The Wright brothers made history on the morning of December 17, 1903 by undertaking the first powered, sustained, and controlled airplane flight from level ground without assistance at takeoff. Ironically, less than three decades later, the first proven act of air sabotage in commercial aviation occurred. On October 10, 1933, a United Airlines flight was destroyed, with nitroglycerin probably serving as the explosive agent. Although never solved, the bombing was believed to be an act of gangland violence.

At least 86 commercial aircraft bombings have occurred since the Wright brothers made air transportation possible. The reasons have varied—from suicides, to schemes for insurance money, to assassinations—as have been the means for smuggling bombs onboard, such as an innocent passenger’s bag or installation into a laptop. And 9/11 showed us bombs are not even needed. One possessing the right evil ideological intent will find a way to turn the aircraft itself into an airborne bomb to target whatever is desired.

The airline industry has been behind the learning curve while trying to stay ahead of new bombing tactics. But would-be bombers have a tremendous advantage, as they obviously have no concern about how many innocent lives are lost to achieve whatever their goal may be.

The industry remains behind today as the next phase of commercial aviation terrorism is evolving with minimal focus on an appropriate solution. And, just like drones have introduced a radical change in warfare by which the attacker can be thousands of miles away from his target, such an advantage is already partially in the hands of the terrorist.

Like the industry has shown numerous times in its history, it often awaits a tragedy to implement a solution. But, while previous bombings have allowed for such solutions to be implemented relatively quickly, the next phase of terrorism will give the terrorist an advantage in possibly shutting down the industry, since a solution requires a longer reaction time.

Although no danger was posed to air travelers, we just recently saw an example of how the long arm reach of the terrorist is possible. Alarming security gaps were demonstrated as pro-Hamas hackers exploited critical infrastructure vulnerabilities, taking control of airport loudspeaker systems in the U.S. and Canada. They used such access to broadcast anti-U.S. and anti-Trump propaganda.

It obviously was disconcerting to those in the terminals who were soon to be airborne. However, it did provide a taste of what kind of future terrorist threat lies ahead—i.e., a 9/11 in which the terrorist need not be onboard the aircraft but is thousands of miles away, having hacked access to its data systems while in flight. Imagine passengers onboard a plane enjoying its entertainment system when a message suddenly flashes across their screens, “We are (a terrorist group) and now have control of this aircraft.”

Only time will tell whether such a capability to wrestle the control of a plane away from its pilots can be developed—but it remains a potential reality. However, such control may not even be necessary as merely disrupting pilot communications or the aircraft’s navigational system may suffice. Independent of the control issue, the panic and loss of public confidence in flying that such an incident creates would have significant economic and psychological impact on the industry.

Interestingly, while the aviation industry currently mandates no such cybersecurity defensive capability, it is heading in that direction as the threat of cyberattacks on commercial aircraft is no longer theoretical. Yet, most airlines are not taking adequate steps to strengthen their cybersecurity posture. Many prefer to ignore dealing with the issue due to perceived challenges of complexity presented by “flying networks” of digital systems and the cost of doing so.

For the most part, each new layer of security in the aviation sector—from metal detectors and baggage screening to reinforced cockpit doors and behavioral profiling—evolved only after disaster struck. Sadly, the industry has always been reactive, not proactive, and human nature seems to find denial easier than preparation. We are at a point where the aviation industry must embed cyber resilience as a core safety principle–on par with physical security and flight operations.

But some perceptive companies have begun exploring cybersecurity solutions. Among these is a leading aviation security company known as Cyviation. It is a jointly-owned U.S. and Israeli company that has clearly demonstrated its qualifications as it recently partnered with Boeing Company to cyber-protect its aircraft.

Cyviation’s solution directly monitors and assesses an aircraft’s internal communications systems, identifying vulnerabilities in flight—both of a critical and non-critical nature. It provides real-time evidence-based monitoring that will not compromise the aircraft’s airworthiness. No other company has the capability to locate cybersecurity “holes” within a plane’s infrastructure that a terrorist might penetrate to disrupt its flight.

Probably the only U.S. aircraft having such a cybersecurity defensive capability are Air Force One and Two. A comparable level of protective capability must be brought to our commercial and business aviation fleets before a terrorist group makes a technological breakthrough that will totally disrupt the industry. We can ill afford waiting for another Lockerbie or 9/11 to implement it.

Image generated by ChatGPT.