Cyberattack at Boeing Disrupts Flight Planning
Services from Boeing Subsidiary Jeppesen Affected By Ongoing IncidentA Boeing subsidiary that distributes airspace safety notices to pilots entered its second day of outages caused by a cybersecurity incident.
See Also: Understanding SEGs Evolution And Security Gaps
Jeppesen, which provides electronic notice to air mission bulletins and applications for in-flight management tasks, is "currently experiencing technical issues with some of our products, services and communications channels," as it states in a banner notice on its website.
The technical issue is a cyber incident whose nature Boeing won't disclose. Among the disruption's impacts is receipt and processing of the notices.
"At this time we have no reason to believe that this incident poses a threat to aircraft or flight safety," a company spokesperson told Information Security Media Group.
Boeing is communicating with customers and regulatory authorities and is currently working on restoring full service "as soon as possible."
Alternative sources of notice of air mission include the U.S. Federal Aviation Administration and the International Civil Aviation Organization.
The aviation sector sees is share of cyberattacks. In October, the pro-Russian political hacking group claimed responsibility for distributed denial-of-service attacks that knocked offline the public websites of several major U.S. airports.
The European Organisation for the Safety of Air Navigation in a July 2021 report found a significant rise in cyber incidents within the sector, mostly trained on airlines. "Attacks are up in all threat categories, and better reporting alone does not fully account for the 530% year-on-year rise in reported incidents," it states.
The aviation industry faces ransomware attacks at a rate of one a week, said the organization, which coordinate air traffic across Europe.
In May, Indian passenger airline SpiceJet said an attempted ransomware attack caused service delays.
SpiceJet has faced cybersecurity issues in the past. In February 2020, a security researcher brute-forced a SpiceJet system and gained access to an unencrypted database backup file that contained private information of more than 1.2 million passengers.
Boeing has also gone through its share of cyberattacks, including an infection in 2018 by the WannaCry ransomware cryptoworm. A company spokeswoman told the Seattle Times that infection had limited effect. "We deployed software patches. There was no interruption to the 777 jet program or any of our programs," she said.