"This is the single worst recap of any defcon talk I've ever read. It's clear you're looking for the sensational headline for the click through, but your article is flat misrepresentation. He started his talk with how this presentation was impossible to use to hurt aircraft. And it was a high level overview about atc, no real technical content. There was no scariness, except anyone treating your article as vetted or accurate."
People are treating the real world as if it was a computer.
It is not so. It is not necessary to have perfect security in the real world. It is only necessary to defend against realistic problems - not against theoretical attacks.
With a computer a theoretical attack can succeed and be undetected, because computers blindly follow instructions.
You can only DOS an air controller once, which makes DOSing them pointless, which also makes defending against DOS attacks pointless.
Suppose you're right and you can only DoS an air traffic control tower once. Does that mean that it's pointless? There are probably scenarios in which paralyzing an airport for a while could be pretty dangerous.
However, what makes you think you're right? It sounds like it would take quite a bit of system re-engineering to stop the DoS and return to normal service: the ATC system has to figure out which flight plans are real and which ones are spurious, and be sure to print out all the real ones.
This presentation simply sheds light on how easy it is to manipulate various aspects of the FAA's scattered (and often outsourced) information systems. There are over a hundred private companies that automate flight planning for pilots.
Gaining clearance from ATC on a filed flight plan is an entirely different and, most importantly, human procedure.
It is exponentially easier to trespass at a nuclear power facility or steal a fuel transport vehicle than it is to change someone's flight plan which has already been filed.
It is very scary that these kinds of vulnerabilities still exist in a post 9/11 world. Sure it takes time and money to improve systems, but something as serious and important as airplanes seems like something that should get priority and special attention.
Reading this article reminded me of the 2nd Die Hard movie....great movie, but not a pleasant thought if it could happen in reality
"This is the single worst recap of any defcon talk I've ever read. It's clear you're looking for the sensational headline for the click through, but your article is flat misrepresentation. He started his talk with how this presentation was impossible to use to hurt aircraft. And it was a high level overview about atc, no real technical content. There was no scariness, except anyone treating your article as vetted or accurate."