Introduction
Air traffic control is a profession that seems to come into the public eye only when presidents slash funding or force it to change, such as when Reagan destroyed their union or when Trump promised to privatize the system. Many have assumed that the increasing prevalence of technology has rendered air traffic control relatively obsolete, but the system is as human-based as ever – with the added fact that increasing numbers of systems for this critical infrastructure technology rely on information networks, thus making them susceptible to cyberattack.
Yet because air-based infrastructures are so critical to the overall economy, the idea that this field’s deregulation could have an economic impact has been understudied. The majority of literature, as we will see, focuses only on potential scenarios from the perspective of security, rather than from an economic view. This literature review considers the relationship between air traffic control and cyber security, focusing not just on scenarios of what could happen, but the specific nature of air traffic control and how and why it is uniquely vulnerable to cyberterrorism and cyberattacks. It also considers some of the research that has been conducted on improving this overly vulnerable system. The literature review will show how poorly defended critical infrastructures create economic, as well as humanitarian, risk, and will also begin to work towards assumptions regarding the impact of the air travel and freight infrastructure on the U.S. economy. It will also show how the “unsung heroes” of this system include air traffic controllers and systems, which can far too easily be disrupted.
After the literature review, the study focuses on a prospective methodology for evaluating the potential impact of a cyberterror attack that affects air traffic control. The information will show beyond a shadow of a doubt that this type of attack would have real economic impacts, and because it is far too easy to carry out, it could become a compelling target for terrorists in the not-too-distant future.
Literature review
Transportation, in this day and age, is infinitely more complex than it was in the eras of Roman roads or Conestoga wagons heading west. The advent of air travel is an example of this complexity. Air travel connects the world as few other modes of transportation have ever been able to do. However, it also relies on an interconnected web of air traffic controllers, a formerly unionized profession that is utterly essential for the health and safety of the approximately 2,586,582 people who ride in American airspace daily (Federal Aviation Administration, 2017), as well as the people on the ground whose safety could be impacted by an air crash. Any time a plane flies, the public’s safety is in the hands of the approximately 14,000 air traffic controllers (Federal Aviation Administration, 2017). Successful infrastructure can be ignored, because if it works, people are seldom aware. For this reason, air traffic controllers, despite their critical and essential nature, are seldom as visible as other parts of the air travel infrastructure, such as security screenings, the TSA, and so on. Yet air traffic control, recently declared a target for privatization by the Trump administration, is an essential part of transportation safety. One reason for this is the growing, looming threat of cyberterrorism (Council of Europe, 2007) and the increasing importance of cyber security.
This term cyberterrorism encompasses more than the use of the Internet by al Qaeda or ISIS. Instead, it refers to the use of digital communication systems to impede security. Cyberterrorism, when it comes to air traffic control, is a sobering issue simply because of the stakes of the matter. Cyberterrorism is a means of grinding transportation and infrastructure to a halt. When it occurs on the landscape of public safety, as well as the means through which economic activity occurs, the impact can be devastating. Given the highly essential nature of air traffic control, many researchers have investigated the potential impact of a cyberterrorist attack or cyber security breach. The idea that critical infrastructures could be attacked is a very real one. Cyberterrorism more generally encompasses several different definitions. “…cyber terrorism can be classified into two major categories: conventional crimes and attacks on computer networks. Conventional crimes refer to crimes that are facilitated through the Internet. These crimes are normally conducted by single individuals or small groups of computer users. They usually target other single individuals or on occasion, particular groups or businesses” (Trihartono & Herjanto, 2014, p. 31). Although most who have been affected by cyberterrorism to date have experienced it only as the result of hacks, credit card data leaks, and the like, which is annoying and scary, but hardly a life-or-death matter, there are also compelling means by which terrorists might attack critical infrastructures, that is, those infrastructures on which essential systems depend and that could cause wide scale death or health issues if attacked. , “…cyberterrorism is a real threat and represents a continuous struggle. Cyberterrorism has the potential to compromise the oil, gas, and water utilities, as well as healthcare services, of modern societies. As critical infrastructures have become increasingly reliant on computer-based technologies and even more interconnected via the Internet, it creates both benefits and disadvantages for human communities” (Matusitz & Minei, 2009, p. 169). Although few have considered air traffic control itself, it remains a vulnerable system. Indeed, the lack of clear information or assessment of cyberterrorism on air traffic control systems constitutes something of a worrying gap in the literature.
Cyberterrorism and cyber-attacks have been theorized more often than they have been carried out. Some scenarios outlined are nightmarish: “Numerous cyberterrorism scenarios have been suggested…a cyberterrorist attacks the computer system that control a large power grid…the cyberterrorist breaks into an air-traffic control system and tampers with it…disrupts banking operations, international financial transactions and stock exchanges…many believe it is not a question of ‘if’ but ‘when’” (Denning, 2000, p. 29). Interestingly, the majority of these scenarios are fundamentally economic in nature. Although air-traffic control disruptions would be a humanitarian disaster, they also have an economic cost as well, which will be discussed later in this essay. Nevertheless, it is clear that the 2000 paper outlined some theoretical scenarios that could be transformed by cyberterrorists. This was neither the first nor the last work to consider the potential impact of cyberterrorism on operations.
One such paper, presented at a 2011 conference, explored the impact of new technology when it came to the advent of cyber security issues (Cerchio, Administration, & Riley, 2011). The authors noted that although air traffic control had benefited from these new technologies, it had created many opportunities for adverse parties to exploit security vulnerabilities. Moreover, they also noted that the majority of attention is paid to terrestrial systems rather than to air traffic systems (Cerchio et al., 2011, p. 2). The authors wrote that there are fundamental differences in these airborne systems that create inherent differences between their needs and security issues and those of other transportation systems: “Airborne network environments differ from classical terrestrial networks in that they are highly mobile, operate in multiple flight phases and interact with a diverse user base… Much of today’s cyber security research focuses on behavior of terrestrial networks and typically does not consider the differences present in an airborne environment” (Cerchio et al., 2011, p. 4). The emphasis in cyber security on terrestrial systems ignores, to its peril, the potential for airborne security breaches, as Cerchio et al. note in their report. The authors conclude by recommending that stakeholders and decision-makers “…establish a virtual space as a representation of cyber functionalities and security systems within the next generation aircraft” (Cerchio et al., 2011, p. 6). In other words, they recommend simulations and games in order to develop response strategies. This approach, they argue, will allow analysts to develop response strategies.
A 2012 journal paper acknowledged the importance of dealing with air traffic control systems from a cyber security perspective (Liu, Kwon, Aljanabi, & Hwang, 2012). These authors focused in particular on state estimators, a part of the ATC (air traffic control) system that is both essential as well as highly vulnerable “…because they directly process the raw sensor and communication data which can be directly falsified by cyber-attacks” (Liu et al., 2012, p. 1). In conversation with the recommendations Cerchio et al. outlined (2011), the authors here explored many different cases. They noted that an expansion of ATC capabilities to include digital information processing and even decision-making was likely, if not inevitable, and implemented stochastic optimizations (a kind of statistical modeling) to optimize potential issues with ATC. From a non-technical perspective, this paper offers the sobering reminder that cyber-security could take down entire airplanes and kill millions.
Zooming out to the issue of infrastructure, a speculative report in 2006 explored the relationship between critical infrastructure and security (Lewis, 2006). Although this article is old, its theoretical background remains highly relevant, especially as Lewis outlined some of the discourses surrounding cybercrime and described some of the dynamics and plans that existed in this era to proactively and preemptively ensure that terrorists do not attack critical infrastructures (Lewis, 2006, p. 10). The author also outlines the ways that cyberspace could create opportunities for preventing terrorist attacks, as well as opportunities for cyber-attacks from adverse entities such as nation-states. “Nation-states who are potential opponents may see more opportunity in cyberspace. Intelligence gathering will prompt them to penetrate U.S. computer networks. In the event of a conflict, nation-states will likely try to use the skills and access gained in intelligence operations to disrupt crucial information systems” (Lewis, 2006, p. 10). This essay underscores the absolute necessity of protecting critical infrastructure because it illuminates how the enemy is not necessarily suicidal terrorists, but also competitive nation states. Lewis also notes that despite public perceptions, the air traffic control systems are more of a patchwork of regional offices; this does not diminish the threat of cyberterrorism; if anything, it points to increased risks because some regions could more easily strip funding or reduce spending to proactively prevent attacks (Lewis, 2006, p. 10).
The air traffic control program itself is increasingly automated, partly because air travel has become much more ubiquitous in recent years (Federal Aviation Administration, 2017) and partly because the dominant thinking goes that the more systems are automated, the less likelihood there will be of errors, especially those related to fatigue (Durso & Manning, 2008). Indeed, one of the major issues with respect to air traffic control is how badly perception, memory, and other human factors can amplify small mistakes (Shorrock, 2005, 2007). The paradox of air traffic control is that while human decision-making and cognition is critical for safety, the limits of human beings ensure that there are also very compelling arguments to be made for automating systems in this field.
The literature assessed in this review points to a devastating lack of consideration for protecting air traffic controls. It also points to several unfair assumptions about these infrastructural aspects of air traffic control: It seems to be an infrastructure that is human-based and unimpeachable by systems when it is convenient for some, such as those dismissing concerns about cyberterrorism, but one that is based on critical systems and information-based technology when it is convenient for others, such as those who want to gut protections for air traffic controllers.
Moreover, this literature review has proceeded with the assumption that air traffic control is the unseen infrastructure of the airline industry. It is absolutely critical for humans, rather than computers, to direct air traffic and to do so at a high degree of safety. The value of air traffic control is such that it ensures air travel and freight are safe and cost effective. However, a cyberattack is, as we have seen, a significant and real threat. Yet it is important to put this threat in economic terms, as otherwise, few will take it seriously.
Methodology
This section draws upon various data sets regarding the economic impact of air travel and air freight. According to an industry group, airlines generate more than $1.5 trillion USD to the economy simply in terms of revenue and freight (Airlines for America, 2017). This excludes the estimated ten million jobs. For the purposes of this analysis, the economic impact is the only metric through which the cyberattack is considered. This $1.5 trillion USD impact correlates to $4,109,589,041 USD daily. In fact, it constitutes 5.4 % to the U.S. GDP (Federal Aviation Administration, 2014, p. 3). Therefore, the impact on the American and even global economy is very significant. Failures that, for example, shut down one airport and send aircraft to a nearby one do more than inconvenience vacationers. They keep business people out of important meetings, they prevent freight from moving from one place to another, they ground entertainers, they increase costs for businesses such as airlines.
From this calculation, a variety of numbers are calculated in terms of the potential economic impact of a variety of scenarios in which air traffic control systems partially or totally disrupt air travel and control systems. Although it is likely that the daily costs of a prolonged national airplane grounding might ultimately cascade into higher costs because of the interrelated nature of global economics.
The methodology used below illustrates the potential impact of a total grounding of all U.S. air activity, as well as a variety of impacts, including ones as seemingly modest as a 10% standstill or impact on U.S. economic activity related to air infrastructure. This methodology assumes that an attack on air traffic controls is in essence an affair that would ground air travel, at least to a certain level of multiplier. As the data in the next section show, the cost of even a 10% disruption of air travel based infrastructures is extreme.
This type of disruption would, of course, lead to cascading problems: Suppose one air traffic control region was disabled. This would affect any aircraft flying into its airspace, which could cause other regions to ground or reroute air traffic.
Data
The data below are derived based on the $4,109,589,041 USD daily figure and represent total and partial air traffic groundings due to a cyberattack. Note that a more likely scenario would be one in which total disruption gradually titrates to, for example, a 90% disruption, 80%, 30%, and then back up to 0% disruption, or full capacity. However, the data below are meant to be fundamentally illustrative.
In USD Daily Cost 2 Days 3 Days 7 days 10 days 30 days
100% 4,109,589,041 8219178082 12328767123 28767123287 41095890410 1.23288E+11
50% 2054794521 4109589041 6164383562 14383561644 20547945205 61643835615
20% 821917808.2 1643835616 2465753425 5753424657 8219178082 24657534246
10% 410958904.1 821917808.2 1232876712 2876712329 4109589041 12328767123
Table 1. Speculative economic cost of 100%, 20%, 50%, and 10% air traffic control disruptions, in USD.
These data show that even a 10% disruption for three (3) days would lead to an economic loss of $1,232,876,712 USD. A 20% disruption for ten (10) days has the potential to cost the U.S. economy $8,219,178,082 USD, or more than 1% of the total GDP. A ten-day total disruption would cost $41,095,890,410 USD. These totals consider only the economic impact of air travel and not ancillary costs such as loss of wages or insurance settlements, as of the type that are common after air accidents and disasters.
However, these data are conservative. Considering the insurance payouts that must occur in the event of an air disaster, which can vary widely, actual costs would likely far exceed these figures. Although America is already used to partial disruptions, such as with the regional weather that is so common in the Northeast and Southeast, a prolonged and total disruption without the advance notice that is so often available when bad weather strikes would have devastating economic consequences. The cascading costs of business and supply chains coming to a standstill, insurance payouts, and the loss of human life would all lead to consequences far beyond the costs listed above.
Analysis
From these data, it is clear that cyberattacks are about more than stolen credit card purchases or embarrassing online activities such as infidelity, most infamously exploited by the 2015 breach of cheating website Ashley Madison (Mansfield-Devine, 2015). They are instead about an enormous amount of lost economic productivity, as well as other issues related to the economic vulnerability of critical infrastructures in the United States. They show a misguided thought process in which intimidating security “theater” (Levenson, 2014; Schneier, 2009) has become more important than actual security processes that might protect critical systems and infrastructures. While air travel has criminalized and inconvenienced passengers, and created an imposing security structure, major systems have remained vulnerable to nefarious attacks in a way that is simply inexcusable.
Perhaps another topic of future analysis could be the claim that American reliance on complex supply chains has rendered the economy overly vulnerable to the air travel and freight sector, which in turn represents a needless risk. It is obvious that much needs to be done to improve the information security of critical infrastructure systems, but the impetus in doing this goes beyond the basic and obvious human rights and security issues and extends into America’s gross domestic product.
Ultimately, it is clear that the economic impact of a cyberattack is very real. The “cost-benefit analysis” of this type of terrorism may have been dismissed in the past (Giacomello, 2004), but it is now only a matter of time before such vulnerabilities are exploited by parties that wish genuine harm to the United States. Although Giacomello (2004) felt that cyberterrorism would not be “worth it” for terrorists, the potential to completely disrupt infrastructures and supply chains would likely be too good to pass up, especially if the attacker need not necessarily leave his or her homeland, or even their home, much less undergo years of training and attempting to assimilate in a foreign country (as the 9/11 hijackers did). The times have changed, along with the methods used to wage war. It is clear that the next frontier will not just be the use of aircraft as missiles, but the weaponization of aircraft infrastructure to disrupt the economy as much as possible.