Category Archives: Aviation

airplane taking off

Mayday: The Call for Cybersecurity Reform in Aviation

If the first big cybersecurity breach of 2018 has taught us anything, it’s that even multinational tech companies need help navigating the realm of cybersecurity. Intel knew about Spectre and Meltdown since June of 2017 and eight months of inactivity is not sufficient post-breach protocol.

If the tech industry is struggling to grasp cybersecurity’s severity, what does this mean for other industries? As tech and financial institutions recognize the importance of cybersecurity, other industries need to address the digital elephant in the room.

If we think about the most vulnerable industries to cyber-attack, the answer may both figuratively and literally fly over our heads. The aviation industry is one of those most influential industries in the global economy and one of the most susceptible right now to cyber-attack. As the number of digital components in the cockpit has increased, so too has the attack surface of all aircraft and air traffic control systems.

In the United States alone, the civil aviation industry accounts for over five percent of the US economy generating $1.6 trillion in economic activity per year. While a cyber-attack impacting the economy is frightening enough, the most alarming notion is that hackers have the ability to make airplanes vanish from radar systems or even crash. Even smaller scale cyber attacks can have a significant impact. A simple Denial-of-Service for airport services or flight delays can have massive cost implications and impact goods, people and information. With dollars and lives at risk, it’s important to understand where and why certain threat vectors in the aviation industry exist.

Mind the ‘air’ gap.

Traditionally, component parts and systems in aviation have been made up of air gapped technologies making them near to impossible to breach. As society has evolved and shifted to a more connected digital environment, we’ve seen a similar paradigm shift in aviation. Even critical components such as engines, hydraulics and flight management systems are now being monitored using IoT approaches to services. While this has made flying easier for pilots and cozier for passengers, it has also made systems exponentially more vulnerable to cyber-attack – specifically after switching from fly-by-wire to fly-by-wireless systems.

With fly-by-wireless technology, aircraft are controlled with fewer, more centralized units by

using higher throughput multicore, multiprocessor computers and commercial off-the-shelf components. While this increases efficiency, it also means that the aircraft, cockpit, cabin crew and passengers are using many of the same communications constituents. Wi-Fi, passenger information, avionics and more are all controlled by a centralized system making a single cyber-attack easier and all the more catastrophic. Not only that, but since aircraft parts are manufactured by different sources, malware could infiltrate these systems as early their journey through the supply chain.

As aviation security measures struggle to keep up with aviation technology, a number of threat vectors have surfaced. The most common in the industry include: air traffic control, aircraft IP networks, aircraft communications addressing and reporting systems (ACARS), aircraft interfaces, reservations, document control, electronic flight bags (EFB) and baggage handling. Since all airline and airport operations differ slightly, determining to what level these vectors exist and how to protect them requires a Threat & Risk Assessment (TRA) and Risk Registry (RR). With a TRA conducted and RR in place, organizations can prepare cybersecurity methodology for both pre- and post- breach conditions.

Keep airways breach-free.

You can summarize an effective cybersecurity policy in two words: be proactive. Setting up pre-breach methodology is equally as important as having post-breach methodology in place. The greatest victory is the battle not fought and there is too much at stake for the aviation industry to wage war with cyber criminals.

The harsh reality is that airlines need to prioritize as it is too expensive to protect all assets from all threats. While a TRA and RR provide the framework for an airline’s individual security needs, the mercurial nature of cyber threats requires ongoing monitoring and maintenance of the methodology in place. Pre-breach methodology should follow international standards and consider the full breach picture by understanding the risk of data exposure, breach prevention and incident response.

In an ideal world, incident response wouldn’t be a part of breach methodology, but hackers are a cunning bunch. Defenses are sometimes broken and airlines need to be prepared. Post-breach methodology is about timely mitigation and since it takes businesses an average of 100 to 200 days to detect intrusion, timeliness seems to be a widespread issue.

The key to prevention and detection is ensuring technical controls are in place and that policies and procedures governing security practices are well communicated to protect and secure assets. The ability to detect and perform an incident response that follows a breach aids greatly in tightening security practices by identifying methods that will prevent further compromise in the future.

Airlines need to realize that this can’t be done alone. Whether it’s through the public or private sector, airlines need to partner with experts that understand the ever-changing cybersecurity landscape. The best security partner helps you implement procedures to handle this swiftly and independently and can also be called to assist in emergency situations.

A commercial plane wouldn’t take off without landing gear nor would it fly without a channel connected to air traffic control. Whether it’s physical or digital, a preflight checklist is required to ensure safety of both the flight crew and passengers. Cybersecurity isn’t a risk the aviation sector can afford to take.


Security Considerations for Aviation FDM

This pass week I was in LA attending the ITU-T FA AC meetings. This group is focused on aviation flight data monitoring (FDM). This was my first time attending this group but given the cyber security aspect of data collection I had to attend. The first day was really a learning process to get a grasp of the terminology used in aviation — it quite different from cyber security however with my pilot training I was surprised what I already knew.

While the aviation industry is quite keen on operational security cyber has added another level of complexity to the equation — how to collect near real-time data from an oceanic flight? While there are solutions like SATCOM it is not just that easy to point traffic to a satellite, for one is expensive. You want to make the solution is cost effect and to focus on the data that would be required to perform analytics. This will include situations where a flight is in distress and needs to send a beacon and data that it is in trouble. In these situations data collection is more critical for both the airlines and possibly crash investigators.

While we are still in the process of developing our recommendations to ITU-T and ICAO, some of the important security considerations of FDM include the following:

  1. Collect only that data that provides relevance. Nothing new here from a security or privacy perspective.
  2. Ensure that while that data is in transit that it cannot be modified, intercepted, jammed or compromised in anyway. This really speaks to solid security requirements from the airline regulatory bodies and a good SDLC for these solutions. The security threat model for each of these solutions needs to known before these devices are ever deployed. As all things hackers are educating themselves to the technology and targeting the low hanging fruit in both avionics and in-flight data services.
  3. Using cloud services to provide FDM is a cost effective method to provide flight analytics. However, as in everything cloud providers need to be very contentious of protecting this data. Not only while in transit but when stored on servers. Cloud service providers need to ensure that they have a good ISMS implementation and the necessary technical controls for monitoring their infrastructure for signs of compromise attempts. This can include a multi-tiered design to isolation critical data. Can you imaging the FDM provider being DDoSed when a airliner is in distress? This could result in lost or compromised data when it is most important. 
  4. Threat modelling  aka Technical Risk Assessments (TRA). These need to be conducted not only prior to the service being designed but every time there are changes to the infrastructure. This includes ensuring that risks identified are addressed via a Action Plan and detailed project plans document the who, when, where and what of this updates.
  5. Real-time monitoring of infrastructure. I am not talk about just SNMP monitoring here. The cloud service provider needs to ensure that systems are monitored for unapproved changes, changes to system binaries or other critical files, failed user access attempts, administrative logins and activities and pattern changes of data in motion. This is just a short list but you get the idea. Using the TRA will identify the critical assets and should result in what needs to be monitored.
  6. Failover capabilities. All commercial aircraft have redundant capabilities for critical flight systems. We have to have the same attention to this when creating FDM solutions.

Well, I hope this opened your eyes a little to the security challenges to setting up a cloud service provide for FDM services. While not easy, the time spent on process, people and technology will ensure that service availability is much higher and customers (airlines) can be provided a higher level of assurance.

I will be reporting back again once we are getting closer to our final recommendations. You can be comforted that airlines, operators, vendor solutions, and regulators realize the critical importance of cybersecurity to aviation and are working to ensure that flight operations will not be impacted by compromise attempts. And as everything in aviation there need to redundant systems