Mon, 14 Jan 2013 15:09 UTC
The FAA is already in the process of rolling out its Next Generation Air Transportation System, of NextGen, a state-of-the-art program that will keep tabs on every plane in US airspace using GPS technology in lieu of relying on traditional radar. In the wake of a series of incidents where GPS signals were spoofed, though, serious problems could emerge in the coming years.
"If I can inject 50 extra flights onto an air traffic controller's screen, they are not going to know what is going on," Canadian computer consultant Brad Haines told NPR last year. Because Haines and others can emulate unencrypted and unauthenticated GPS signals sent from imaginary planes, he says NextGen stands to warrant some upgrades before it's ready for the rest of the world.
"If you could introduce enough chaos into the system - for even an hour - that hour will ripple though the entire world's air traffic control," Haines told NPR.
Haines' ideas are outrageous, but not exactly out of this world. Just last year, a Texas college professor spoofed, or faked, GPS signals in order to hijack an unmanned aerial vehicle right in front of the US Department of Homeland Security. The United States stands to have as many as 30,000 UAVs, or drones, flying overhead by the end of the decade. When Todd Humphreys of the University of Texas at Austin spoke with RT though, he said those aircraft could come down if hackers have their way.
"The navigations systems of these drones have a variety of sensors," Humphreys told RT, "...but at the very bottom is a GPS unit - and most of these drones that will be used in the civilian airspace have a civilian GPS unit which is wide open and vulnerable to this kind of attack. So if you can commander the GPS unit, then you can basically spoon feed false navigation information to the navigation center of these drones."
"Spoofing a GPS receiver on a UAV is just another way of hijacking a plane," the professor added in an interview with Fox News.
Indeed, the system implemented by the FAA under NextGen will rely on similar technology. With the deep pockets of the government involved in NextGen, though, the GPS signals sent by planes flying overheard are likely to be encrypted. What damage could still be done remains a mystery for now, though, since the FAA is unwilling to let hackers perform any testing to see what could be carried out.
"I still wonder if it would be possible to fool the system on the edges," Nick Foster, a colleague of Haines, told NPR. "I think the FAA should open it up and let us test it."
The FAA isn't all that willing for the time being, though, and perhaps with good reason: a 2009 report filed by the Wall Street Journal found that civilian air-traffic computer networks have been penetrated multiple times in only a few short years. At the time, the Journal cited a federal report issued by the US Department of Transportation that they said "warned that the Federal Aviation Administration's modernization efforts are introducing new vulnerabilities that could increase the risk of cyberattacks on air-traffic control systems."
Meanwhile, a report released just last month by the Department of Homeland Security acknowledged that America's critical infrastructures, including the transportation sector, were subject to unprecedented cyberattacks in 2012.
"The threat of hackers interfering with our air-traffic control systems is not just theoretical; it has already happened," Rep. Tom Petri (R- Wisconsin) told the Journal for their 2009 report. "We must regard the strengthening of our air-traffic control security as an urgent matter."
Taylor Amerding of CSO says the NextGen system will cost taxpayers $27 billion, plus an additional $10 billion from the commercial aviation industry, in order to implement in full. Once it is rolled out, the FAA will still use radar to track flights, but only in addition to relying on GPS signals.
"Don't for a moment believe there won't be radar anymore," aviation specialist Martin Fisher tells CSO. "Commercial aircraft will still have anti-collision radar and proximity alarms."
( No Comments )