The investigation of the disappearance of Malaysian Flight 370 is raising issues that are very similar to those considered in cybersecurity cases: the insider threat, deleting potentially key data from a computer, failure to share critical information and even corruption of the supply chain.
See Also: Secure Access in a Hybrid IT World
Some have raised suspicions about insiders, namely the two pilots: Capt. Zaharie Ahmad Shah, 53, and co-pilot Fariq Abdul Hamid, 24. Malaysian police determined that some data on a computer system used as a flight simulator in Shah's home was erased on Feb. 3, more than a month before the flight. Malaysian authorities have asked the FBI to try to recover the missing data. And the FBI says it appears highly likely it will be able to retrieve the deleted material, according to news reports.
As with many cybersecurity incidents, it appears that in the case of the missing airliner, there was a failure to share key information that could help mitigate the problem.
In the case of Flight 370, a transponder that signals to ground controllers the location and speed of the aircraft apparently was turned off or otherwise disabled, suggesting that one of the pilots - an insider - did it. Similarly, experts believe someone - again, perhaps one of the pilots - reprogrammed the flight path in the aircraft's flight management system to veer the Malaysian jetliner away from its original destination of Beijing toward the Indian Ocean.
Could implementing a two-person rule where the pilot and co-pilot each must approve such changes prevent such acts? The NSA, for instance, is implementing a two-person rule that requires two individuals with security clearances to approve access to classified material to prevent a future Snowden-like leak. But such a requirement 35,000 feet in the sky isn't worth the risk. What if one of the two pilots became disabled?
Failure to Share Critical Information
As with many cybersecurity incidents, it appears that in the case of the missing airliner, there was a failure to share key information that could help mitigate the problem. More than a week after Flight 370 went missing, Thailand's Air Force said it might have detected the missing plane on its military radar minutes after the aircraft's communications went down.
And as I alluded in my most recent blog, Hacking a Boeing 777, supply chain risks exist that could introduce vulnerabilities into an aircraft's IT systems. Whether at five miles in the sky or at sea level, computer components purchased from vendors could be corrupted to alter systems that create an undesirable or dangerous environment.