: There were no real observed consequences of the software failure - The articles discuss the potential consequences of the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi, highlighting vulnerabilities and risks but not mentioning any actual observed consequences. [35207, 35127] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss theoretical consequences of the software failure incident related to the potential hacking of aircraft systems through on-board Wi-Fi, such as the possibility of a terrorist taking control of an airplane using passenger Wi-Fi. [35207, 35127] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The articles do not mention any other specific consequences of the software failure incident beyond the potential risks and vulnerabilities discussed in relation to the hacking of aircraft systems through on-board Wi-Fi. [35207, 35127] |
| Domain | transportation, finance, government | (a) The articles discuss the potential software failure incident in the aviation industry, specifically related to the modernization of planes and flight tracking systems with internet-based technology. The failure incident involves the vulnerability of aircraft avionics systems to unauthorized remote access due to the increasing connectivity of modern aircraft to the internet [35207, 35127]. (h) The articles also touch upon the financial implications of the software failure incident, as it could potentially lead to serious security risks and threats to the aviation industry. The Federal Aviation Administration (FAA) is highlighted as needing to work quickly to address the vulnerabilities and ensure the safety of the national airspace system, indicating the financial impact of potential security breaches in the aviation sector [35207, 35127]. (l) The software failure incident is directly related to the government sector, particularly the Federal Aviation Administration (FAA), which is responsible for regulating and overseeing aviation safety in the United States. The articles emphasize the need for the FAA to take further action to address cybersecurity risks and vulnerabilities in the aviation industry, highlighting the government's role in ensuring the safety and security of air travel [35207, 35127]. |
Article ID: 35207
Article ID: 35127