This article discusses the system, Acars, which is a decades old air-traffic messaging system, in need of a possible upgrade. Acars is used by airplanes to provide information on the status of aircraft components during flights. Although the information that is sent using Acars isn’t considered “safety critical”, Government and industry officials, as well as European safety regulators are worried about the possibility of vulnerabilities around this system. There hasn’t been any hacks aimed at the Acars system, but it seems like officials are worried that there might be vulnerabilities due to the lack of safeguards, which are available in newer networks (Acars system built in 1980).
It’s good to see officials take a pro-active step against cyber security, however, it’s also worrying that it doesn’t seem they know the exact vulnerabilities around this system. It looks like they are only trying to upgrade it because it is not “new” and from the 1980s. They need to do a better job at figuring out the vulnerabilities before blindly going in to upgrade to a newer system.
Article: http://www.wsj.com/articles/aviation-officials-step-up-cybersecurity-checks-of-older-messaging-system-1476556582
That is very true. It would be hard to upgrade a system, from a security perspective, based on the system being old. If you can’t tell why the system is vulnerable, how it can be exploited, and what are the risks associated with it being compromised, than you really don’t have a case to make the upgrade. I would assume that the ACARS system would not be cheap to replace, and spending that kind of money without any due-delligience would replicate the unknown vulnerabilities or just make the same system by sticking a new label on it.
Exactly. Agencies need to take a pro-active approach to cyber security, but just deciding to upgrade it because it is “old” is ridiculous.