Kent L. Statler, Executive Vice President and Chief Operating Officer,Commercial Systems, Rockwell Collins
Sponsored content provided by
In the 1995 movie “Apollo 13,” an oxygen tank explodes in the spacecraft’s Service Module, forcing astronauts Jim Lovell, Jack Swigert and Fred Haise to initiate a perilous return to Earth. They’re cold, sleep deprived and on edge; their lives hang in the balance. In a tense moment, Swigert questions the accuracy of re-entry data from Mission Control. Lovell responds calmly, “Jack, they’ve got half the Ph.D.s on the planet working on this stuff.”
Lovell’s meaning is clear. If there’s a way to bring us home safely, our team will find it.
Today, that’s how I feel about cybersecurity and the commercial aircraft. There are a lot of very smart men and women working long hours to ensure that we continue to fly with confidence. And whenever I fly — and I fly a lot — it’s with complete confidence.
A dramatically changed aviation ecosphere
It’s fair to say, however, that cybersecurity is of growing concern within the aviation industry and among the flying public.
The connected aircraft — enabled by highly integrated avionics architectures and broadband internet connectivity that can run multiple personal electronic devices at terrestrial speeds — has created concern about potential access points for hackers and terrorists that were previously unavailable with analog systems.
“It’s fair to say that cybersecurity is of growing concern within the aviation industry and among the flying public.
It’s examples like these that concern the aviation industry. We understand that cyberattacks will grow more sophisticated and malicious. We need to be ready. Rockwell Collins and other aviation industry leaders are addressing commercial airlines’ cybersecurity on two interconnected fronts: the aircraft and data delivery systems.
Cybersecurity: The aircraft
The modern connected aircraft can be seen as having three communication domains: closed, private and public.
The closed domain encompasses the flight deck where the function is aircraft control. Communications are enabled via air-to-ground datalink services provided by HF, VHF, XM radio and SATCOM. And the data delivered includes flight plans, real-time weather updates, situational awareness, and aircraft engine performance.
The private domain is next and the purpose is flight operations and maintenance. Communications are enabled by Wi-Fi, Ethernet and USB. And the data delivered includes flight manifests, gate information, maintenance data, and in-flight entertainment (IFE) content by the airline.
At the back of the aircraft is the public domain where passengers sit. The function of communications here is to enable passenger-owned devices to receive and deliver their own entertainment including digital movies, web content, and other wireless passenger services via physical storage devices, broadband SATCOM and Wi-Fi.
The digital nature of these three domains does, in theory, provide new avenues of access that cyberattackers might exploit. However, it’s crucial to understand that the industry and regulators continue to put passenger safety considerations at the forefront of every decision regarding aircraft design and operation. The industry has introduced layered security mechanisms — on both hardened systems and networks — to ensure the integrity of data and the communications pipes that deliver it. So whether IFEC and flight deck systems are physically separated or logically separated, certified control of information flow between the two systems can be maintained.
Additionally, we consider threats as part of system design; the system must account for and address threats it might be exposed to in operation. The system is then tested against these threats as part of the verification process.
Yet another compelling reason for confidence in commercial aviation cybersecurity is the application of formal methods to help ensure high-integrity software systems. Formal methods include the application of rigorous mathematical reasoning and advanced analysis tools to enhance the security of a system. We’ve successfully used these methods in our role as the prime contractor for the unmanned air vehicle portion of the High-Assurance Cyber Military Systems program of the. Using formal methods, we were able to redesign and verify software on a military platform so that a leading-edge cyberattack would have no adverse effect.
When appropriate, we can apply what we’ve learned in the military environment to improve the cybersecurity of commercial aircraft systems and their operation.
“Yet another compelling reason for confidence in commercial aviation cybersecurity is the application of formal methods …
Cybersecurity: Data delivery systems
Commercial aircraft require safe, secure and reliable communications from both ground and satellite sources. These data delivery systems collect, manage and electronically distribute the information that keeps everyone from flight deck and cabin crews to maintenance personnel and passengers aware, informed and entertained.
Today, for example, a pilot’s electronic flight bag has replaced more than 35 pounds of paper maps, charts, processes and procedures. That’s a lot of data. Even more impressive is that the newest generation of air transport aircraft, such as theDreamliner and , generate several orders of magnitude more data than comes off aircraft built just five years ago. As we connect this newest generation of aircraft to the ground via broadband connections, the cybersecurity challenge is obvious. Each digital connection creates a threat vector that cyberattackers will try to exploit.
Airlines must have confidence that the data they receive actually comes from their systems, hasn’t been compromised, and remains confidential. So the issue is how do airlines establish absolute trust in their data delivery systems?
One of the ways that Rockwell Collins answers this question is by developing, delivering, monitoring, maintaining and constantly testing our private, secure, purpose-built, end-to-end aviation network with reliability of 99.999 percent up time. This private network segregates the most crucial data communications and is a critical layer of defense against cyberattacks. Pairing this private network with an innovative, secure and ruggedized aircraft data router provides an even greater threat defense solution to cyberattacks.
Moreover, the 2016Reauthorization Act, passed by the U.S. Senate on April 19, includes three sections related to increasing cybersecurity and includes several directives for the administrator of the FAA. Among these directives are to develop an appropriate plan to mitigate cybersecurity risk, to respond to an attack, intrusion, or otherwise unauthorized access and to adapt to evolving cybersecurity threats.
Bet on our team
I’m convinced that cyberattacks on commercial airlines will increase in number and malicious intent. To think otherwise would be naive.
Yet, let me reinforce what I said at the beginning of this article. I fly a lot and I fly with complete confidence in aviation cybersecurity that is both in-place and just around the corner. So, from where I sit, the watchword for the commercial aircraft industry is continued vigilance and the ongoing application of leading-edge technology.
In short, I’d bet on “our team.” Just as Jim Lovell bet on his.