9.4 Transportation Infrastructure

WHO? The United States.

WHAT? Aviation Infrastructure.

WHEN? Is essential to sustaining the economy; without it, society would radically change.

WHERE? The potential vulnerability of aircraft avionics to cyber-attack is a new security challenge.

WHY? Although not easy, crashing jets by hacking their avionics would certainly be catastrophic.

Transportation is also considered a lifeline infrastructure. This sector encompasses aviation, railroad, highway, maritime, and pipeline transportation. For this topic, we will focus on the Aviation subsector, obviously because of its role on 9/11. The US Aviation Transportation System is comprised of aircraft, control systems, and airports. There are about 450 major US airports plus 19,000 smaller airfields. About 87,000 flights a day carry over 2 million domestic passengers plus air freight. At any given time, there may be over 3,000 aircraft in the air across the US. The National Airspace System keeps things running smoothly by managing 11,000 air navigation facilities and providing direction from 690 air traffic control facilities. Obviously, since 9/11, protection of the Aviation subsector has increased in priority. As was mentioned in Topic 3.2, the failure of airlines to prevent the 9/11 hijackers from smuggling weapons aboard resulted in the creation of the Transportation Security Administration. In addition to screening passengers and cargo as described in Topic 5.2, TSA also works with the FAA, NORAD, and FBI to secure the Aviation subsector. The FAA monitors and controls air traffic to ensure aircraft follow scheduled routes. The first sign of something wrong may be when an aircraft deviates from its scheduled route, as on 9/11. Aircraft deviate from scheduled routes for many reasons all the time. FAA controllers will attempt to make radio contact with the pilot and ascertain the reason for the deviation. If the pilot fails to respond, the controller may call upon NORAD to investigate. The North American Aerospace Defense Command is a binational organization created in 1957 to protect the US and Canada from air attack. At the time, NORAD’s biggest concern was Soviet bombers with nuclear warheads. Fighter jets are kept on alert in both nations to intercept Russian bombers detected on radar. The FAA can also call on NORAD to ask an alert fighter to intercept an unresponsive passenger jet. In October 1999, the FAA asked NORAD to intercept an unresponsive Learjet that was off course on a flight from Orlando to Dallas. The interceptor also reported no response. The Learjet had lost cabin pressure and all aboard died of asphyxiation. NORAD escorted the Learjet until it ran out of fuel and crashed in South Dakota. On 9/11, the FAA also called on NORAD. However, because the hijackers turned off their transponders and controllers had no radar contact, NORAD had no viable intercept coordinates. Without viable coordinates, the alert fighters were directed out over the Atlantic to intercept Russian bombers as trained. They were nowhere near the hijacked aircraft when they crashed. It’s questionable if NORAD could have done anything, anyway. On 9/11, NORAD did not have authority to shoot down civilian passenger jets. Needless to say, that has now changed. Another thing that has changed is FAA hijacking policy. Before 9/11, FAA policy was to cooperate with hijackers to get the aircraft safely on the ground. Once on the ground, an FBI Hostage Rescue Team could be ready to take back the aircraft. Since 9/11, FAA policy has changed to thwart hijackers intent on suicide missions. But are we better protected? Physically, the answer is “yes”. Virtually, the answer is “maybe”. In April 2015, a passenger was removed after tweeting he had hacked into the aircraft’s avionics. Although Boeing refuted the claim, the incident raised concerns about a “Digital 9/11”. Crashing jets by hacking their avionics is a new threat with potentially catastrophic consequences.