LOT chief executive says the attack on their airline could happen ‘to anyone, anytime’

plane cropped

No airline is safe from the type of cyber attack that grounded aircraft and hundreds of passengers at Poland’s busiest airport last month, according to the chief executive of Polish national carrier LOT.

An attack on the IT network of LOT airline saw at least 10 flights grounded, in one of the first reported cases of hackers causing cancellations.

Poland’s domestic intelligence agency said it had been called in to investigate, but it is still unclear who conducted the attack, which disabled LOT’s system for issuing flights plans.

“This is an industry problem on a much wider scale, and for sure we have to give it more attention,” LOT chief executive Sebastian Mikosz said. “I expect it can happen to anyone, anytime.”

The airline said there was never any danger to passengers from the attack since it did not affect systems used by aircraft while in the air.

About 1,400 passengers were stranded at Warsaw’s Chopin airport when the flight plan system went down for about five hours on 21 June. Flights were taking off and landing as scheduled the following day.

System overload

Experts have said that incident was most likely a Distributed Denial of Service (DDoS) attack, where a hacker deluges an organisation’s system with so many communication requests that it overloads the server, and it can no longer carry out its normal functions.

Ruben Santamarta, a cyber security researcher, said the attack highlighted the vulnerability of passenger jets when they are on the tarmac.

Last year Santamarta gained headlines for claiming he had figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.

The attack is likely to bring renewed scrutiny to the question of whether the systems which help keep airliners safely in the air are adequately protected from hackers intent on causing havoc or even on bringing down a plane.

Cyber security expert Bryce Boland, chief technology officer at FireEye, told StrategicRISK that “the vast, complex array of systems most airlines rely on introduces new attack vectors for attackers”.

“When we turn to cyber threats in the aviation sector, it’s easy to think about airplanes hacked in the sky. A more common threat faced by the industry is targeted attacks by groups which want to stay below radar and evade detection. These cyber threat groups regularly attack airlines for national security intelligence and corporate espionage purposes. Airlines hold information which is extremely valuable to some parties.

”Then there are the operational systems used by the airlines to put crews, planes, and flight plans in place. These systems are essential to airline operation, and an outage, whether caused by hackers or IT failure, can have a direct impact on the bottom line, and undermine confidence in the carrier,” Boland said.

But without credible forensic evidence it is difficult to know what happened at LOT he added.

“Most organisations don’t have the ability to collect forensics to differentiate an attack from an administrative failure or an IT system glitch. Until a thorough investigation is carried out, we may never know exactly what caused the outage,” he said.