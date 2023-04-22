Europe’s Planes Keep Flying Despite Cyberattack
- Critical infrastructure targets such as Europe’s top air-traffic agency show resilience
A cyberattack blamed on pro-Russia hackers continued to disrupt operations at Europe’s top air-traffic agency, but officials said some systems had stabilized and air-traffic safety remained unaffected.
A cyberattack blamed on pro-Russia hackers continued to disrupt operations at Europe’s top air-traffic agency, but officials said some systems had stabilized and air-traffic safety remained unaffected.
The limited operational damage of the hack has highlighted the relative robustness of the continent’s air-traffic system. Built-in redundancies and backup systems designed decades ago, and not reliant on the internet, can protect it from the sort of technical hiccups that have become part of everyday life, like internet and communication apps outages, hacks and cyberattacks.
The limited operational damage of the hack has highlighted the relative robustness of the continent’s air-traffic system. Built-in redundancies and backup systems designed decades ago, and not reliant on the internet, can protect it from the sort of technical hiccups that have become part of everyday life, like internet and communication apps outages, hacks and cyberattacks.
This week’s attack has also helped underscore the sometimes-limited impact of such cyber offensives. That has especially been the case for the increasingly frequent, yet not overly sophisticated, cyberattacks blamed on, or claimed by, Russia supporters amid Moscow’s war in Ukraine.
Eurocontrol, the agency that coordinates commercial traffic between national air-traffic control entities, has suffered through days of technology disruption, including a blackout of some communications. Some smaller airlines were forced to use older technology, including a telefax-era backup system, to manage flight schedules.
But officials said flight operations weren’t disrupted, and the safety of European commercial airspace was never threatened.
“There was no inconvenience to air traffic, no disruption and no delays because of the cyberattack," said a spokesman for the International Air Transport Association, an industry body. Airlines were instructed to use other networks and didn’t experience any issues, he said.
It couldn’t be determined whether the hackers were seeking to directly disrupt European flight traffic, which might have required a more dedicated assault on the targeted systems.
The Wall Street Journal first reported Thursday that the agency was under attack from what it said were pro-Russian hackers.
The Eurocontrol attack follows recent warnings from U.S. officials and large security firms that Russian hackers might seek to become more aggressive against Ukraine and its allies. Russian government hackers have increased their cyber-espionage attacks while deploying novel strains of malicious software, according to research from Microsoft Corp. and other security companies.
Russia has generally denied attacking other countries with destructive cyberattacks.
Prior warnings about potential Russian cyberattacks against the U.S. and Western allies—particularly the threat of disruptive attacks on critical infrastructure—have largely not materialized since the war began over a year ago, however. The aggression that has been seen has mostly been confined to low-level, unsophisticated operations, including website interruptions by pro-Russian hacktivist groups like the one that took credit for this week’s attack.
Killnet, a Russian hacking group that has in the past called for nuclear strikes against the U.S., shared on Wednesday night a post on its Telegram social-media channel taking credit for the attack on Eurocontrol. The post called for hackers to join what it described as a marathon attack on Eurocontrol.
“From today, a Eurocontrol marathon is being held, lasting 100 hours," the post read.
Western security officials have offered varying assessments why Russia hasn’t sought to target Ukraine’s allies with more debilitating cyberattacks, including that its hackers are focused on tactical operations within Ukraine’s borders intended to help its military. Moscow might also be reluctant to risk provoking a cycle of escalation with the U.S. with cyberattacks, the impact of which are often hard to precisely calibrate or control, they say.
The Eurocontrol hack was continuing to cause “temporary connectivity issues" at the agency’s Network Manager Operations Centre, according to a notice on its operations portal Friday. The center is responsible for coordinating and overseeing all flights in Europe and over European airspace.
The agency had previously recommended that operators use alternative methods that don’t rely on an active internet connection to submit their flight plans.
The attack started Wednesday, the agency has said. Eurocontrol said it wasn’t able to provide a further update.
The disruption forced some airlines and private planes, which had typically used an online portal to file their flight plans, to switch to an older network known as the Aeronautical Fixed Telecommunications Network, according to officials.
The system was originally based on the telex, a technology that predates the fax machine, and it uses dedicated cables to transfer messages between pilots and air-traffic controllers across the globe. Somewhat clunky and expensive, the network nonetheless provides safeguards from certain attacks on the agency’s technology infrastructure, such as that sustained by Eurocontrol in recent days, according to aviation specialists.
“This ancient system of having cables connecting to the outside world is still very, very much alive," said Akos van der Plaat, an air-traffic controller based at Amsterdam Schiphol Airport and a consultant for air-traffic management advisory MovingDot BV.
Eurocontrol suffered a blackout of internal and external communication, such as email, forcing many of its around 2,000 employees to use alternative tools. The Eurocontrol website was also down for much of the duration of the attack.
—Dustin Volz contributed to this article.
Write to Bojan Pancevski at bojan.pancevski@wsj.com and Benjamin Katz at ben.katz@wsj.com