Dem introduces bill to set airline cyber defense rules

Dem introduces bill to set airline cyber defense rules
© Greg Nash

Sen. Ed MarkeyEd MarkeyEquilibrium/ Sustainability — Presented by NextEra Energy — Olympics medals made of mashed up smartphones Lawmakers urge Biden to make 'bold decisions' in nuclear review OVERNIGHT ENERGY: Democrats lay out vision for Civilian Climate Corps | Manchin to back controversial public lands nominee | White House details environmental justice plan MORE (D-Mass.) on Thursday introduced a bill to create strict cybersecurity standards for the aviation industry as it increasingly becomes a target for hackers and cyber spies.

The legislation follows up on Markey’s investigation into the security practices of airlines and airplane manufacturers, which he launched in December.


“As technology rapidly advances to keep passengers and planes connected, we must ensure that the airline industry is vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” said Markey, a Commerce Committee member.

Markey’s bill, the Cyber AIR Act, would direct the Federal Aviation Administration (FAA) to establish digital security guidelines for the airline industry, while also ordering all airlines to disclose cyberattacks to the government.

“We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems,” the Massachusetts Democrat said.

The spreading adoption of digital features on planes such as on-board Wi-Fi has also generated some hand-wringing among security specialists.

The Cyber AIR Act would direct the FAA to conduct a report studying the vulnerabilities that consumer Wi-Fi introduces on airplanes.

Markey timed his bill’s release to coincide with the full Senate’s consideration of the FAA reauthorization measure, which contains cyber provisions backers say are a good step toward bolstering the industry’s digital protections.

Lawmakers are responding to the rapid rise of cyberattacks targeting the aviation industry.

In 2015 alone, digital attackers infiltrated the U.S. air traffic control system, forced airlines to ground planes and potentially stole the detailed travel records of millions of people.

Markey responded to these incidents by launching his inquiry into the digital security programs at 12 airlines and two aircraft manufacturers.

Seven airlines responded individually, while five — including United and American Airlines — responded via a collective letter from their trade organization, Airlines for America.

Their answers speak to a need for legislative action, Markey said.

Airlines are under “frequent attempted infiltrations,” although “none have reported any successful attempts,” according to a summary.

However, the inquiry found cybersecurity testing was conducted “unevenly” across the industry, and that collaboration with government on digital security was “inconsistent.”

Government-set metrics are needed to help resolve these issues, Markey said.

“We must continually bolster the standards and practices of the airline industry to ensure the safety and security of passengers on board commercial aircraft,” he said.