Cyberattacks against some of the nation’s largest airports have been traced to operatives within the Russian Federation. As a result, several airport public-facing web sites, including those at New York LaGuardia, Chicago O’Hare, Hartsfield-Jackson International and Los Angeles International were all affected. In all cases, the web sites were restored, with no impact on airport operations or security.
Critical infrastructure like airports, the financial system and the power grid provide services that impact millions of people every day. When cyberattacks impact such infrastructures, people notice and begin to question their personal safety and security. This is true even if the attacks do not directly impact or penetrate the services provided, only making superficial dents on hardened cybersystems.
Credit: UI Public Affairs: L. Brian Stau
Credit: UI Public Affairs: L. Brian Stau
Russia has been critical of the American’s efforts to thwart their attacks in the Ukraine. With the United States providing significant military aid, Russian advances have been slowed, and in some cases, completely thwarted. After almost eight months of war, Russia has little to show for their aggression. Economic sanctions have also been levied that have hurt the Russian economy. It remains to be determined whether the cyberattacks were retribution for all such efforts.
So what should people think? What will be the next cyberattack to be concerned about? Will the nation’s financial system be next? How about the food supply?
Before making speculative leaps into a quagmire of anxiety and fear, realize that the airport system attacks are likely the best efforts that the cyber attackers could muster. If they could have penetrated air traffic control or the Transportation Security Administration, they likely would have. Such attacks would have been far more disruptive and impacted many more people. What was attacked was nothing more than outwardly focused websites that have no direct influence on airport operations or security.
These peripheral website attacks achieved little more than inconvenience to anyone attempting to use the site to gain flight or airport information. Their most damaging aspect was the perception that they created.
The cyber space is the new military battleground. Battles are being waged every day, whether they are phishing attacks to gain personal or financial information from unsuspecting users, or ransomware attacks on organizations for financial gain.
The cybersecurity industry has grown into a multibillion-dollar industry. As more bad actors attempt to infiltrate cyber systems, cyber protections continue to evolve, attempting to stay one step ahead of the perpetrators.
The recent airport website cyberattacks illustrate several possible scenarios.
One possibility is that this is the best that the cyber criminals were able to achieve, and hope to observe the reactions and responses. If that is the case, then the cyber protections in place are amply hardened to neutralize such bad actors.
Another possibility is that this attack represents a diversion for something more egregious that is in the works. This should keep all critical infrastructure systems in a constant state of vigilance for the foreseeable future.
Any time a cyberattack is made, the cyber terrorists reveal something of themselves. There are no free lunches with such events. Whether it be their identity, their sources, or their strategy, cybersecurity intelligence has gathered significant information that will invariably lead to better protection in the future.
The good news about the recent attack is how feeble it was, and the information it revealed about the perpetrators.
What will come next is anyone’s guess. Most importantly, remaining vigilant, communicating clearly and quickly if another attack occurs, and responding appropriately, will all ensure that everyone remains safe. This is sound advice under any set of circumstances.
Sheldon H. Jacobson, Ph.D., is founder professor of computer science at the University of Illinois.
More on cyberattack against Hartsfield-Jackson airport
The Atlanta Journal-Constitution’s Kelly Yamanouchi reported Monday that our airport was affected by the cyberattack. She wrote:
Hartsfield-Jackson International Airport’s website was temporarily down and displayed an error message for a period on Monday morning, amid reports of a hacking group targeting airport websites around the country.
The outage did not affect airport operations, according to an airport spokesman. Some travelers use Hartsfield-Jackson’s website for information on airport parking lots and concessions, along with links to security wait times and other resources.
The U.S. Cybersecurity & Infrastructure Security Agency issued an alert earlier this year saying Russia’s invasion of Ukraine could expose organizations to increased malicious cyberactivity. It said Killnet, a pro-Russian hacking group, claimed credit for carrying out a cyberattack against a U.S. airport in March 2022 in response to U.S. support for Ukraine.
Hartsfield-Jackson said it is investigating the cause.
