Aviation Accidents: Many Risks Move from Mechanical Failures to Terrorism. Are Cyber-Attacks Next?

EgyptAir’s 20 Year Terror History:

Some quick thoughts on the most recent loss of EgyptAir’s flight 804 and how persistent terror has been one of the leading causes of accidents in this airlines history. The main questions to be asked as we move forward are as follows:

– If physical terror has played such a major role in aviation accidents, can cybersecurity sabotage be far behind?

– What controls / testing are done to ensure the ongoing operations of jets that rely increasingly on computers are safe and sound?

– What personnel controls are placed on those conducting tests and coding for these aviation systems?

Let’s take a look at EgyptAir’s history and you can be the judge if we have potential future risk.


EgyptAir Flight 804 Loss in Mediterranean Sea, May 2016

With the loss of EgyptAir’s Flight 804 from Paris to Cairo, we’ve already begun to learn a lot lessons about the state of the aviation industry’s security apparatus. Questions now linger about terror’s human factor in piloting, maintaining and otherwise accessing these aircraft.

In fact, even if this flight accident is deemed a mechanical or geo-political accident (e.g. a missile shoot-down like Malaysian Airlines incident over the Ukraine), it still leaves EgyptAir with nearly a 50/50 chance over the past 20 years of data of an accident originating from terrorism versus mechanical failure, according to statistics from aviation-saftey.net

Then we have the Islamic State, which issued a chilling threat to ‘kill France’ just days before EgyptAir flight MS804 from Paris vanished with 66 people on board. Only days before the disappearance, ISIS gave a murderous warning to France in an online video. The message gives no other clues and seems to give a hint that a convert joined ISIS and was ready to give punishment to the French. Although most of the casualties are Muslim Egyptians, this threat has not been confirmed to link to the crash yet as investigation continues. Also, ISIS does not care about killing Muslims since their code allows it.

[You might also like: Cybersecurity in the Real World: 4 Examples of the Rise of Public Transportation Systems Threats]

EgyptAir Flight 181, Hijacked, March 2016

EgyptAir Flight 181, a domestic flight from Alexandria to Cairo, was hijacked by a male passenger in March 2016. The aircraft, an Airbus A320, departed Alexandria-Borg El Arab Airport (HBE) about 06:30 and was in descent towards Cairo International Airport when it was hijacked. The aircraft turned to the left and headed north, and an uneventful landing was carried out at Larnaca Airport, Cyprus. The hijacker who was arrested claimed to have an explosive belt, however released all occupants except for the pilot, co-pilot, three cabin crew members and three passengers before being taken into custody.

EgyptAir Flight 738, Hijacked, October 2009

A Sudanese passenger on board the EgyptAir flight pulled a knife on a female attendant just minutes after takeoff, saying he wanted the flight diverted to Jerusalem “to liberate it.” Two air marshals overpowered the hijacker, who later turned out to be intoxicated. News media reported the airplane involved to be a Boeing 737 while the EgyptAir timetable suggested the airplane usually used on that flight was an Airbus A320.

EgyptAir Flight 233, Hijacked, May 2000

A man brandished a jar of hair gel and claimed it to be a bomb on board EgyptAir flight 233. The hijacker told the chief flight attendant that he wanted to go to Afghanistan so that he could find a job. After making the demand, the hijacker attempted to storm the cockpit of the Airbus A321 aircraft but was unable to gain entry and was overpowered by crew members. The plane landed in Aswan, where the hijacker was taken into custody and charged with air piracy and threatening the lives of airplane passengers. None of the 19 people on the flight were injured.

EgyptAir Flight 990 loss near Nantucket Island, MA, October 1999

EgyptAir Flight 990 departed Los Angeles International Airport, destined for Cairo, with a scheduled intermediate stop at New York-JFK airport. Two designated flight crews (each crew consisting of a captain and first officer) boarded the aircraft at JFK. After takeoff and leveling off at 33,000 feet four minutes later, the command captain decided to go to the toilet and left the flight deck. About 21 seconds after the captain left the cockpit, the cockpit voice recorder (CVR) picked up the relief first officer quiet statement of “I rely on God.” Shortly thereafter, the autopilot was disconnected and once again the relief first officer stated quietly, “I rely on God.” Again, shortly thereafter, the engine throttle levers were moved from their cruise power setting to idle, and, one second later, the flight deck recorder (FDR) recorded an abrupt nose-down elevator movement and a very slight movement of the inboard ailerons. Subsequently, the airplane began to rapidly pitch nose-down and descend. The relief first officer quietly repeated, “I rely on God,” seven additional times.

[You might also like: 4 Reasons to Believe that Future Cyber Attacks Will Terrorize]

During this time, as a result of the nose-down elevator movement, the airplane’s load factor decreased from about 1 to about 0.2 G (almost weightlessness). Then the elevators started moving further in the nose-down direction. Immediately thereafter the captain entered the flight deck and asked loudly, “What’s happening? What’s happening?” As the airplane’s load factor reached negative G loads (about -0.2 G) the relief first officer stated for the tenth time, “I rely on God.” As the airplane exceeded its maximum operating airspeed (0.86 Mach), a master warning alarm began to sound and the relief first officer stated quietly for the eleventh and final time, “I rely on God,” and the captain repeated his question, “What’s happening?” The US National Transportation Safety Board determined that the probable cause of the EgyptAir Flight 990 accident was the airplane’s departure from normal cruise flight and subsequent impact with the Atlantic Ocean, as a result of the relief first officer’s flight control inputs. The reason for the relief first officer’s actions “was not determined.”


Aviation terror threats, like water, tend to take the path of least resistance. When thumbs are stuck in the dike new holes are made where the foundation is most weak. We now know through numerous external analysis and documented evidence that the aviation sector is vulnerable to cyberattacks. How long will it be before the terror strikes will evolve in the aviation industry, like they did around the world, to the cyber front? Should you have responsibility for any aspect of these areas please don’t be a bystander and be proactive about onboarding controls and saving peoples lives.

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center