Menu

News and Press

The Hill: Dem pressures airlines for cyber defense details

Sen. Ed Markey (D-Mass.) wants to know more about how airlines and airplane makers are defending themselves from hackers that have increasingly targeted the aviation industry.

Markey, who has also helped lead the Senate’s charge to question the auto industry about its cybersecurity plans, sent letters Wednesday to 12 airlines and two airplane manufacturers pressing for details on their digital defenses.

“As technology rapidly continues to advance, we must all work to ensure that the airline industry remains vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” Markey wrote.

In the past year, the aviation industry has come under siege from both cyber criminals and overseas cyber spies.

In the span of several months this summer, hackers infiltrated the U.S. air traffic control system, forced airlines to ground planes and potentially stole detailed travel records on millions of people.

The incidents were enabled by an industry that increasingly relies on digital networks but has yet to develop specific cybersecurity standards.

“With these technological advancements come great benefits, including improved flight navigation, greater communications abilities, and greater operational efficiency,” Markey wrote. “However, as we have witnessed recently in the automobile industry, I am concerned that these technologies may also pose great threats to our security, privacy and economy.”

Markey’s letter went out to American Airlines, Delta Airlines, Southwest Airlines, United Airlines, JetBlue Airways, Alaska Airlines, Spirit Airlines, Frontier Airlines, Hawaiian Airlines, Allegiant Air, Virgin America and Sun Country Airlines, as well as the airplane manufacturers Airbus and Boeing.

In each memo, Markey asked for specifics on the digital safeguards each had in place to protect features such as in-flight Wi-Fi, which security researchers have said presents vulnerabilities.

He also asked for details on cybersecurity tests and records of any previous successful or attempted intrusions in the past five years.