Monthly Archives: August 2009

Airspace violations – Prologue

This is the first of a series of articles, written with Simone Bovi, about military and civilian airspace violations.

Simone is was born in Novara (Italy) in 1978 and he graduated in law at the “Università degli Studi di Milano”, introducing a thesis regarding the use of force against aerial intruders and international law. He’s an aviation enthusiast, who makes research on the Italian Air Force during WWII and Cold War incidents and he currently works for an Italian airline, in the security and ground operations field.

As you will discover by reading the various episodes, even if the first recorded violation dates back to the “dawn of flight”, this kind of event is among the “most current” in the modern scenarios when airspace violations (actual or presumed) periodically cause close encounters between fighters, bombers, reconnaissance aircraft and civil planes belonging to friendly and unfriendly nations with subsequent increased tension between countries and various types of diplomatic reactions.

Just to have an idea of how frequent these events are, you can browse through the pages of this website where you will find the description of many interceptions performed by the Italian Air Force fighters in the Cold War era and nowadays (have a look at the articles published at this page: https://theaviationist.com/tag/scramble/).

The various episodes that will follow this Prologue will provide a more detailed view of some of the most famous airspace violations recorded all around the world.

All the episodes of the Airspace Violations series will be also available at the following link: Airspace Violations.


Prologue

The first article of the Chicago Convention on International Civil Aviation (Signed in Chicago, on 7 December 1944) states that:
“The contracting States recognize that every State has complete and exclusive sovereignty over the airspace above its territory”.
Similarly, the United Nations Convention on the Law of the Sea declares that:
“The sovereignty of a coastal State extends, beyond its land territory and internal waters and, in the case of an archipelagic State, its archipelagic waters, to an adjacent belt of sea, described as the territorial sea. This sovereignty extends to the air space over the territorial sea as well as to its bed and subsoil”.
Every State has the right to establish the breadth of its territorial sea up to a limit not exceeding 12 nautical miles, measured from baselines

Example of the legal status of the Sea facing the coast.

Example of the legal status of the Sea facing the coast. Source: www.absoluteastronomy.com

A practical example of the UK Sovereignty above it territorial sea and its airspace (respectively in light blue and grey color).

A practical example of the UK Sovereignty above it territorial sea and its airspace (respectively in light blue and grey color). Source: http://www.jncc.gov.uk/

Like many human principles, even the theory of the sovereignty of the State on its air space takes many decades to be created and to become refined.
Several aerial incidents and diplomatic clashes among States have occurred and, even nowadays, we are witnesses of some Powers showing up their muscles: Russian Bears violating UK air space, Norway and Iceland, US reconnaissance planes performing surveillance and spy activities near the Chinese border, Turkish-Greek struggles above the Aegean Sea, only to mention a few examples.
But how this theory of sovereignty over the air space was born and developed?
At the beginning of the aerial navigation, the prevalent doctrine was oriented on affirming the theory that stated the legal status of the air space as a result of the postulate of the air freedom. Therefore, the air space was firstly excluded from the exercise of the sovereignty by the States.
Nevertheless, in the international practice – after some initial uncertainties – many episodes exist and were interpreted as unambiguous claims of the States on affirming their power on the air space above their land areas and territorial waters.
The very first aerial incident related by the supposed (or true?) violation of the national air space occurred in 1904, when some Imperial Russian soldiers shot down a German aerostat: an incident that caused a long and controversial diplomatic clash between the two States.
At the outbreak of the World War I, the non-belligerent States adopted some measures to deny the flyover of the neutral territory by the States engaged on the air battles.
During the war several aerial intrusions were perpetrated mostly by German and British planes over the Swiss territory and some weak attempts to preserve the neutrality of its air space were made, even if Swiss aircrafts were armed only with carbines and flechettes and the organization of the new air force was rudimentary.
Because of this, the nominal commander of the Swiss air arm, cavalry captain Theodor Real, resigned his post in November 1916 when the army refrained from using its rudimentary air force to defend Swiss airspace against frequent German intrusions, even after Porrentruy was bombed by German aircraft on October, 1916.
The explicit recognition of the complete and exclusive sovereignty of the States on the air space above the land areas and the territorial sea was internationally declared only through international Conventions on the aerial navigation.
The Convention signed in Paris in 1919, in Madrid in 1926, in Havana in 1928 and – still now in force – on the article 1 of the Convention on Internationl Civil Aviation signed in Chicago, on 7 December 1944.

Exclusive pictures: first Italian Air Force SF-260EA in new colour scheme

The SF-260EA of the Latina-based 70° Stormo of the Aeronautica Militare (Italian Air Force, ItAF) will soon receive a high-visibility colour scheme since the previous grey one made rejoin and formation flight a little too difficult for student pilots.

Previous

Today the first aircraft in the new colour scheme (MM55119 “70-26”) rolled-out at Latina and Giovanni Maduli was there for this site to take the following exclusive pictures. The above image shows the same aircraft in the previous colour scheme.




The Universal Studios B-747 crash set

I took the following pictures in 2007, during the Universal Studios tour in Hollywood, CA, USA. They depicts the outdoor airplane crash set built for War of the Worlds movie, directed by Steven Spielberg. The outdoor set, where Spielberg and his crew shooted for three days in January 2005, is mainly occupied by the chunks of a presumed wreckage of a B-747. Interestingly, a real Jumbo was used: the former All Nippon Airways JA8147, whose registration was N219BA. The aircraft was chipped into pieces and transported to the Studios. Actually, during the filming, the houses covered the asphalt road where the tour tram passes, but they were moved on the right of the tram off the road. Even if the production used a real plane the entire scene is quite different from an actual Jumbo crash site: the main aircraft parts are located in a relatively small area, while in a real crash site pieces would be spread in a larger area.



Back up is a must: the AVSIM hack story

A press release, a few months ago struck my attention. AVSIM, one of the leading Flight Simulation sites, that was operating since 1996, issued the following press release:

“We regret to inform the flight simulation community that on Tuesday, May 12, AVSIM was hacked and effectively destroyed. The method of the hack makes recovery difficult, if not impossible, to recover from. Both servers, that is the library / email and web site / forum servers were attacked. AVSIM is totally offline at this time and we expect to be so for some time to come. We are not able to predict when we will be back online, if we can come back at all. We will post more news as we are able to in the coming days and weeks….”.

Actually, I was not struck by the hack itself, since it is quite obvious that the more a website is very well known, the more the possibilities that it becomes a valuable target for a hacker. In this particular case, the attacker did not perform a typical defacing (did not change the layout and contents of the portal), nor caused a Denial-of-Server (thus preventing legitimate users to access the site), but “simply” deleted the partitions of both AVSIM servers. I don’t know how the attacker performed the attack. However, I’m pretty sure he followed the usual “procedure”: initially, he exploited a vulnerability of the Web Application to gain access to the server, then he uploaded some code on the web server to make a local privilege escalation gaining the rights to use any kind of command.
Anyway, what really “shocked” me is not that despite security countermeasures were in place a website was attacked, but that a serious web business was wiped off as there wasn’t any Disaster Recovery plan foreseing content back ups off-site. The data is the business for many web-based organizations and back ups are paramount for business continuity in case of attack. Not only performing a periodic backup is important. HOW you back up data can prevent loss of money and downtime of services too.
On May 13, 2009, a quote in the AVSIM temporary forum explained that they dutifully backed up their servers every day. Unfortunately, they backed up the servers BETWEEN servers. “That is, GREEN, our library server, would be backed up to PURPLE, our WEB/Forum server. That way, if one or the other failed, we would have a back up on the remaining active server. The hacker took out both servers, destroying our ability to use one or the other back up to remedy the situation”. Although cross back up is better than no-back ups and backing up on the same servers, it is not a procedure I could expect in a large organisation that makes money with its website! A proper back up for such a portal would require at least an off site back up and possibly a back up of the back up. There are various methods to make a back up and to keep it available. One could be using a mix of protected RAID (Redundant Array of Independent Disks) architecture in mirroring, striping or parity configuration and an off-site weekly back up.
For sure AVSIM had not a certified Information Security Management System (ISMS), “that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security” (where Information Security means “preservation of confidentiality, integrity and availability of information”). ISO 27001 would have asked for a back up policy “to maintain the integrity and availability of information and information processing facilities” (A.10.5) and for a Business Continuity Management “to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption” (A.14).
By the way, with the support of the community (even financial one), AVSIM was patiently restored….I hope with some lessons learned for the future!