Omar Espinoza (L) and Gabrielle Wells, students at Embry-Riddle Aeronautical University in Daytona Beach, Fla., work in the avionics laboratory in October. Photo by Paul Brinkmann/UPI
ORLANDO, Fla., Feb. 5 (UPI) -- A Florida university has started a new program to train students in how to prevent the hacking of airplane systems and devices carried by air travelers -- a growing concern, according to aviation industry experts.
The program at Embry-Riddle Aeronautical University began in the fall after the U.S. Department of Homeland Security warned that hackers who gain physical access to a plane could attach a device and possibly could cause pilots to lose control.
Cybersecurity experts said hackers also might gain access to onboard electronics by invading in-flight entertainment systems.
"Many people think that because they're flying, they're secure. They're not, and it's a growing threat" because flyers often view the airplane as a mobile office, said Neill Fulbright, an instructor of aviation maintenance science at Embry-Riddle's Daytona Beach, Fla., campus.
Embry-Riddle's new program teaches students how to apply common cybersecurity tools and strategies in an aviation setting. They also learn how to identify and block bad actors and suspicious behavior on aircraft or at aircraft facilities.
As part of the course, the students are to gain a basic understanding of laws and government policy regarding cybersecurity in the air and how data can be encrypted in flight. Coursework also describes threats faced by airport operations, airlines and manufacturers of aircraft and aviation technology.
Classes will offer insight into cybersecurity trends, how hackers identify weaknesses and how the information technology industry anticipates or responds to attacks.
"Cybersecurity experts have been working in aviation for years, but they are usually coming from pure computer science programs," Fulbright said. "With our program, they will get both aviation training and computer science."
The school's aviation cybersecurity certificate program is tailored to aircraft maintenance personnel who work on systems such as navigation, communications and collision avoidance.
"With all the networks we have on an airplane, you've got a lot of technicians who aren't trained in IT. So they are going to be tasked with installing and maintaining IT networks ... and they have to teach other people," Fulbright said.
The growing interest in avionics cybersecurity comes as business travel is booming -- expected to reach $1.7 trillion in spending by 2022, up from $1.33 trillion in 2017, according to the Global Business Travel Association.
"There's a lot of cybersecurity research and development being done in aviation now," said Guy Smith, president of the Aviation Accreditation Board International. He said the board accredits several avionics programs, but none that specifically target avionics cybersecurity.
The aviation industry has many active training programs led by companies like Honeywell and Garmin to address the threat of being hacked in flight, said Doug Carr, vice president of regulatory and international affairs at the National Business Aviation Association.
New programs by any institution are welcome, he said.
"There has been a lot of investment to make these systems nearly impossible to breach, but it's helpful to have new graduates entering the market with skills and abilities," Carr said. "We saw this after 9/11, as well, where you had institutions developing aircraft security programs."
Carr said training all employees to be aware of hacking risks is crucial, no matter where they work.
"Once you're connected to the Internet, regardless of whether you're thousands of feet in the air or in a bunker underground, you're at risk to some degree," he said.