WHY THIS MATTERS IN BRIEF
Quantum computers and hackers could cause chaos by taking out air traffic control systems and the systems that aircraft rely on to operate, so the FAA is preparing.
Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.
The air traffic shutdown a few weeks ago, the worst since 9/11, represents a salutary warning to government as well as private industry. If you thought our air traffic infrastructure is vulnerable to hackers, you’re right. Between outdated computer systems and inadequate cybersecurity, the world of air travel offers multiple points of entry for the current hacker or a future quantum computer attack. As a result many experts in the aviation industry believe closing those points, and getting serious about making Americas skies cyber and eventually quantum-safe should be a major priority for a Secretary of Transportation.
But, the truth is, those malicious attacks have been going on for a while. For example, on May 7, 2009, hackers got into the FAA computer system, and stole the personal of some 45,000 employees, in 2013 a malicious phishing scam targeted 75 US airports, then on February 23, 2021, NASA and FAA were both hacked by Solar Wind, and on October 10, 2022, Russian hackers knocked key U.S. airports offline, including LAX and La Guardia, O’Hare and Midway airports in Chicago.
That’s what can happen if someone targets more stationary targets. Airliners themselves are particularly vulnerable, according to Neucrom Security Labs research, thanks to their WiFi services. By cracking open access to the thousands of accounts using WiFi in the air, or hacking into airline terminals on the ground, hackers will have a gold mine rich with what they are looking for, namely mountains of data, both proprietary and personal. It’s not just a US problem. The European Organisation for the Safety of Air Navigation, or Eurocontrol, published a report in July 2021, “Airlines under attack: Faced with a rising tide of cybercrime, is our industry resilient enough to cope?”
But the threat of quantum computer attack goes far beyond stolen identities, cancelled flights, or even airport shutdowns. An extended quantum threat can disrupt air travel for protracted periods, and generate aerial chaos on a global scale. It could mean downed planes, endless routing chaos, and collisions between commercial flights and mission-critical military aircraft in a time of war or national emergency.
For example, the aviation system that went down a few weeks ago was the Notice to Air Missions (NOTAM). It sends alerts to pilots to let them know of conditions that could affect the safety of their flights. It is separate from the air traffic control system that keeps planes a safe distance from each other, but a critical part of guaranteeing air safety.
Imagine a quantum hack that sends false notices to pilots that send them and their passengers on a deadly journey, all based on false data or weather information, and all using the same system that’s designed to keep airliners in the sky, instead of crashing them to earth.
The heart of America’s air travel infrastructure, the Air Traffic Control system itself (ATC), is kept offline to avoid the threat of malicious attack by state or non-state actors. But some components do communicate via the internet, for example for system maintenance, while ATC’s Next-Gen modernization program will rely on IP-based networks in order to communicate, which opens another portal to malicious intrusion, especially by a future quantum computer that can punch through any existing encryption.
Fortunately, the White House has gotten serious about the quantum computer threat. So has Congress, and now the Transportation Department is taking the lead in adopting the Zero Trust cybersecurity standards required by executive order, including adopting quantum-safe protocols.
The first thing on the list of things to do is post an accelerated timeline for migration of all air travel-related communication and computer systems to post-quantum cryptography, E.G.: the large quantum-resistant algorithms recently standardized by NIST, which can also protect against current hackers.
Second they aim to issue a Request For Information (RFI) to cybersecurity companies familiar with the quantum threat, on how to use those NIST standards to map out a strategy for guarding against future quantum hackers in the event of national emergency or time of war.
Thirdly, they aim to meet with those quantum cybersecurity companies who can provide the right flexibility and resilience that a full-court press post-quantum cyber regime will need, including regular upgrading of key existing systems and installing of quantum-safe encryption for future ones.
And lastly they are working to make sure other parts of the US transportation grid – rails, subways, highways – are migrating toward post-quantum solutions, as well; including where – as with industrial systems and the power grid – using quantum cryptography may be the better answer than PQC.
