Could your plane be hacked?

Story highlights

  • Bruce Schneier says plane being hacked is not his biggest concern
  • As computers key to infrastructure become connected, vulnerability to cyberattack grows, he says
  • Schneier: We have to build security into everything that is going to be connected to Internet

Bruce Schneier is a security technologist and author. He is the chief technology officer of Resilient Systems, and his latest book is "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World." He blogs at schneier.com and tweets @schneierblog. The views expressed are his own.

(CNN)Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It's certainly possible, but in the scheme of Internet risks I worry about, it's not very high. I'm more worried about the more pedestrian attacks against more common Internet-connected devices. I'm more worried, for example, about a multination cyber arms race that stockpiles capabilities such as this, and prioritizes attack over defense in an effort to gain relative advantage. I worry about the democratization of cyberattack techniques, and who might have the capabilities currently reserved for nation-states. And I worry about a future a decade from now if these problems aren't addressed.
    Bruce Schneier
    First, the airplanes. The problem the GAO identifies is one computer security experts have talked about for years. Newer planes such as the Boeing 787 Dreamliner and the Airbus A350 and A380 have a single network that is used both by pilots to fly the plane and passengers for their Wi-Fi connections. The risk is that a hacker sitting in the back of the plane, or even one on the ground, could use the Wi-Fi connection to hack into the avionics and then remotely fly the plane.
    The report doesn't explain how someone could do this, and there are currently no known vulnerabilities that a hacker could exploit. But all systems are vulnerable -- we simply don't have the engineering expertise to design and build perfectly secure computers and networks