Skip to content

Point of View: Delta flight and airline cybersecurity

    
Point of View: Delta flight and airline cybersecurity

This is always the tradeoff…   How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates?  What makes this especially hard is that while the benefits are often immediate and concrete, the risks are often highly technical, theoretical, or will happen sometime in the future.  As the saying goes, users will choose dancing pigs over security every time.

Many security “experts” will just say “no” when confronted with a request that creates additional risk.  Poor lawyers will do the same thing.  But we need to steer clear of these absolutists. A strong security expert will ask questions like “what are you really trying to do.”  There’s almost always a way to find a solution — often a “third way” — that will achieve the goal without taking on unreasonable risk.  In this case, nobody is saying that you have to connect the plane’s controls directly to the Internet.  The goal is to get some better weather data to the pilots.  The information could come through ATC, or could be on a separate system inside the cockpit.  In fact, pilots can already get wireless on some airlines — even Southwest’s new Row 44 satellite-based broadband is planned for the cockpit.

Personally I don’t think pilots need full Internet access any more than you do when you’re driving your car.  There’s no place for Facebook, Twitter, and Netflix in the cockpit.  But there is some information that would be great for pilots that probably can’t be sent to the plane over traditional channels.   Like real time weather data and the details of terrorist attacks.  And let’s not forget that the Internet is bidirectional — we can monitor activity on the plane and respond appropriately.  Full audio and video monitoring of airplanes could allow much faster response and minimize the chances of a successful 9/11 repeat.  And that’s a deterrent to anyone even trying.

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.