18 April 2016

Swedish air controllers debunk cyber attack disruption theory Solar storms blamed for outage


http://www.theregister.co.uk/2016/04/15/sweden_air_traffic_cyberattack_debunked/
15 Apr 2016 at 19:20, John Leyden
Sweden's civil aviation administration (LFV) has concluded that radar disruptions that affected services in Stockholm and Malmö last November were down to the effects of a solar flare, scotching rumors reported by El Reg and others earlier this week that a hacker group linked to Russian intelligence might be to blame.
Radar stations were not relaying the correct data to air traffic control during the afternoon of November 4, prompting controllers to switch over onto a different way of managing the aircraft, and to restrict the number of planes allowed into Swedish airspace. The disruption lasted for around 90 minutes.

An investigation by LFV did consider the possibility that a cyber attack against the system might be behind the disruption, but this theory was quickly discounted by aviation experts.
"Early on in our investigation we had this as one ... hypothesis," said Ulf Thibblin, technical director at LFV in an official statement.
"But there was nothing in our radar data or internet traffic logs to support or confirm a possible cyber attack. Also, we had the relationship in time [translation problem –ed] with space weather, plus there were a few more technical reasons which excluded a cyber attack," he added.
Political cynics may say never believe anything until it's officially denied, but it's more honest to admit a lapse in our normally skeptical perspective on anything that smacks of cyberwar hype. Norwegian blogger site aldrimer.no, the original source, based its story on a single unnamed NATO source, who said that although a solar storm was blamed even at the time, behind the scenes the Swedes were notifying NATO about a serious, ongoing cyber attack.


The Swedes suspected the hacks were the work of an elite hacking crew linked to the Russian military intelligence service GRU (Main Intelligence Directorate). This rumor, though plausible, has now been debunked even though the broader issue of electronic warfare – and even the possibility of cyber attacks against air traffic control systems – can't be so easily dismissed.

Elements of electronic warfare that involve disrupting enemy radar coverage have become a common tactic of more advanced military powers at time of war. Typically, jamming signals are transmitted from specialist aircraft flying at high altitude within a theater of military operation. The disruptive signals in this case reportedly emanated from the Russian enclave of Kaliningrad, between Poland and Lithuania on the Baltic Sea.

That's 490 km from Malmo, a factor which might make it difficult to launch an attack from the ground.

Cyber attacks on air traffic control systems are trickier, but by no means implausible. Israeli forces are credited with hacking into Syrian air defense systems during a September 2007 raid, in one of the best documented examples of the use of the tactic to date.

Although segmented and perhaps in theory even disconnected from the internet for more critical systems, the computer networks that support air traffic control likely have internet breakout points. This is as true for Sweden as it is elsewhere in the world.

UK Chancellor George Osborne specifically named air traffic control, electricity supply and hospitals as vulnerable to online attack during a speech delivered during a visit to GCHQ last November, perhaps coincidentally days after the supposed attack in Sweden. ®

No comments: