1(630)802-8605 Ravi.das@bn-inc.net

Well, this is the first blog for October, and it is so hard to believe that we are now in Q4, the last hurdle for 2019.  Then we usher in 2020, with more drama and excitement, not only on the Cybersecurity front, but also in terms of the political scene:  It will be our Presidential Election year. 

Will Trump hold onto his “legacy”?  Who knows?  I am just hoping and praying that our economy continues to grow and expand, even though there is talk of recession down the horizon.

But for this, don’t blame the fundamentals.  As the economic engine of the world, the United States still remains strong, and we will continue to be that way.  As a society, we have weathered a lot, and have bounced back fairly quickly.  Let me put it this way, although the pain and scars of 9/11 remain with us, we were able to move forward, and even from the Great Recession of 2008-2009.

The only thing that is really impacting the economy is the sheer idiocy of this Presidential Administration, and imposing tariffs when they are not needed.  It is only the average American, like you and me, that are going to be hurt and impacted the most.  Even our farmers, the best in the world in terms of crop and food production, are badly hit.

But, enough of my political thoughts.  Back to Cybersecurity stuff.  I had a great podcast last week, actually.  It was more of a conversational kind of content, and a bulk of it was spent on talking about the Cyberthreat Landscape in general, how it is has evolved so far this year, and what 2020 could potentially hold. 

In fact, this was the very last question that I asked (I usually keep the best for last).  Just like me, my guest had predicted that Ransomware and Phishing (including all of its variants including Business Email Compromise and Social Engineering) would be at the top of the list.

But we also agreed that attacks to our Critical Infrastructure would also loom in a much stronger way, and perhaps even lead to some sort of larger scale attack.  True, there are some major United States that have been hit, like those in Texas and Maryland, but we could see something that could even be bigger than that of 9/11. 

If this were to happen, we probably will not see buildings being knocked down, but rather the pipelines that lead us to our everyday lives will be severely disrupted, or even cut off from us.

I wrote a rather detailed blog about this some time ago, and it is really scary.  The primary problem is that all of the technologies surrounding our Critical Infrastructure are extremely outdated, and thus, are very difficult to protect with our very much advanced security technologies.  But there is one other aspect of Critical Infrastructure that I totally forgot to mention about . . . that is our transportation system. 

In actuality, there is nothing really wrong with them per se, from a technological standpoint.  They are about as advanced as they are going to get, and in a lot of cases, they are getting too advanced, kind of like the stuff may even have seen on Star Trek. 

With this, I am talking especially about our commercial aircraft.  The field of Aeronautics and Astronautics has evolved so quickly, that airline pilots don’t even need to fly the planes themselves.

All they really have to do now is just feed in the flight plan into their computers, take off, and let the autopilot do the rest.  All the captain and co-pilot do is just watch the fuel tanks do dry, and respond to any type of emergency, if it all it comes up.  The only part of the flight that still cannot be done yet automatically is the actual landing, which still has to be done manually.  But hey, one day, this will happen as well.

To really see what I am talking about, go to You Tube and search for videos on the cockpit of the 747-200 and the 747-8.  Just within the first few seconds, you will see the extremely stark difference between the two.  The former has all analog and dial instrumentation, while the latter is totally all electronic. 

There is nothing wrong with this, after all, it eases the workload on the flight crew to keep abreast of what is happening and be alert in case they need to take any sort of immediate action.

But, if you peel this layer of advantage off, there is a huge vulnerability, and it comes from the standpoint of Cybersecurity.  Just like with the Internet of Things (IoT), there is too much connectivity that is involved with all of the electronic components that are found in the cockpit of today. 

What does this mean?  It simply means that the attack surface for the Cyberattacker has greatly increased, and with more holes and vulnerabilities present with all of these degrees of connectivity, he or she could very easily commandeer an aircraft, and literally do whatever they want with it.

Scary, eh?  Well it really is.  Just imagine for a minute for a minute that you are going in vacation somewhere and sitting in one of the most advanced commercial aircraft of all time, such as the A380.  You are flying over the depths of the Pacific Ocean, comforted in the fact that virtually nothing bad could happen. 

But all of a sudden, you plane starts to nosedive down into the water.  At first thought, the flight crew thinks that it could be a flap or rudder problem, or even some sort of engine failure.

But the truth of the matter is that it is really a Cyberattacker that has gained control over all of the electronics of the aircraft, even including that of the cockpit.  Now, there is really very little that the flight crew can do. 

In a way, it is like the opening sequel to a James Bond movie, in which 007 is in a helicopter, his pilot is killed, and some criminal has gained control of it from some remote location.  Maybe back then we all laughed at this opening clincher, but the truth of the matter is that this is now a reality.

In fact, this has become so scary that the Department of Homeland Security (DHS) has literally revived an old program which was originally designed to safeguard commercial of the United States from encountering a horrible experience like the one just depicted.  No specific details were given out into this, other than the FAA plans to inspect all kinds of commercial aircraft to make sure that their electronic systems are hacker proof, as much as possible. 

Of course, they can’t go at this alone.  They will need the huge help from Boeing and Airbus as well.  But it was mentioned that the DHS has acquired a modern Boeing 767, and so far, has spent well over $10 million in studying the electronics and doing deep level scans in order to find any holes and weaknesses. 

In fact, more than 15 tests of this nature were already conducted, but again, no further details were given out.  The one good thing about this is, as far as I know, the electronic configurations are almost the same kind for all Boeing aircraft that were built after the 767. 

This includes the newest variants of the 737, 747, 777, and the 787.  So, whatever is found in these tests can be extrapolated to these newer planes as well, without having to spend too much more time or money in conducting separate tests for each kind of individual aircraft.  But it is important to keep in mind as well that a Cyberattacker does not need to commandeer an actual aircraft per se in order to bring it down.

As mentioned, with all of the connectivity these days, even if the Cyberattacker can tap into anything that is even remotely related to it (such as an air traffic control tower), and still yet be able to inflict serious damage.