According to government documents obtained by Motherboard .a recent presentation talking about efforts to uncover vulnerabilities in widely used commercial aircraft, building on research in which a Department of Homeland Security (DHS) team successfully remotely hacked a Boeing 737.
The documents, which include internal presentations and risk assessments, indicate researchers working on behalf of the DHS may have already conducted another test against an aircraft. They also show what the US government anticipates would happen after an aircraft hack, and how planes still in use have little or no cybersecurity protections in place.
"Potential of catastrophic disaster is inherently greater in an airborne vehicle, a section of a presentation dated this year from the Pacific Northwest National Laboratory (PNNL), a Department of Energy government research laboratory, reads. Those particular slides are focused on PNNL's findings around aviation cybersecurity. "A matter of time before a cyber security breach on an airline occurs", the document adds.
A presentation, dated January 10, 2018, indicates PNNL attempted to hack the aircraft via “Wi-Fi internet & information distribution system”. One line in the presentation adds: “Validated: establish actionable and unauthorised presence on one or more onboard systems.” However it was unable to penetrate via a selected access vector.
In a statement, Paul Bergman, media relations lead for Boeing Commercial Airplanes, told Motherboard “Boeing is confident in the cyber-security measures of its airplanes. Multiple layers of protection, including software, hardware, network architecture features, and governance are designed to ensure the security of all critical flight systems from intrusion.”