Could a bad actor shut down ATC and if they did, how do we get planes on the ground safely?

Anything is possible. Seems a Russian hacker stole nearly a terabyte of data from McDonalds and is trying to extract ransom to prevent disclosure. So the CyberWar on us has already started.
Lets Go Brandon

The systems and facilities are not as centralized and interdependent as you might assume.

So for practical purposes, no not really.  Not wide range for any significant length of time.

OK but I'm really interested in the answer to "what if they did."  Say ATC gets shut at major airports. All some or most major airports so alternates are off the table. Is there a mechanism to get the planes down safely? How would that work? They all have to land sometime and they should have about 45 minutes of fuel to do it.

Said miracle of total ATC shutdown is just not going to happen as a cyberattack. Even if you did take out literally all the remote radio links for TRACON and ARTCC, and all radar services, you've still got to take out the tower radios and the airport navaids (ILS, GPS, VOR). That's going to require physical destruction or jamming (definitely jamming for GPS since you can't shoot down the satellites) at every airport you want affected because those systems are local to the airport and, in most cases, dirt simple. So in the case of this miracle attack, everyone would be confused for a while but the message would get out, probably over the guard frequency, local freq's, and data links. I suppose your mythical cyberattack could also take out the data links, but you'd still have to old-fashioned jam every other comm freq. and that's not trivial. So pilots and planes would talk amongst themselves, and with the towers, and people would do what they had to, which means switch to tower as soon as they could, go with old fashioned position reports, and sort themselves out.

You could take out a single airport fairly easily, though.

Thanks. That’s very informative.

I was going home once and center came on and said “we are evacuating for a fire.  All aircraft maintain VFR.”

It lasted about 10 minutes and we landed with no issue.

It happened in the fall of 2014 at ZAU (Chicago Center). A disgruntled telco contractor came in and set fire to the equipment used for radar, data, and voice.

All traffic not landing in ZAU airspace was re-routed (when feasible) and traffic landing in ZAU airspace was curtailed to a high degree. It was a huge pain in the ass
for controllers. The adjoining centers (ZOB, ZMP, ZID, & ZKC) worked to absorb the traffic.

As for getting planes on the ground safely, it depends on what ATC facilities are affected when an outage happens. I was not a center weenie, and thus I dont know what they have for contingencies.

I will tell you this:

I was working at a busy, east coast tracon and the radar went out, right in the middle of an arrival rush. The saving grace was two fold...

1) It was a nice, VFR day

2) Back then, we still used flight progress strips, so we knew the callsigns, A/C types, and whatever altitude or speed info the controller scribbled on the ticket.


In the center environment, the A/C are kept at least five NM apart laterally. In the terminal environment we run as close as 2.5 NM (two miles, if your facility has the waiver); so,

having the radar go dead with a/c in close proximity was something I did not want to experience again.

VFR towers: most don't have radar and they have portable back-up radios, so it is not that big of a deal.

LOL. Ok.  In the event of the intercontinental nuclear first strike it would take, I'm not going to have to worry about getting down safely.

It would take a nation-wide EMP to knock out ATC enough to cause catastrophe. Unless that happens, someone in the cockpit of a plane on the ground could give landing instructions and sequencing.

Landing the plane DOESN'T require a radio. If worst came to worse, the planes and crews could use NORDO procedures.

VHF is line of sight. I suspect 9/11 had a lot to do with the rogue aircraft all talking to different controllers when they went off course so controllers were not aware there were multiple lost aircraft.

Also, IFR routing is such that if comms are lost, it should not create a conflict. And comms can be lost from the ground as well as from the air. In the former, as someone said, pilots can manage their own sequencing and freqs over guard.

I’d like to think that all licensed pilots could fly and navigate across the country with no radios, gps or electronic navigation.

One of the advantages of the basis of the ATC being 1960s technology is that its not as vulnerable as you'd think. Probably the stuff that's hard to protect is point of sale stuff, but its a non-catastrophic failure.

Lulz.

Can you hack shit that is basically running on DOS?

Kind of this, mostly, but a single airport wouldn't be easy at all.

You would need, pretty much, The A Team.

Airports are extremely decentralized. First you would need to disable STARS, which is the Great Eye of Sauron, removing the ability of another facility from just taking over control.

Then you would need to knock out the RTR, and at a major airport, there are a ton of transmit radios in there, so you would need a way to meaningfully put hot white noise on every radio. The receivers are in the tower. The tower also has a backup radio and failing that, handhelds.

While you're at that, you're going to need to figure out how to destroy the controller's light guns. They can direct ground traffic with just that.

Then you would need to put down the CARSR and ASR radars which are hardwired directly to the displays in the TRACON. The ASDE-X would need to come down too.

The RVR's would need to get knocked out, which again are hardwired.

Then you would have to do something about the MALSR, or in pilot speak, the flashy flashy, which again are hard wired to not only the tower, but can be turned on by the pilots themselves.

The VOR's would need to be knocked out. They're not only a navigational aid but in a pinch can be used as a voice transmitter. Not really a lot of jamming you can do to knock out a VOR, but if you really wanted to shut one down, just go park a truck on the ground plain, unless it is a doppler VOR in which case you would need to physically destroy it.

Since we are getting frisky, you're going to have to smash the ATIS transmitter or jam it, which is easier than the regular VHF radios since it only operates at half power.

Then you would need to destroy the ILS's, which since we are just wrecking shit anyway, you're going to have to drive a truck through the localizer array, don't worry, they're all frangible anyway. The Glideslope tower would be problematic, they're not frangible, so you would have to go in the little house and destroy the Mark 1F or CEGS. Or just park your truck in the ground plane for 20 minutes which would shut them off past the first reset.

Oh, I forgot about the DME's. Gonna have to figure out how to bring those down, and that's a very simple system, so they could set one up literally anywhere. 1118 DME just pull a card. 415 is a bit more robust, and Selex? I'm not touching that thing, it'll burn you. Gonna need a hammer for that.

And then, after all that, since you were out driving over the Loc anyway, you might as well go drive over the PAPI/VASI's too. There are no pilots who don't know how to use that... I say that and then one of the airline guys is going to pop in here and tell me they know several who are captains who don't and I'm going to be all disappointed...

ETA: I totally forgot the RCAG site, which you first need to figure out where it is, then figure out a way to wreck it.

Then you have your NDB's and OM's which might not be easy to find either.

You can't just cut the power to most of these as there are backup generators. ARTCC's can go for 48 hours in some cases on their generators alone.

Now while you're out there doing all that, the police might have something to say about your adventure.

So to put it simply, no, you can not hack a modern airport and make ATC-0 without physically wrecking shit, and if you started wrecking shit, you're going to have armed angry men with guns trying to foil your dastardly plan.

I don't know if you ever heard the real story on this one. Sure he burned the ZAU radios, but the why was important. I got this story from some of the guys who worked at ZAU in tech ops with him.

They said that the dude, Brian Howard, worked for FTI Harris. He was doing an ERR or whatever that company calls it to Hawaii. He had sold his house, bought a house in Hawaii, moved his wife, sold his shit, and specifically sold his bike. The ERR went through and he was getting ready to go, then out of nowhere, FTI reneged on the transfer a couple weeks before he was to leave, leaving him effectively homeless, owing a big mortgage in Hawaii, etc.

He was already a depressed person so he decided to go cut wires in the bundles, pour gas on the cuts, and light that shit on fire. He went to the telecon room, spread out the gas, lit it, slashed his throat, and laid down in the room. Because the fire was in that room, the firefighters ended up saving him first.

There is so much wrong with your single-airport TLDR thesis it's not even worth picking it apart.

But the biggest reason it's not worth picking apart is because an attack on a single, large, Class B airport doesn't need any technical or cyber factors and doesn't even need to destroy anything except a few panes of glass. You are forgetting the human factor. A few rounds through a tower cab window and that airport will be closed for hours. If you want extra spicy, and are willing to take a risk, just when they seem to be relaxing their posture back into operation, send a few more rounds from a mile away. Tower glass is a big target, you don't need to be super sniper to accomplish that. I'm not sure if tower glass is normally done over with anti-ballistic film (it seems you might know), but if it is just use a .50.

That level of marksmanship, and the necessary equipment, is relatively commonplace these days, far more so than the technical acumen necessary to perform any technical or cyber attacks.

Just making them abandon the tower doesn't need to stop operations from a purely technical perspective. But it will.

@aa777888-2

I'm wrong about everything? How long did you work tech ops? Serious question.

But I think he was talking taking it down from a technological standpoint, not just shooting holes in the cab. I mean, if you wanted to shut it down and not even have to use a gun, just start painting the vents and the controllers would abandon ship when they smell it. They've done that before.

Or tone the controllers from the RTR or RCAG. They're all sitting and waiting for that so they can get free time off and claim disability.

I just retired from a 40 year career designing and producing very complex electronic warfare systems for Uncle Sam. So I might know just a little bit about what it would and would not take to suppress all navigation and communications signals necessary for an airport to operate

It's an industry truism that the comm's guys are always overconfident. I can't tell you how many test ranges we've showed up at where the comm's guys were claiming they were un-jammable only to be proven wrong within just a few minutes. However, to be fair, there are a lot of limits to EW, and effects will peter out after only a few miles. But a lot of times that's all you need, and in this case that happens to be true.

On the other, other hand, you guys are getting better at deploying GPS interference detection systems. Since jamming that is a must-have part of shutting down any airport nowadays, any such jammer is likely to be found out. But we're still probably talking hours, not minutes.

Right on, congrats on your retirement, but the thing is that outside government agencies, people don't have ready access to the kind of equipment that you did in your, quite interesting and I would like to know more about, job. I am talking about the bare, rock bottom technological requirement to shut down an airport without having access to DARPA level technology. Could someone just shoot the tower? Sure, but that's not going to put anything down because they would just route everything away and they could use the tracon for everything they could do in the cab. Even easier than that would be to just fly a drone with a preprogrammed GPS route out around the airport and they'll shut it down for you and reroute everything somewhere else.

I'm not a strictly comm guy. I have experience in comm with the FAA and military avionics. I worked at a GNAS facility so I worked on Radar, Comm, Navaids, and Automation across an entire state at the same time before I became an inspector, so I have pretty extensive experience in the field of airport ground technology. The Aeroflex was my baby and I miss her dearly.

I think the original question was "Can an airport be hacked?" and I think he meant like they did in Die Hard 2(?) and the answer is a simple no. There are entirely too many systems that are hard wired, do not use anything outside city power, have no transmission, and most of those have battery backup that can remain in operation long enough to get everyone on the ground. Can you hack most or many of the systems? Again, the answer is no unless you're shutting down city power in which case most larger centers and large airports have a substantial back up power source. (The one in Farmington MN and Honolulu are particularly impressive with 3 full generators and in Honolulu they have a DRPDS)

MALSR/ALSF (Runway lights) is un-jammable as it is a physical switch with buried hard wires they can turn on and at the majors they have a battery backup. So let's say that you shut down all comms, the VOR, ILS, DME, all ADS-B, etc are unusable, the amount of power necessary to put just the VOR down would be substantial enough that they would find you pretty quick. The aircraft are still going to have access to the MALSR/ALSF, PAPI/VASI, and light gun tower commands... unless your work also enabled the jamming of... light in which case awesome, and I now need to know if I need to watch out for the Predator!

From a, "Let's shut this motherfucker down!" standpoint, most of the stuff at an airport is hardwired to the tower. The radar is usually far enough away, especially in the case of a CARSR with a 230 mile range, that you would essentially have to be there at the ball to put a dent in it at the same time as you were at the tower throwing noise to shit up the comms, and VOR, DME, LOC and GS all at the same time. Could you feasibly do it with enough power? You would know better than I would, but from a "Hey, I'm Johnny Mohammedville and this is Al Qaeda!" standpoint? Not in their wildest dreams.

CARSR coupled ASR, ADSE, and ADS-B with STARS giving a "Great Eye Of Sauron" level view of that radio world, they might lose coverage in the area you're shitting up with noise, but you would have to drop national to really stop all radar and communications and they're really good at figuring out where they can transmit from to get their message out. I once had the RCAG where I worked take a lightening strike that burned out all the transmit function in the radios and shut that motherfucker down. They switched over to the BUEC so fast that nobody even knew anything had happened and it is in an entire different geographic area than the RCAG was.  

STARS is, again, hardwired between stations as is a majority of communications from the major centers. Could someone put out enough wattage to induce amperage on long wires and wreck stuff? Again, that's a question for you, but someone being a turd isn't going to have that ability.

If you were going to put down the comms at ZAU, they could transfer to any number of RCAG or BUEC sites that are 200+ miles away.

That's a lot of buzzwords. The point is, give someone like me (not me!) $50K and a van, and they could (Good Guys please make careful note of "could", not "would" or "should") shut any airport you care to name completely down using just electromagnetic waves. No "DARPA level stuff" required. Just good old off-the-shelf stuff anyone can buy.

If you kill tower comm's, ground comm's, clearance delivery, ATIS, GPS, ILS and VOR, the Powers-That-Be are just going to close the airport to all traffic. It doesn't matter if radar services are still up, or remote communications outlets 100NM away still work, or if center and TRACON are still up. And it sure as shit doesn't matter if airport lighting still works. And if this is done on an IFR day so much the better. With ceilings below RNAV minimums, better still, don't need to hassle with the VOR or GPS.

In short, be realistic. Hell, it probably wouldn't even take that much. Any little bobble of the system outside the playbook stops everything because that's how the FAA rolls. Departures will stop. Inbounds will be diverted. Risk must be averted.

Now if you go back to my first post in this thread, I agree, there is no all-out, country-wide cyber attack that would be successful on the system. But a single airport? Shit, look at how Heathrow was shut down over random drones. No pilot is going to yell out "Ramming speed!" for fear that some random drone will turn out to be the Golden BB, not with a couple of hundred people in the back. That kind of stuff literally is child's play. No need for hardly any technical knowledge. Just don't use a drone like a DJI that plays by any rules with stock firmware on board.

All of our country's infrastructure is horribly vulnerable that way. Want to generate a CONUS-wide blackout? More child's play. Hell, an old guy almost did it single-handed a ways back. He had himself a car, a gas powered cut-off say, and sawed halfway though a whole bunch of transmission line tower legs over a large geographical area just to say he could. The only thing that stopped him from sawing all the way through was his conscience. And they did catch him. But he could have been very successful before they did.

But of course this is all theoretical. Nobody is likely to actually do this. Even minor disturbances are extremely rare, e.g. Heathrow. Not sure why, but since it is all literally so easy, all I can think is that most people are intrinsically good, and thank goodness most bad people are intrinsically stupid.