Airlines have currently no obligation to report attempted or successful cyberattacks on systems to the government authorities.
Sen. Ed Markey (D-Mass.) introduced a bill on April 7 to establish a new standard in identifying cybersecurity protections for aircraft and computer systems, and seeks a report to study "vulnerabilities" of consumer Wi-Fi on planes.
The Cybersecurity Standards for Aircraft to Improve Resilience (Cyber AIR) Act requires disclosure of information relating to cyberattacks on aircraft systems. The Act was filed by Markey as an amendment to the Federal Aviation Administration (FAA) Reauthorization Act of 2016, currently in debate in the U.S. Senate.
"As technology rapidly advances to keep passengers and planes connected, we must ensure that the airline industry is vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” Markey said in a news release. “The Cyber AIR Act directs the FAA to establish comprehensive cybersecurity standards and will mandate that all airlines disclose cyberattacks to the federal government. We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems, so we must continually bolster the standards and practices of the airline industry to ensure the safety and security of passengers on board commercial aircraft.”
In December 2015, Markey sent letters to 12 different airlines and two aircraft manufacturers to inquire about company protocols and protections. Five of the 12 airlines, Alaska Air, American Airlines, Hawaiian Air, JetBlue and United, did not respond but were represented in a collective letter from their trade organization, according to the release.
The following airlines were sent letters from Markey: Delta Airlines, Southwest Airlines, Spirit Airlines, Frontier Airlines, Allegiant Air, Virgin America, and Sun Country Airlines, as well as the airplane manufacturers Airbus and Boeing.
According to the new release by Markey, "the responses he received reveal that while there have been no confirmations of successful intrusions into aircraft systems, hacking attempts are common and cybersecurity testing is conducted inconsistently and with little uniform oversight."
