Cyberterrorism: combating the aviation industry's vulnerability to cyberattack.

• Author: Schmidt, Andrew V.

1. INTRODUCTION

   "Warfare has always been an evolving concept." (1) Warfare continues to mold the international community, yet the leading forces behind this constantly evolving concept do not solely include "economic, social, or moral" implications; rather, the strongest force is the advancement of wartime technology. (2) For generations, state and non-state actors have researched and tested technological vulnerabilities either to counter or exploit weaknesses. (3) Today, our generation faces the malicious intent of international state and non-state actors that are willing to exploit advancing computer technologies. (4) President Barack Obama has emphasized that state and non-state actors are capable of compromising aviation security: "We know hackers steal people's identities and infiltrate private e-mail. ... Now our enemies are also seeking the ability to sabotage ... our air traffic control systems." (5)

   This Note examines the threat that the international aviation community faces, concludes that a comprehensive legal framework directing attention to the aviation industry is necessary, and offers suggestions to prevent a "cyber Pearl Harbor" or another similar-to (9) / (11) terrorist event. (6) Part II highlights data security protection and cyberwarfare threats that have triggered critical concern for various industries, including business, government, and transportation; moreover, Part II discusses the emergence of the International Civil Aviation Organization (ICAO) and its role in the international community. (7) Part III evaluates aviation vulnerabilities, focusing on the unique and highly complex system encompassing the aircraft, air traffic management (ATM), and ground or satellite stations that feed data through this cycle; additionally, Part III highlights the strong influence that the United States' Federal Aviation Administration (FAA) has on the international aviation community. (8) Part IV argues that substantive cybersecurity measures must be implemented to counter the aviation network's vulnerabilities and to thwart state and non-state actors intending to disrupt global aviation security. (9) Part IV further provides that the ICAO's leadership is pivotal in implementing a cybersecurity taskforce to enhance international security, provide strategic relations, and offer recommendations to fight in the twenty-first century's cyberwarfare. (10) Finally, Part V emphasizes the necessity of a cybersecurity taskforce as innovative technologies are introduced into the aviation community, thereby increasing the risk of cyberattack. (11)

2. HISTORY

   1. The Cyberthreat to Various Industries

      1. Background on Cybercrime

      A challenge exists in developing an appropriate lexicon for cyberterrorism, because a universal definition has not yet been adopted. (12) The term "terrorist" is used to identify "revolutionaries who seek to use terror systematically to further their views or to govern a particular area." (13) Terrorists have evolved with the advancement of technology to adapt to cyberterrorism-a distinct type of terrorism that involves an immediate threat because of the international community's dependence on technology; although cyberterrorism might not be recognized to threaten our physical state, it can wreak havoc and chaos in various industries. (14) The Center for Strategic and International Studies (CSIS) has defined "cyberterrorism" as "the use of computer network tools to shut down critical national infrastructures ... or to coerce or intimidate a government or civilian population." (15) Another interpretation of cyberterrorism involves the utilization of computers to cause significant bodily harm or death, or to incapacitate critical infrastructure that may jeopardize human lives. (16)

      After 9/11, security experts and politicians have warned about the threat that cyberterrorists could "hack[ ] into government and private computer systems [to] crippl[e] the military, financial, and service sectors of advanced economies." (17) Cyberterrorists have utilized the Internet to demonstrate their power, intending to interfere with technological systems, i.e., computer and telecommunication services, to cause widespread disruption, and to cause the public to lose confidence in the government's ability to operate effectively. (18) The cyberterrorism threat is so severe that President Obama stated it as one of the biggest national security concerns and that the U.S. government has been preparing "for a possible doomsday scenario if hackers can successfully penetrate government and business computer systems. ..." (19)

      1. Cybercrime Against Businesses

         Cybercrime is a rapidly developing international issue involving criminals who take advantage of the "convenience and anonymity of the Internet to commit a [broad] range of criminal activities. ..." (20) The International Criminal Police Organization (INTERPOL) divides cybercrime into two broad areas: (1) "attacks against computer hardware and software"; and (2) financial crimes. (21) In recent years, cybercriminals have developed sophisticated ways to attack computer hardware and software of businesses and financial institutions. (22) Financial institutions are prime targets for cybercriminals, because with minimal effort using a computer, malware can easily infiltrate into banks' internal computers. (23) Cybercriminals are increasingly becoming attracted to small businesses because they are generally more vulnerable than larger businesses. (24) As large enterprises increase and strengthen their cybersecurity infrastructure, less-secure small businesses become more desirable to cybercriminals intending to attack intellectual property, unprotected credit card numbers, or unsecured computers. (25)

      2. Cybercrime Against Governments

         International governments are particularly at risk of falling victim to cyberattacks. (26) Cybercriminals are striving to develop and strengthen techniques, focusing less on stealing financial information and more on spying and infiltrating government systems. (27) Cybercriminals have evolved their online arsenal to wreak havoc on government entities. (28) Richard Clarke, formerly a U.S. White House staff member who was head of cybersecurity and counter-terrorism, remarked, "that a full-scale cyber attack [sic] on a country's important infrastructure, such as military email systems, air traffic control systems, financial markets and utilities could have an unprecedented long-term effect." (29) For instance, the U.S., Canadian, Estonian, and Georgian governments have been targeted through cyberespionage. (30) This new domain of warfare through cyberspace just recently emerged in the twenty-first century whereby no land, sea, air, or space combat would apply and, therefore, governments have had to respond to cybercrime in unique defensive manners. (31)

      3. Cybercrime Against the Transportation Industry

         Cybercriminals are members of a versatile group that is always searching for innovative ways to expose vulnerabilities. (32) A group of prominent security professionals and hackers has suggested that the automobile industry should improve its vehicle security. (33) As with the automobile industry, the railroad industry is another line of business that cybercriminals target. (34)

         Additionally, the maritime sector is particularly vulnerable to cyberattack-for instance, a cyberattack has the potential to "disrupt[] the navigation of large cruise" and cargo ships that "could ... lead to horrific loss of life and significant property damage." (35) Much like the maritime sector, the airline industry faces a threat whereby ATM, airports, satellite communications, and airplanes are all vulnerable to cyberattack. (36)

   2. Aviation Industry's Approach to Cybersecurity

      1. The International Civil Aviation Organization

         In December of 1944, the United States hosted the Convention on International Civil Aviation, known as the Chicago Convention, at which fifty-two nations met to create a plan for international cooperation in air navigation. (37) The Chicago Convention's purpose was to promote coordination among the international community to achieve uniform regulations and standards for the postwar era civil aviation. (38) The Chicago Convention led to the Provisional International Civil Aviation Organization and finally to the ICAO. (39)

         The founding fathers of the ICAO set a forewarning that civil aviation may lead to abuse and threats and therefore, the ICAO was organized to promote coordination among nations for society's benefit. (40) Even before the ICAO's establishment, the Convention on International Civil Aviation concluded in its Preamble that governments settled on implementing certain standards to ensure the safety of civilian passengers and, as a whole, the civil aviation community. (41) After the ICAO's founding, it implemented a Technical Co-operation Programme designed to guide States, the private sector, and donors in issues dealing with ensuring a safe civil aviation community. (42) Today, the ICAO interacts with 191 Member States and global aviation organizations in creating international Standards and Recommended Practices (SARPs) that state actors refer to when formulating legally enforceable standards and regulations. (43)

      2. A Vulnerable Aviation Industry in Today's Cybercrime Environment

         Former U.S. Secretary of Defense Leon Panetta, argued that the United States must improve its cyberdefenses during the current pre-9/11 stage. (44) The terrorist attacks of September 11, 2001, which theorists categorize as a "Black Swan event," involved a devastating attack on the aviation industry that continues to reestablish itself from the tragedy. (45) Warning that another similar 9/11-event will occur in the near future does not necessarily mean that the aviation industry will be the prime target; rather, if a similar 9/11-type event were to occur in cyberspace, the aviation industry could likely be the target. (46) Cybersecurity is a...