New Cyber Defense Toolkit For Emerging Threats To Civil Aviation

Raytheon Intelligence and Space has developed solutions to the diverse and growing cyber threat landscape. The FAA's Next Generation Air Transportation System (NextGen), will modernize America's air transportation with interconnected air traffic control, making air travel safer and more efficient than ever. But improved connectivity also increases the danger of cyberattack by giving attackers possible inroads to everything on the network, including aircraft and their subsystems.

There are other new vectors of attack too, from malware embedded in imported electronic components to careless use of USB thumb drives by the plethora of individuals with access to these systems. They can expose operators to threats ranging from criminals trying to lock up systems with ransomware to a full-on assault on our national critical infrastructure by a hostile state.

"We have already seen airline reservations attacked using third party software, and airline maintenance hacked," says Kip Spurio, technical director of air traffic systems at Raytheon. Future attacks could extend to every corner of the connected air traffic control system.

Raytheon's suite of tools provides a layered defense against current and emerging cyber threats, and can be tailored to each customer's needs. The tools are built around a philosophy of Zero Trust: rather than simply protecting some aspects of a system, the suite continuously monitors, assesses and verifies users, hardware and software to ensure they are trustworthy leaving no gaps for intruders to exploit.

In aviation, cybersecurity may be literally a matter of life or death, and the traditional cybersecurity approaches are insufficient when protecting against advanced threats.

"The first things people usually do is unplug and try to isolate the problem," says Teresa Shea, VP Cyber Offense and Defense Experts. "You can't do that to an air traffic control system with planes in the air."

This is why Raytheon emphasizes the importance of resilience. Resilience is not just a matter of containing the attack, but of managing an attack as it occurs while still carrying on operations as normal.

"The bottom line is that you need the ability to continue through an attack and protect those planes," says Spurio. "The priority in air traffic control is to have that resilience."

The layered defense starts with Boot Shield, a hardware device added to legacy systems to keep them free from malicious code on startup. This is an important foundation because software loaded during boot-up is often implicitly trusted further down the line.

The suite also includes Electronic Armor which gives both hardware and software protection against unauthorized access and tampering. Countervail is a software tool which assumes that an attacker already has privileged access and maintains integrity by preventing them from updating software or data. The Cyber Anomaly Detection System (CADS) proactively identifies anomalies and intrusions in real time on communication busses, while REDPro is a compilation of all of these and more that monitors an entire enterprise in real time, checking for irregularities.

Sophisticated machine learning creates a baseline for each installation, learning the normal pattern of data transfer and behaviors throughout the working process. This works down to the level of every port on every device, allowing automated tools to detect out of the ordinary activity whenever it occurs. Automation also means that the defenses can respond dynamically to attacks, for example REDPro can lure intruders away from mission-critical functions with decoys and confine them to a secure 'sandbox'.

Shea says that Raytheon has the best vulnerability researchers in the business. They have developed an emulation environment to test complex systems of systems to support large scale automated cyber testing allowing owners to efficiently identify and resolve vulnerabilities during the development cycle. This is DejaVM, which allows large-scale systems to be subjected to the most intense attacks to identify weaknesses and loopholes, without using operational systems. DejaVM can provide a thorough understanding of a system's cyber defense requirements.

Each customer will require a different set of tools from the portfolio, customized to their particular requirements based on what systems they are running.

Raytheon's highly capable defenses still leave humans firmly in control. Their tools can automatically discover, identify, and locate cyber-attacks and alert operators, but the operators themselves make the decisions about responses, for example whether to switch to a backup when a system appears to be compromised.

Raytheon's cyber portfolio is designed to ensure that increasing interconnectedness will not leave any gaps for cyber attackers to exploit—and will provide that all-important resilience in an increasingly interconnected and hazardous cyber environment.

To learn more about our airspace modernization solutions, click here.

To see more on our Cyber Resiliency Solutions, visit our site.

Learn more about our Cyber Offense and Defense options here.

To learn more about our Cyber Anomaly Detection System, click here.