Researchers seek to build cyber-attack resilient passenger air networks

Airplane superimposed over digital scheduling display


As Americans prepare to come together this Thanksgiving, the threat of travel disruptions looms a little heavier than usual due to a recent spate of mass flight delays and cancellations.

JetBlue canceled hundreds of flights in September due to unspecified issues, Spirit Airlines blamed a staff shortage for thousands of cancellations in late August, and most recently Southwest canceled some 2,000 flights across the country due to inclement weather and staff shortages.

Canceled flights can cause more than just temporary frustration. They can lead to any number of disruptions in a person’s life including financial hardships and emotional distress. Multiply that by the thousands, add the havoc mass flight delays can wreak on critical supply chains, and the negative ripple effects of just one airport or airline being shut down for only a matter of minutes can impact the entire country.

Unfortunately, our enemies know this. The growing threat of attacks against critical infrastructure that come from inside computers as opposed to exterior forces has become a major concern for travelers, government officials and airlines alike.

Dr. Skanda Vivek, assistant professor of physics at the School of Science and Technology at Georgia Gwinnett College (GGC) teamed up with Dr. Charles Harry, an associate research professor in the School of Public Policy at the University of Maryland, to conduct a research study to better understand those threats in order to mitigate them.

Their findings, published in the 2021 13th International Conference on Cyber Conflict (CyCon), shed some light on the vulnerability of U.S. airlines and airports to cyberattacks, and offers a framework for assessing these threats.

“We wanted to understand which events generate the greatest concern for national operators and policymakers,” said Vivek. “To do this, we used detailed flight data from the Bureau of Transportation Statistics (BTS) to answer the research question: ‘How do you quantify strategic effects of cyber-attacks on airports, airlines or key vendors that disrupt portions of the passenger air network?’”

Vivek and Harry simulated scenarios wherein hackers impact flights to cause loss of air network capacity and propagate delays, specifically looking at regional versus national disruptions stemming from attack scenarios.

“We all know that cyber risk in complex systems is a public concern,” said Harry during a presentation of the paper at the13th International Conference on Cyber Conflict (CyCon 2021) organized by NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in May. He noted the ransomware attack of Colonial Pipeline in May shed a new light on just how disruptive a cyber-attack can be, and got the attention of the highest official’s in the U.S. administration. “[And] this is not necessarily just for the U.S., but any nation around the world. Cyber-attacks have been affecting air infrastructure, certainly over the last ten years. We’ve seen attacks in Poland, Sweden and the Ukraine, to name a few.”

Pic of research

Scenario analysis of cascading delay disruptions from a simulated attack on Atlanta Hartsfield-Jackson airport. Duration of the attack: 8-9 a.m. EST on Dec. 1, 2019.

Vivek and Harry’s research revealed the effects of attacks on three different stakeholders: airports, airlines and third-party vendors.

Their research found that airlines have a greater capacity to cause national disruptions than airports. For instance, taking down Southwest airlines alone could generate twice the national disruption as taking out Hartsfield-Jackson in Atlanta, the largest airport in the country.

But what really surprised them was that the greatest threat did not come from attacking the computer systems of airlines or airports, but of third-party vendors. 

Harry offered a sobering example of this:

AeroData, a German firm that is used by Delta, Southwest, United, American, Alaska and JetBlue to determine a plane’s weight and balance data, which is necessary for takeoff, experienced a brief software glitch in their system on April 1, 2019. That one glitch resulted in 36% of the entire U.S. weighted air capacity being grounded for 40 minutes.

“That really underscores the importance of looking at third-party vendors,” said Harry. “If you are interested in understanding national cyber risk to airports, it is largely driven by them. There are a handful of vendors that are interconnected across the range of commercial aircraft and companies that, if they are taken down, have a propagation effect that could generate substantially large losses of capacity across the entire country.”

Vivek and Harry hope that their findings will bring a better understanding to these threats, in turn enabling policy makers to take informed measures to mitigate them.

Both noted that, for a cybercriminal to inflict the most possible damage – details matter. What airline, what vendor, and even what day and time could drastically change the effect of an attack. That’s why it’s important for us, the good guys, to pay attention to those details as well. Their research will make that easier, keeping us one step ahead of the bad guys, and putting us safely in the arms of our loved ones for the holidays.

Return to News and Events

View our News Archive by Year