This piece was originally published in Aviation Week & Space Technology as sponsored content, June 30, 2016
Update: At the Black Hat information security event in Las Vegas, August 4-9, 2018, Ruben Santamarta of IOActive, gave a highly anticipated presentation titled: Last Call for SATCOM Security. During Santamarta’s presentation he explained how he was able to hack an aircraft in flight from the ground. Importantly, Santamarta confirmed that systems critical to flight safety were not at risk. During Rockwell Collins’ review of the technical details of Santamarta’s presentation it was discovered that there were several inaccuracies in the IOActive information. Please review the Aviation Information Sharing and Analysis Center (A-ISAC) Media Release for a combined industry statement:
Santamarta’s confirmation that systems critical to flight safety were not at risk, reinforces what Kent Statler, Rockwell Collins’ Executive Vice President and Chief Operating Officer, Commercial Systems, wrote more than two years ago in an article published in Aviation Week & Space Technology. To provide needed perspective, here is that article from June 30, 2016. It is just as timely today as it was then.
In the 1995 movie “Apollo 13,” an oxygen tank explodes in the spacecraft’s Service Module, forcing astronauts Jim Lovell, Jack Swigert and Fred Haise to initiate a perilous return to Earth. They’re cold, sleep deprived and on edge; their lives hang in the balance. In a tense moment, Swigert questions the accuracy of re-entry data from Mission Control. Lovell responds calmly, “Jack, they’ve got half the Ph.D.s on the planet working on this stuff.”
Lovell’s meaning is clear. If there’s a way to bring us home safely, our team will find it.
Today, that’s how I feel about cybersecurity and the commercial aircraft. There are a lot of very smart men and women working long hours to ensure that we continue to fly with confidence. And whenever I fly — and I fly a lot — it’s with complete confidence.
A dramatically changed aviation ecosphere
It’s fair to say, however, that cybersecurity is of growing concern within the aviation industry and among the flying public.
The connected aircraft — enabled by highly integrated avionics architectures and broadband internet connectivity that can run multiple personal electronic devices at terrestrial speeds — has created concern about potential access points for hackers and terrorists that were previously unavailable with analog systems.
It’s fair to say that cybersecurity is of growing concern within the aviation industry and among the flying public.
This new environment has dramatically changed the aviation ecosphere. Just five years ago, aviation cybersecurity was barely discussed even behind closed doors. Today, industry websites and magazines are filled with the latest information on this topic. And it’s going to get even more pervasive. According to MarketsAndMarkets, the global aviation cybersecurity market is projected to grow from $39.59 billion in 2015 to $61.85 billion by 2020.
This growth is propelled by a clear understanding that aviation cybersecurity is a 24/7/365 business. We are always watching. And for good reason.
Aircraft avionics and aviation networks are increasingly probed for weaknesses
For those who are determined to create mischief — or worse — aviation cyberattacks are attractive because of the potential for media exposure to incite fear, the economic impact from disrupting a major delivery channel for goods and services, and the anonymity it affords the attacker.
To that point, two years ago, German insurer Allianz wrote, “Cyber terrorism may replace the hijacker and bomber and become the weapon of choice on attacks against the aviation community.” To date, the overwhelming majority of cyberattacks directed against the industry have been discredited or thwarted. Yet a few cyberattacks against airline ground computer systems and air traffic control systems have succeeded, and these instances garner media interest and prompt concern about what to expect in the future. For example:
- Last year an aircraft passenger claimed to have hacked the in-flight entertainment system in a commercial aircraft, and, through that system, gained access to the aircraft’s Thrust Management Computer. The passenger claimed that he issued a climb command to one of the engines which resulted in a sideways movement of the aircraft.This claim has been roundly discredited. Some industry experts believe it was nothing more than a hoax. In fact, there has never been a confirmed case of anyone hacking a commercial aircraft in flight. Ever.
- However, there was nothing false or discredited about what happened last year to a European country’s state-owned airline. The airline’s computer system at the country’s largest international airport was hacked and 1,400 passengers were grounded. Ten national and international flights were canceled and a dozen more delayed.
- And in April, it was widely reported that Sweden secretly blamed hackers from another country for an attack on its air traffic control systems in November. Systems across much of Sweden were unavailable, which led to the cancellation of multiple domestic and international flights.
This new environment has dramatically changed the aviation ecosphere.
It’s examples like these that concern the aviation industry. We understand that cyberattacks will grow more sophisticated and malicious. We need to be ready. Rockwell Collins and other aviation industry leaders are addressing commercial airlines’ cybersecurity on two interconnected fronts: the aircraft and data delivery systems.
Cybersecurity: The aircraft
The modern connected aircraft can be seen as having three communication domains: closed, private and public.
The closed domain encompasses the flight deck where the function is aircraft control. Communications are enabled via air-to-ground datalink services provided by HF, VHF, XM radio and SATCOM. And the data delivered includes flight plans, real-time weather updates, situational awareness, and aircraft engine performance.
The private domain is next and the purpose is flight operations and maintenance. Communications are enabled by Wi-Fi, Ethernet and USB. And the data delivered includes flight manifests, gate information, maintenance data, in-flight entertainment and connectivity (IFEC) by the airline, and passenger internet.
At the back of the aircraft is the public domain where passengers sit. The function of communications here is to enable passenger-owned devices to receive and deliver their own entertainment including digital movies, web content, and other wireless passenger services via physical storage devices, broadband SATCOM and Wi-Fi.
The digital nature of these three domains does, in theory, provide new avenues of access that cyberattackers might exploit. However, it’s crucial to understand that the industry and regulators continue to put passenger safety considerations at the forefront of every decision regarding aircraft design and operation. The industry has introduced layered security mechanisms — on both hardened systems and networks — to ensure the integrity of data and the communications pipes that deliver it. So whether IFEC and flight deck systems are physically separated or logically separated, certified control of information flow between the two systems can be maintained.
Additionally, we consider threats as part of system design; the system must account for and address threats it might be exposed to in operation. The system is then tested against these threats as part of the verification process.
Yet another compelling reason for confidence in commercial aviation cybersecurity is the application of formal methods to help ensure high-integrity software systems. Formal methods include the application of rigorous mathematical reasoning and advanced analysis tools to enhance the security of a system. We’ve successfully used these methods in our role as the prime contractor for the unmanned air vehicle portion of the High-Assurance Cyber Military Systems program of the Defense Advanced Research Projects Agency. Using formal methods, we were able to redesign and verify software on a military platform so that a leading-edge cyberattack would have no adverse effect.
When appropriate, we can apply what we’ve learned in the military environment to improve the cybersecurity of commercial aircraft systems and their operation.
Yet another compelling reason for confidence in commercial aviation cybersecurity is the application of formal methods …
Cybersecurity: Data delivery systems
Commercial aircraft require safe, secure and reliable communications from both ground and satellite sources. These data delivery systems collect, manage and electronically distribute the information that keeps everyone from flight deck and cabin crews to maintenance personnel and passengers aware, informed and entertained.
Today, for example, a pilot’s electronic flight bag has replaced more than 35 pounds of paper maps, charts, processes and procedures. That’s a lot of data. Even more impressive is that the newest generation of air transport aircraft, such as the Boeing 787 Dreamliner and Airbus A350, generate several orders of magnitude more data than comes off aircraft built just five years ago. As we connect this newest generation of aircraft to the ground via broadband connections, the cybersecurity challenge is obvious. Each digital connection creates a threat vector that cyberattackers will try to exploit.
Airlines must have confidence that the data they receive actually comes from their systems, hasn’t been compromised, and remains confidential. So the issue is how do airlines establish absolute trust in their data delivery systems?
One of the ways that Rockwell Collins answers this question is by developing, delivering, monitoring, maintaining and constantly testing our private, secure, purpose-built, end-to-end aviation network with reliability of 99.999 percent up time. This private network segregates the most crucial data communications and is a critical layer of defense against cyberattacks. Pairing this private network with an innovative, secure and ruggedized aircraft data router provides an even greater threat defense solution to cyberattacks.
Moreover, the 2016 FAA Reauthorization Act, passed by the U.S. Senate on April 19, includes three sections related to increasing cybersecurity and includes several directives for the administrator of the FAA. Among these directives are to develop an appropriate plan to mitigate cybersecurity risk, to respond to an attack, intrusion, or otherwise unauthorized access and to adapt to evolving cybersecurity threats.
Bet on our team
I’m convinced that cyberattacks on commercial airlines will increase in number and malicious intent. To think otherwise would be naive.
Yet, let me reinforce what I said at the beginning of this article. I fly a lot and I fly with complete confidence in aviation cybersecurity that is both in-place and just around the corner. So, from where I sit, the watchword for the commercial aircraft industry is continued vigilance and the ongoing application of leading-edge technology.
In short, I’d bet on “our team.” Just as Jim Lovell bet on his.