End-to-End Aircraft Cybersecurity is Today's Digital Airworthiness.
Saheed Oyedele B.Tech., M.Sc., M.Sc., Doctoral Cand.
?? Electrical & Electronics Engineer | Network Engineering Specialist | Data Analytics Expert | Cybersecurity Professional | Doctoral Candidate in Cybersecurity & Information Assurance ??
Strengthened security is always an asset. Airport security is something most people know well—queuing, removing shoes, emptying water bottles. Airport infrastructure cybersecurity, however, is a topic that is now evolving. Aviation’s critical infrastructure must be protected. People consider aviation safer than the other modes of transportation. In case a cyber-attack occurs in this industry, it would result in major economic and social consequences. The aviation industry is also not immune to cyber threats. Cybersecurity is even more important when you are up in the air. Modern aircraft are increasingly connected to the Internet. They are introducing recent technologies and concepts through non-aviation means, such as Cloud, 5G Wi-Fi, satellite communications, and Machine Learning. Modern airplanes are equipped with networks and systems that share data with the pilots, passengers, maintenance crews, other aircraft, and air-traffic controllers in ways that were not previously feasible. As a result, if avionics systems are not properly protected, they could be at risk of a variety of potential cyberattacks. Vulnerabilities could occur due to not applying modifications (patches) to commercial software, insecure supply chains, malicious software uploads, outdated systems on legacy airplanes, and?flight data spoofing. The increasing connections between airplanes and other systems, combined with the evolving cyber threat landscape, could lead to increasing risks for future flight safety.?
With just a few keystrokes, hackers may be able to collect personal data from aircraft passengers or flight operations employees, gain control of finances and even damage a company’s IT infrastructure. Guarding against cyberattacks requires participation and vigilance by everyone in the aviation operation, as well as cooperation from vendors and support providers. Cybersecurity is a central concern for aviation, regardless of the progress of their digital transition. Protecting those systems requires building up protections adapted to aviation constraints – long certification cycle, cost savings, safety DNA – and maintaining their resilience over the time despite the evolution of threats. The time has come for all onboard aircraft systems — including avionics — to be regarded as being vulnerable to cyberattacks. As such, the security procedures for protecting them should be as thorough and in-depth as any other internet-connected device. Cyber-attacks can potentially target critical systems such as air traffic control, Reservation systems, Flight management systems, Access, departure and passport control systems, Flight traffic management, Cargo handling and shipping, In-Flight Entertainment (IFE) and Connectivity Systems, Electronic Flight Bags (EFB), Cabin crew devices, Hazardous materials transportation, Aircraft navigation, and communication systems - any of which could result in catastrophic consequences, including loss of life. Today’s avionics increasingly use commercial off-the-shelf software, easily updatable software, and onboard networks to operate the aircraft. As?aircraft, and systems become more interconnected, cybersecurity will increasingly play a larger role in aviation security. That is because nation-states, cyber criminals, and hacktivists all possess an incentive to manipulate systems within this sector. In?2015, a Polish aircraft with hundreds of passengers aboard was grounded in what airline officials believe was likely a Distributed Denial of Service (DDoS) attack, according to a Reuters report. In a DDoS attack, hackers seek to flood critical computer systems with traffic, causing the server to overload and cease functioning.?
Experts believe that on-the-ground networks that are connected to planes, which help in uploading or downloading flight-related information are the most vulnerable to cyber threats. Cybersecurity researchers also have warned that hackers could target satellite communications equipment on passenger jets through WiFi and inflight entertainment systems. In 2006, the US Federal Aviation Administration was forced to shut down its air traffic control systems in Alaska due to an attack on the internet. Again in 2013, 75 airports in the USA were targeted via phishing attempts. The passport control system at the departure booths of Istanbul airport was shut down in 2013 due to a cyber-attack that resulted in delaying of many flights. A notable trend among cyber criminals targeting business travelers involves gaining unauthorized access to confidential business data. The increasing demand for in-flight cabin network connectivity and the continuous dependence on data for productivity improvement and entertainment have resulted in a significant increase in data transmission. As this data transmission surges and aircraft connectivity expands, a safety challenge arises. When in the air, aircraft are not immune to cybersecurity threats originating from the ground. For instance, providing unsecured WiFi to both flight crew and passengers can simplify this type of hacking because hackers can establish connections more easily. Presently, 85 percent of aircraft capabilities are now being ran by software.?
Cyber hygiene in avionics needs to begin with ensuring the appropriate training is being provided and the training is tailored to that specific job. Operators also need to ensure that routine maintenance is conducted on the systems by running up-to-date antivirus software and to run the antivirus on any software before it is loaded on the aircraft. It is also crucial that operators follow the technical order as most errors occur when procedures are not followed. steps are being implemented to protect aircraft avionic systems from cyberattacks.?According to data compiled by SITA, around 94% of airports have started investing in cybersecurity programs, topping the list of high priorities in the short term ahead of Cloud and remote IT services. Implementation of network segmentation policies and controls to ensure the operational technology system can continue to safely operate in the event an information technology (IT) system has been compromised. Implementing continuous monitoring and detection policies and procedures to detect cybersecurity threats and connect anomalies that affect operations. Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology. Implementing powerful firewalls that monitor network traffic and identify potential threats can thwart unauthorized access attempts. Enforcing multi-factor authentication protocols adds an extra layer of security, making it significantly harder for cybercriminals to infiltrate systems. Conducting routine security audits helps identify vulnerabilities and implement necessary patches or updates promptly. Perform regular vulnerability scans to identify weaknesses in the system. Conducting penetration testing to simulate potential cyber attacks and evaluate the effectiveness of existing security measures. Implementing a risk register to document identified risks, their potential impact, and mitigation strategies. While the airline industry is widely admired for its safety record regarding equipment and passengers, aviation cybersecurity lacks the same strict, well-known procedures. Modern airliners are essentially digital machines, a complex web of devices and controls that could be vulnerable to attack. Without the proper precautions, cockpit avionics systems could be accessed from in-flight entertainment systems, for instance, With the influx of in-flight entertainment and network-enabled maintenance and management functionality, an airliner at 30,000 feet is in constant contact with the ground. That means airline payment systems are vulnerable to the same types of cyberattacks from other passengers on the plane’s Wi-Fi. Passengers using an airline’s in-flight connection are often subject to lax security protocols, often less than the standard procedure for a business network on the ground. Published reports outline the possibilities and realities of attacks on email and other services while in the air. Any website that passengers visit could provide a vector for a malicious attacker to access onboard information and systems through passengers’ infected machines. But the worst-case aviation cybersecurity scenario is that a plane’s systems are hacked to affect its course, controls and passenger safety.?
?Each of these provides attack vectors whose vulnerabilities can be leveraged by hackers. The new DO-326A and ED-202A cyber-security document set is meant to thwart such hackers. The truly scary thing about these AI-enabled malware systems is that they make it possible for nearly anyone to develop malware and initiate threats 24/7 with no real limits. These new threats make it more necessary than ever before to ensure airports and airlines are compliant with the new TSA emergency amendment. Airports and airlines do have security measures in place prior to the TSA amendment. In addition to utilizing standard anti-malware and cybersecurity systems, the aviation industry is also required to comply with standards like DO-278A, a protocol created by the Radio Technical Commission for Aeronautics (RTCA) in the United States. DO-278A deals with software testing and safety for ground systems, specifically communication, navigation, surveillance, and air traffic management (CNS/ATM) systems at airports. Securing aviation systems involves proactively identifying, assessing, and addressing potential security vulnerabilities within aviation infrastructure. The work entails simulating cyber-attacks and exploiting weaknesses within the aviation ecosystem. These include communication networks, air traffic control systems, and aircraft avionics. By emulating the techniques, tactics, and procedures (TTPs) of real-world threat actors, cybersecurity professionals can uncover hidden vulnerabilities and evaluate the resiliency of aviation systems against cyber intrusions. The findings from these tests can then be used to develop effective countermeasures, enhance security policies, and contribute to the safety of passengers, crew, and ground personnel.?
?Developers use the guidelines provided by DO-278A to ensure that their software functions correctly and safely. The standard requires testing for how CNS/ATM systems function under a worst case scenario. DO-278A-compliant systems need to be able to safely handle the worst of bad inputs, user errors, and external interference. So the standard already guarantees a certain level of resilience to security threats. The problem is that DO-278A is not comprehensive, and does not specifically address how to adequately protect these systems from cyber attacks. DO-326A is a cybersecurity standard for airborne software. Recent cyber incidents targeting aviation infrastructure and data systems demonstrate the sector’s vulnerabilities and the potential impacts on safety, reputation, and financial health. Attack vectors range from compromising flight data and control systems to targeting passenger information and airline operational data. Establishing a comprehensive cybersecurity framework is crucial. This framework should align with international standards such as ISO/IEC 27001 and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Tailoring these frameworks to address specific aviation-related threats and vulnerabilities is essential.?Conducting a thorough risk assessment focusing on critical aviation operations. Identifying risks associated with flight management systems, air traffic control communications, and maintenance operations data is critical. This assessment should inform the development of a risk management strategy that includes both proactive and reactive measures. Utilizing machine learning algorithms to monitor and analyze network traffic for unusual patterns that could indicate a cyber-attack. Case studies, such as the use of AI in detecting anomalies in real-time flight data transmissions, can provide practical insights. Microsegmentation, lateral movement protection, and security service accounts are crucial components in bolstering aviation cybersecurity.?
Simulating cyber-attack scenarios plays a pivotal role in fortifying aviation cybersecurity, acting as a critical training and preparedness tool for security teams. By realistically mimicking threats like a breach in passenger data or a ransomware attack on vital control systems, these simulations provide a practical, hands-on experience in identifying, responding to, and mitigating potential threats. This proactive approach not only helps in testing and refining the organization’s incident response plans but also in evaluating the effectiveness of existing security measures and employee awareness. Regular incident response exercises ensure that both IT staff and operational personnel are adept at quickly recognizing and efficiently addressing cybersecurity incidents, thereby minimizing potential disruptions and damages. In the context of the aviation industry, where the stakes include passenger safety, trust, and substantial financial implications, these exercises become indispensable in building a resilient defense against the increasing sophistication and frequency of cyberattacks. Some pilots and navigators started to replace their traditional flight bag with an electronic flight bag (EFB) tablet, while airlines have started offering more enjoyable services in the in-flight entertainment systems (IFE) through Wi-Fi. Aircraft maintenance operations have also begun to navigate electronic manuals. Technology and digitization bring many advantages to aviation, but at the same time, create challenges in managing cyber vulnerabilities in this complex environment. Cyber technologies and connectivity expose aviation to a dangerous and costly world of cyber threats that pose a major challenge of an attack which makes the risks difficult to understand or to define. In addition, the opportunities for attacks continually grow as new services and systems are developed. The airline industry is an attractive target for cyber threat actors with a multitude of motivations, ranging from stealing value in data or money to causing disruptions and harm. With airplanes themselves becoming increasingly digital, networked components used for navigation and communication systems, for example, have created even more vulnerabilities for cybercriminals to exploit. As airplanes and aviation systems have become more digital and connected, the integrity and security of data have become much more vulnerable. The basic premise here is that if something is controlled by a computer, in theory, it can be hacked. The more connections there are, the more vulnerable your system is. Although the interconnectivity of aviation systems allows the industry to benefit from innovation and new technology, it also creates an environment for unauthorized access to occur. ?
Increased focus on cybersecurity concern in the aviation industry forces avionics systems developers to engineer their products with vulnerability risks in mind. DO-326A is being designed to address the full development lifecycle of aviation systems cybersecurity, from concept to deployment and retirement. Following the recommendations DO-326A lays out will help organization to cut development and compliance costs while ensuring the highest cybersecurity and safety levels possible for your aviation and aircraft systems. Increased reliance on digital tools in the cockpit, flight department and the companies that support business aircraft operations also place aircraft and passengers at increased risk. As cyberattacks increase at an alarming rate, criminals continue to target flight operations, trying to steal data and hold it for ransom. Experts share guidance on shoring up your defenses now to avoid becoming a victim later. With just a few keystrokes, hackers may be able to collect personal data from aircraft passengers or flight operations employees and even damage a company’s IT infrastructure. Guarding against cyberattacks requires participation and vigilance by everyone in your aviation operation, as well as cooperation from vendors and support providers. The airline industry relies more and more on the latest technologies, which are extensively connected from ground. The aviation industry has witnessed significant digital transformation in the last few decades, with advancements such as the transition from paper-based navigation charts to Electronic Flight Bags (EFBs) for pilots. Additionally, the adoption of connected Aircraft Health Monitoring Systems (AHMS) has enabled real-time monitoring and analysis of aircraft performance data, streamlined maintenance and enhancing overall operational efficiency. In early 2021, Malaysia Airlines began notifying customers that a data breach exposed the personal information of members in its Enrich frequent flyer program. The breach occurred at a third-party IT service provider, with the data of enrich members exposed between March 2010 and June 2019. The information exposed includes member names, contact information, date of birth, gender, frequent flyer number, status, and rewards tier level. Member passwords were not exposed. It is unknown how many enrich members were affected by the breach. Systems to flight operations and predictive maintenance. Some are directly relevant to the safety of aircraft in flight, others are operationally important, and many directly impact the service, reputation and financial health of the industry. However, new technology may also translate into new attack surfaces for cyber criminals and terrorists. As the attack surface increases, the industry requires a better understanding of the necessary security measures in order to sustain and assure safety, reliability and resilience. IATA supports industry-wide aviation cybersecurity activities to coordinate and calibrate, through advocacy, standards, services, and guidance material development, for the most appropriate level of holistic cyber maturity for the industry. IATA established the Cybersecurity and Resilience Management Working Group (CRMWG)? CRMWG is mandated to develop a cybersecurity strategy and roadmap, as well as to determine how the industry needs to respond to the current and future challenges to remain safe, secure, sustainable, and resilient to cybersecurity risks. This is the reason why IATA and the International Coordinating Council of Aerospace Industries Associations (ICCAIA) established together the Aircraft Cybersecurity eXchange Restricted FORUM (rFORUM) to better understand the risks, whether associated with the introduction of new technologies or those that may be shared with the original equipment manufacturers (OEMs)/System Suppliers and Design Approval Holders (DAH). Another area of involvement falls under the ICAO Trust Framework Panel (TFP), where IATA follows the work of the following groups: Identity Management, Information Security and Trust Framework Considerations. By nature, the aviation sector is composed of complex systems of stakeholders including Airlines, Airports, Air Traffic Management, Unmanned Traffic Management, etc. The sector is undergoing major digital transformation with increased inter connectivity and dependency.? The aviation sector is not spared and is becoming a rising concern for cyber attackers.?
While in other sectors the impact of cybersecurity incidents is essentially financial, in the aviation sector it has the potential to impact key aspects such as operations, compliance, reputation, or even safety. While cybersecurity had become a significant component of organizational budgets over the past decade, recent financial instabilities have led to budget pullbacks. The economic uncertainty also fuels concerns about an increase in cybercrime within organizations. The aviation industry has witnessed significant digital transformation in the last few decades, with advancements such as the transition from paper-based navigation charts to Electronic Flight Bags (EFBs) for pilots. Additionally, the adoption of connected Aircraft Health Monitoring Systems (AHMS) has enabled real-time monitoring and analysis of aircraft performance data, streamlining maintenance and enhancing overall operational efficiency. The information exposed includes member names, contact information, date of birth, gender, frequent flyer number, status, and rewards tier level. Member passwords were not exposed. It is unknown how many Enrich members were affected by the breach. One of the primary challenges associated with testing the security of aviation systems is the inherent complexity and interconnectivity of the various components that make up the aviation ecosystem. This intricate network of systems, which includes aircraft avionics, air traffic management, communication networks, and ground support infrastructure, can make it difficult for cybersecurity professionals to identify and isolate potential vulnerabilities. Challenge is the potential impact of penetration testing on the operational efficiency and safety of aviation systems. Conducting tests on live systems can be risky. Any disruptions or unintended consequences could have severe ramifications, including the potential to compromise the safety of passengers, crew, and ground personnel. As a result, testers must carefully plan and execute their tests in a controlled environment. These environments use simulated systems to minimize the risk of unintended disruptions. Cisco’s comprehensive suite of cybersecurity services are tailored to the industry’s needs. Cisco’s threat modeling services help aviation organizations identify potential vulnerabilities in their systems, evaluate the risks associated with various attack scenarios, and prioritize mitigation efforts. By using a proactive approach, Cisco helps aviation organizations stay ahead of emerging threats and better protect their complex, interconnected systems. Additionally, Cisco’s penetration testing services simulate real-world cyberattacks, uncovering weaknesses in communication networks, air traffic control systems, and aircraft avionics, enabling organizations to strengthen their cybersecurity posture and ensure compliance with industry standards. Additionally, he emphasized the consolidation of vendors as a growing trend. The aviation industry, in particular, has experienced an influx of vendors supplying various components, leading to increased risk exposure. Consolidating vendors allows organizations to streamline risk analysis and assessment, resulting in time and cost savings. Investing in robust cybersecurity measures and staff training is vital to ensure proactive defense against evolving threats. The alarming rise in insider cyber threats within critical infrastructure organizations, including the transport and aviation sectors, demands immediate attention. Economic uncertainties have led to reduced cybersecurity budgets, increasing the risk of internal and external cybercrime. Ransomware attacks, in particular, pose severe consequences for organizations. By implementing strategic measures such as outsourcing, vendor consolidation, and maintaining cybersecurity budgets, organizations can better defend against insider threats. To protect critical infrastructure and ensure global security and stability, it is necessary to cultivate a cybersecurity culture and stay informed about emerging trends.?
领英推荐
Any device with an IP address is vulnerable to a cyberattack, including the router on an aircraft providing Wi-Fi connectivity to passengers and crew. It is one reason flight departments should regularly change that router’s password.? The bad guys record a cell phone’s outgoing message and use AI to create new audio messages that sound like the user’s voice – real enough, some experts say, that even their own family does not recognize the scam. Cisco also offers cutting-edge threat intelligence services, providing aviation organizations with up-to-date information on the latest tactics, techniques, and procedures employed by cybercriminals. This actionable intelligence helps organizations anticipate and defend against potential cyber threats more effectively, reducing the likelihood of successful attacks on their systems. Passengers’ Wi-Fi devices offer hackers more access to commercial airliners than onboard avionics do. The avionics equipment that runs the aircraft is quite resistant to hacking, although not bulletproof. However, the inflight internet access systems that connect passengers to the web are as vulnerable as any ground-based network to hackers.? In modern aircraft where these units are computer-controlled, they are networked and connected to the ground to deliver regular system monitoring reports. This allows airlines to detect problems as soon as they occur and deal with them effectively with minimal impact on flight schedules. Their architecture (avionics networks are not connected to the web), the limited functions they perform, and their generally closed operating environments. With that enclosure in the operation, hacking is still possible. After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to these systems, given some level of physical access to a small aircraft's wiring. Such an attacker could attach a device -- or co-opt an existing attached device -- to an avionics CAN bus in order to inject false measurements and communicate them to the pilot. Such false measurements could include incorrect engine telemetry readings; incorrect compass and attitude data; and incorrect altitude, airspeed, and angle of attack (AoA) information. A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, so this could result in an emergency landing or a catastrophic loss of control of an affected aircraft. Avionics systems do go through extensive review by both the manufacturer, industry and the FAA, but these reviews do not exclusively focus on security but are heavily focused on safety. The aviation industry has reaped the benefits of digitization over the past ten years, but this has also triggered new risks, including social and technical vulnerabilities that had never previously been addressed. What matters is not that a specific security vulnerability was found in a particular model of aircraft, but rather the general idea that modern aircraft with interconnected IT networks could potentially allow intrusions into high security avionics equipment from low security passenger internet access systems. There are infrastructure solutions that establish secure, accelerated tunnels for encrypted, anonymized data transmission between the aircraft and ground. Also, there are methods to transform the aircraft cabin into a secure corporate workspace, effectively making the aircraft secure. This being the case, the time has come for all onboard aircraft systems -- including avionics -- to be regarded as being vulnerable to cyberattacks. As such, the security procedures for protecting them should be as thorough and in-depth as any other internet-connected device.? The average enterprise-size corporation now uses almost 80 cybersecurity products. Airlines must be especially concerned with cyber protection because lives as well as money are at stake. The new e-enabled aircraft have much more digital power. Legacy aircraft used an architecture for data flowing over wires, which only allowed transmitters to send data to receivers rather than the other way around. New generation aircraft, such as the Boeing 737 MAX, 787 and Airbus A350, use an Ethernet data network for safety-critical applications that allows devices to communicate with each other. The new technology removes wires, reduces weight and increases capabilities—but it also opens up cyber vulnerabilities. This matters because many cockpit modifications today are basically software updates, not hardware swaps.?
Conclusion: For business aviation operators to address these threats and educate their personnel about cybersecurity is through training courses. Several companies offer specialized cyber awareness courses tailored for aviation IT professionals, crew members, and passengers in the business aviation sector. Human error can often be the weakest link in any security system. By providing regular training and education, aviation organizations can help their personnel understand the importance of cyber security and develop good cyber hygiene practices. Finally, By conducting regular risk assessments, enforcing strong access controls, keeping systems up to date, and educating personnel about cyber security, aviation authorities can enhance the resilience of critical aviation systems. Remember, an effective risk management strategy is an ongoing process that requires continuous monitoring, evaluation, and adaptation to emerging cyber threats. By staying proactive and vigilant, the aviation industry can ensure the safety and security of geolocation-dependent systems in an ever-evolving digital landscape. With the rapid advancement of technology, securing the skies from cyber threats must remain a top priority for the aviation industry. By staying vigilant and implementing robust cybersecurity measures, we can ensure a safe and secure future for geolocation-dependent aviation. Aviation organizations to implement robust, granular access control measures that align with TSA requirements. Granular, role-based access control is critical for securing critical systems in aviation organizations.?
References:?
?