Motherboard obtained documents from DHS through a Freedom of Information Act request that give some insights to the DHS operation. The documents detail DHS' efforts since 2016 to try to solve the problem of the cybersecurity vulnerabilities on airplanes and the work of the multi-agency team established to find and eliminate weaknesses.
It's a pressing issue, as there are about 23,911 commercial flights transporting some 2.3 million passengers each day in the United States. Beyond the obvious national security threat, there's an economic one: civil aviation accounts for 5.1 percent of the United States' gross domestic product.
According to DHS, mitigating a hacking attack against an object that moves can be a lot more challenging than thwarting one against computers that remain stationary.
But it can be done.
After DHS created the unit in 2016, its team of government, aviation industry and academic researchers demonstrated that commercial aircraft can be hacked remotely. Many of the details of the 2016 hack are classified, but it is known that the hacked plane's software was penetrated through radio frequencies and a piece of hardware that can get by the watchful eyes of airport security, Robert Hickey, aviation program manager at DHS' Science & Technology Directorate told Motherboard. The team was able to hack the plane two days after getting access to it.
Hickey announced the successful hack of a Boeing 757 parked at an airport on November 8 at the 2017 CyberSat Summit.
DHS didn't stop there, though. One slide among the documents obtained by Motherboard indicates that DHS was able to "establish actionable and unauthorized presence on one or more onboard systems," but also that it was "unable to penetrate via selected access vector." It is uncertain what that could mean, but it may be that the hack worked even if it didn't go exactly as planned.
It's unknown how many planes DHS has been able to hack, but according to the documents they're planning to stop trying to penetrate airliners at some point and start developing ways to stymie others from doing so.