Interconnected aircraft put cybersecurity in spotlight
A demonstration at a computer hacking conference in Amsterdam in April 2013 brought aviation cybersecurity into the public eye. At the so-called “Hack in the Box” annual conference, security consultant Hugo Teso described how an Android application for a smartphone could in theory be used to remotely control an aircraft's flight path by exploiting weaknesses in the onboard aircraft communications addressing and reporting system (Acars) data link and the flight management system.
While the industry has largely dismissed as unrealistic Teso's experiment, which was conducted in a laboratory environment using publicly available software simulations of the flight management computer, it has not discounted the growing threat from intruders as aircraft and air traffic management systems become more interconnected and software grows increasingly generic. The concerns are fueling calls for global action, with experts saying information security has not kept pace with connectivity advances.
“Currently, there is no common vision, or common strategy, goals, standards, implementation models or international policies defining cybersecurity for commercial aviation,” say the authors of an American Institute of Aeronautics and Astronautics decision paper published Aug. 13. The authors present six recommendations, including building road maps for near-, mid-term and long-term actions and establishing a method of coordinating national aviation cybersecurity strategies, policies and plans.
While there may be gaps in the high-level plans, much of the groundwork for safeguarding information and communications technology in avionics and air traffic management (ATM) systems is underway.
in the past year formed a security group within its commercial systems division, leveraging experience it has gained from its government business but specifically for its civil aviation products.
Scott Zogg, senior director of engineering for commercial systems, says the group has an internal charter to make sure proper processes, procedures and training are in place for avionics development and certification efforts. In part, that means helping the product development team perform vulnerability testing. Zogg says the group has also developed a security road map that is “complementary” with its product road map to make sure the systems “stay ahead” of potential threats. He says the security team will study the architectures of the systems from early development stages through the entire life cycle, including disposal.
Zogg says data security at an interface involves knowing where data is coming from; knowing who sent it; making sure it wasn't changed (and if the system is wireless, making sure it is not overheard), and making sure that it will not cause a denial of service preventing important data from getting through. “It's no different in avionics than in any other environment, just the details are changed,” says Zogg.
With a layered approach, commercial off-the-shelf (COTS) products can be used while ensuring overall product security. “To use (a COTS device) in the system, you need layers of security outside of that device to make sure what's coming from it hasn't been tampered with,” says Zogg.
Along with design, systems must be tested for vulnerabilities, and work underway in an RTCA special committee will help. “We're trying to establish how to assess the risk and when you have the right mitigation in place,” says Daniel Johnson, an engineer fellow withAerospace and co-chairman of RTCA Special Committee 216, aeronautical systems security. RTCA is among a large number of standards groups internationally that are addressing cybersecurity concerns. Committee 216 published its first process standard in 2010, and plans to update the document early next year with more guidance for security risk assessments.
“The assessment will look at forms of connectivity, the interconnection between systems and the “population that threatens you,” Johnson says. On the topic of connected aircraft, he says wireless and broadband satellite communications systems are a “big” concern. “We now have onboard systems that are reachable from ground systems that are not undercontrol,” says Johnson. “If you have an aircraft with a wireless system for maintenance reasons, if you don't encrypt properly, then anyone else with a Wi-Fi might be able to talk to the aircraft itself. It's an extra exposure we did not have previously.”
On the ATM side,is making plans to bid on a request for proposals for a two-year security project under the Single European Sky program. The RFP, expected to be issued by year-end, will ask companies to define specific requirements, prototypes and definitions for how to test cybersecurity requirements for ATM. Those requirements today are not well defined, says Lionnel Wonneberger, Thales's strategy and marketing director for ATM activities. “Modern air traffic control concepts, including system-wide information management, connect a number of non-ATM systems,” he says. “In doing so, we may increase the risk of intrusion externally, but we may also have interference from the inside.”