Sen. Ed Markey
(D-Mass.) on Thursday introduced a bill to create strict cybersecurity
standards for the aviation industry as it increasingly becomes a target
for hackers and cyber spies.
The legislation follows up
on Markey’s investigation into the security practices of airlines and
airplane manufacturers, which he launched in December.
y’s bill, the Cyber AIR Act, would direct the Federal
Aviation Administration (FAA) to establish digital security guidelines
for the airline industry, while also ordering all airlines to disclose
cyberattacks to the government.
“We know that terrorists
and others that mean to do us harm will try to exploit any loophole or
technological advance in our transportation systems,” the Massachusetts
Democrat said.
The spreading adoption of digital
features on planes such as on-board Wi-Fi has also generated some
hand-wringing among security specialists.
The Cyber AIR
Act would direct the FAA to conduct a report studying the
vulnerabilities that consumer Wi-Fi introduces on airplanes.
Markey
timed his bill’s release to coincide with the full Senate’s
consideration of the FAA reauthorization measure, which contains cyber
provisions backers say are a good step toward bolstering the industry’s digital protections.
Lawmakers are responding to the rapid rise of cyberattacks targeting the aviation industry.
In
2015 alone, digital attackers infiltrated the U.S. air traffic control
system, forced airlines to ground planes and potentially stole the
detailed travel records of millions of people.
Markey
responded to these incidents by launching his inquiry into the digital
security programs at 12 airlines and two aircraft manufacturers.
Seven
airlines responded individually, while five — including United and
American Airlines — responded via a collective letter from their trade
organization, Airlines for America.
Their answers speak to a need for legislative action, Markey said.
Airlines
are under “frequent attempted infiltrations,” although “none have
reported any successful attempts,” according to a summary.
However,
the inquiry found cybersecurity testing was conducted “unevenly” across
the industry, and that collaboration with government on digital
security was “inconsistent.”
Government-set metrics are needed to help resolve these issues, Markey said.
“We
must continually bolster the standards and practices of the airline
industry to ensure the safety and security of passengers on board
commercial aircraft,” he said.