LA air traffic control outage highlights cyber security concerns

On April 14, 2014, misinterpreted data from a U-2 spy plane flying on the edge of space over southern California caused ATC systems, and consequently LA Center to shut down for about an hour. During that time, flights weren't allowed to enter the local airspace, resulting in numerous cancellations, delays, and diversions affecting area airports including LAX, Burbank, Ontario, Orange County, and others. Nontrivial when you think of the business cost and inconvenience to passengers. Whether safety was compromised or not is debatable, though I'd argue that any time normal ATC operations are disrupted, there's going to be a higher risk of collisions and crashes. This time, happily, no one was hurt. Apparently the ATC system in operation at LA Center, which is called ERAM and is supposedly "next-gen", wasn't able to determine the U-2's altitude, because that information wasn't filed in its flight plan (not too surprising because the U-2 is a spy plane ... it's supposed to operate in secret, although I don't know exactly what information about secret military flights is customarily disclosed to ATC). In any case, the U-2 cruises much at a much higher altitude, 60,000 feet and up, than commercial airliners which top out at around 45,000 feet.

When the U-2 entered SoCal airspace, ERAM detected it and tried to prevent all aircraft at all altitudes from colliding with it by calculating all of their possible flight paths. That's a lot of number crunching, apparently more than the system was set up for, and it ran out of memory and crashed. ERAM, that is, not the U-2.

It sounds pretty basic to me that ERAM would be able to figure out that the U-2 was so far above all of the other traffic that it needn't worry, but hey, all systems have design flaws. The problem with a critical infrastructure support system such as ERAM having design flaws is that those flaws could put lives at undue risk.

This is also true of other critical infrastructure segments, including food, water, energy, transportation, manufacturing, defense, emergency services, and health care. In these spaces, maintaining safety and trust isn't just about good security: it's equally affected by how well basic IT management functions like capacity planning and exhaustive testing are done.

That said, the U-2 incident has also highlighted the issue of cyber security in ATC systems. Security researcher Dan Kaminsky, is quoted in the Reuters article that initially reported the incident as saying "If it's now understood that there are flight plans that cause the automated system to fail, then the flight plan is an 'attack surface" - referring to the possibility of malicious hackers doing a denial of service attack by injecting bogus flight plan data into the system.  ATC cyber security is clearly an area that needs serious executive attention, along with, apparently, capacity planning and testing. Whether they're getting that attention or not remains to be seen. One incident like this, while noteworthy and instructive, isn't enough to conclude that the system isn't adequately secure. But it is enough to draw attention to the risk, which is a good thing as long as it gets addressed.

(Via Reuters and Security is Sexy)