The first recorded United States hijacking occurred on May 15, 1928; it was perpetrated with a ball peen hammer. Skyjackings through the 1960s and 1970s, the hijacker(s) gained access to the control cabin; takeovers were executed with a wide range of weapons, e.g. knives, guns or ‘bombs’ in a shoebox. The last US hijackings on September 11, 2001, were successful because of coordinated efforts by terrorist teams penetrating the cockpit.
It appears that may no longer be necessary; at least, not physically. The cockpit can be breached without raising a finger.
Technology has not been asleep over the last two decades. The almost complete transition of most airliners, certainly most aircraft, from analog to digital technology, has left a vacuum where control used to be. In a recent issue of Motherboard, Joseph Cox examined the threats in an article titled: US Government Probes Airplane Vulnerabilities, Says Airline Hack Is ‘Only a Matter of Time’. Ironically, even this June 6, 2018 article may be out of date, technology-wise.
Skyjackings through the 1970s were based on controlling the pilots and thus the aircraft; the hijacker(s) wanted two things: passage to the location of their choice and their ten minutes of fame … or infamy. The hijacker was not a pilot; they did not know how to fly the aircraft, so were dependent on keeping at least one pilot alive to arrive safely; that was their leverage. The cockpit in many airliners had three pilots; the aircraft were controlled by systems that were analog, manipulated by toggle switches, wheels, directional switches and handles. Not only did the hijacker control the three pilots, but air traffic controllers and law enforcement were kept at bay, powerless to interfere with the hijackers’ demands. The power: controlling every aspect of the hijack with the weapon of choice.
Then in April 1994, FedEx flight 705 changed the rules forever when Auburn Calloway attempted to wrest control of a DC-10 from its crew. The coward, Calloway, a FedEx pilot himself, did not need the flight crew to operate the aircraft to its suicidal conclusion, because he would fly it. He endeavored to kill the crew in flight and fly the aircraft into the Memphis hub. In a series of unexpected, albeit fortunate, circumstances, Calloway’s sole opportunity was foiled in different ways. Through the flight crew’s tenacity, bravery and will to survive while saving others, the plan fell apart. However, it was the first time that both suicide and the hijacker’s flying skills were crucial to the hijacking’s purpose.
FedEx 705’s lessons should have been the case study for all transportation and law enforcement agencies; the world had changed; the rules had changed. It is Monday morning quarterbacking to suggest, but other than in the Tom Clancy novel, Debt of Honor, no one seemed to give the scenario of FedEx 705 any validity. It was a cargo plane; that can’t happen to a passenger airliner, the checks are far superior to overnight cargo operations.
On nine-eleven, the four hijackings proved again that the flight crews were dispensable to the terrorists, after serving only one purpose; get the aircraft in the air. The facts of the hijackings were too random: more than one airline targeted; more than one aircraft type attacked and even more than one airport of origin. These unknowns confused the intent. The hijackers were trained to fly, assuring each airliner would hit its target. The one hurdle, as in all prior hijackings, was still gaining access to the cockpit.
Shanksville, PA, Ground Zero, the Pentagon and even Fresh Kills, Staten Island, are vivid reminders of the US’s vulnerability that day. Nearly seventeen years have passed since that infamous Tuesday morning, already the public has largely forgotten or downplayed the events of nine-eleven. One World Trade Center has replaced the Twin Towers and the Pentagon’s western wall has been repaired as if nothing happened. And perhaps that is the problem; we have erased the scars and, as a result, the shock and pain. Now, there are those who aim to dispel the very fixes put in place as a result of nine-eleven. The Department of Homeland Security (DHS) is constantly under fire; The Transportation Security Administration (TSA) has always been a favorite target and current political candidates suggest abolishing the US Immigration and Customs Enforcement Agency (ICE). Just when this country must prepare for another attack, the populace is only concerned with inconvenience and political correctness.
How easy would it be to take over an airliner today? According to Mister Cox’s article, somewhat easier than one would imagine. The DHS and other US government agencies are already investigating the ease with which an airliner’s controls could be exploited by a cyberattack. Demonstrations have already been made that show an unmanned aerial vehicle (UAV), aka a drone, can be hijacked from halfway around the world. This does not happen because of one’s firsthand manipulation of flight or engine controls. Instead, it is simply software, programming; that is the new knife, gun or ‘bomb’ in a shoebox.
Each airliner made after the 1980s has digital technology, utilizing ‘fly-by-wire’ equipment. This technology allows the manufacturer to decrease aircraft weight by eliminating thousands of pounds of cables, pulleys and quadrants; it relieves mechanics of troubleshooting and many return-to-service tests, saving money and time. The onboard computers interpret pilot input into a digital signal that translates into the movement of flight controls, engine throttles and landing gear. Wires have replaced mechanical devices while computers act on behalf of the pilot. On autopilot, the aircraft operates independently; throttle movements, course corrections and altitude adjustments are made without pilot input, indeed without pilot awareness.
Who programs and repairs these aircraft computers? Any one of hundreds, if not thousands, of avionic repair stations worldwide. Are there controls in place to police the avionics people repairing, possibly programming, these computers? It would depend. In the US? Most likely, but other countries do not receive the security oversight seen in the US.
A ‘sleeper’ program, a virus, that could upset an airliner’s control could be uploaded in computers, installed in airliners all over the world, with no forewarning; it could ‘sleep’ for days, weeks, months or even years. An upset could include an aerodynamic stall during take off where recovery is impossible. The program could shut down all engines four hours flying time from land over the deepest underwater cavern. With the plans for pilotless airliners, what chance would the passengers have? Would the flight data recorder, if found, reveal any data? How many airliners around the world could be upset in one day, without the hijacker (singular) even entering the cockpits or even the airliner?
And what of UAVs? Could they be made to fly into an airliner’s engines on the approach into a major airport? Would the cockpit windscreen survive a direct hit with a drone?
Could any of these scenarios happen? Perhaps. At one time fans of Tom Clancy were thrilled by the last chapters of Debt of Honor, thinking they would never come true, scared to think someone thought of it. The truth is: terrorists no longer try to land the plane and are not concerned with their own safety.
The true terror is the unknown and these scenarios provide many unknowns. The US has been complacent about security these last seventeen years. It is good that agencies like DHS have been working to prevent cyberattacks, but all agencies need to engage. The US needs to remember what it was like that Tuesday in September, the day the world changed forever.