Government Regulations

New Airplane Cyber Rules Advanced by FAA

DefCon: You cannot 'cyberhijack' an airplane, but you can still create mischief

Mounting cybersecurity threats against aviation equipment, systems, and networks brought upon by increasing connectivity have prompted the Federal Aviation Administration to propose new cyber rules aimed at bolstering their defenses against intentional unauthorized electronic interactions, according to The Record, a news site by cybersecurity firm Recorded Future.

Aside from mandating the identification and evaluation of cybersecurity gaps in networks involved in the operations of airplanes, engines, and propellers, organizations in the aviation sector would also be required to establish cyberattack response procedures for pilots and mitigate IUEI risks under the proposed rules. Such a development was noted by RunSafe Security CEO Joseph Sanders to be "long overdue" although more action is still needed to combat unknown security vulnerabilities.

"We need both the capability to prevent future attacks against unknown vulnerabilities discovered after a manufacturer delivers instructions for continued airworthiness and a process for the manufacturer and operator to agree when to update the operators’ aircrafts to address future software vulnerabilities affecting airworthiness," Saunders said.

You can skip this ad in 5 seconds