Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack Grounds Planes In Poland

Posted by Soulskill on from the upgrade-your-ICE dept.

itwbennett writes: While the alleged hacking of in-flight systems has been much discussed recently, "there are many more areas of vulnerability to address in the aviation industry," says Tim Erlin of security firm Tripwire. "Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems." Case in point: LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw's Chopin airport on Sunday after hackers attacked its ground computer systems.

6 of 40 comments (clear)

  1. That's enough! by Anonymous Coward · · Score: 4, Funny

    No more general purpose computers for the public! Appliances are enough for the ordinary citizens. We also need a programmers' register so that anyone developing software may be audited at any moment. Possession of programming tools without authorization must be punished with a 10 years sentence at a minimum. No debate.

    1. Re:That's enough! by bobbied · · Score: 4, Insightful

      how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.

      Even if the PHB makes you do it?

      In my experience, it's not the IT guy that is responsible, it's the PHB who doesn't understand the risks, doesn't take the IT guy's advice or provide the necessary resources to do the job safely, they just want it done NOW!

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:That's enough! by Rich0 · · Score: 3, Interesting

      I'm not saying it is the right solution, but in many areas the individual is responsible.

      If an airline tells a pilot to fly more than the legal number of hours in a week or they're fired, the pilot still loses his license if he complies. Of course, if they instead call the local regulator I suspect the airline will get a nasty visit from an inspector.

      Engineers are legally liable if they sign off on an unsound building, regardless of the instructions of their employer.

      The EU requires an EU citizen to sign off on the quality of imports of stuff like medical devices and if there is a problem they can go to jail. It is their responsibility to ensure that whoever they're working with is getting audited to ensure they are in compliance.

      So, there are many areas of the economy where safety is critical and the solution is to make a particular individual personally criminally liable. It forces the buck to stop somewhere. That person is supposed to get a lot of clout with the regulators as well when they feel they're pressured to cut corners.

  2. Soviet-era edit by xxxJonBoyxxx · · Score: 4, Funny

    >> Cyberattack Grounds Planes In Poland

    I'm old enough to have skimmed that as: "Cyberattack Grounds Poland's Plane"

  3. Poland by zlives · · Score: 5, Insightful

    probably should declare war on terrorism or just fire the guy who tripped over the switch's power cord, causing network loss... yes this statement has the same veracity without details.

  4. DDoS prevented submitting flight plans. by Moskit · · Score: 3, Informative

    Based on rumours so far it seems that:
    - the attack was not infiltration but DDoS,
    - it prevented transmitting flight plans to European authorities,
    - without submitting flight plan it is not allowed to take off on formal basis. Nothing technical.

    Still unclear on which part of the system got knocked out, as we would suppose some good dedicated link for submitting of flight plan information from airline.