DALLAS - Information Communication Technology (ICT) has greatly complemented the growth and advancement of the aviation sector in the areas of aircraft design, manufacturing, operations, and navigation.

Modern aircraft—the Boeing 787, the Airbus A350, the Bombardier C-series, and the Gulf-stream 650—are e-enabled, meaning they have an unprecedented number of electronic flight systems.

These include digital fly-by-wire, IP-enabled networks, commercial off-the-shelf components (CoTS), wireless connectivity (Wi-Fi, Bluetooth), a Global Positioning System (GPS), and an In-Flight Entertainment System (IFE), among others.

Electronic and wireless systems reduce the amount of wiring in an aircraft, which in turn reduces weight, helps achieve lower fuel consumption, increases the efficiency of aircraft operations, eases the workload for aircraft crews, and enhances the comfort of passengers on board.

However, these wireless and electronic systems present vulnerabilities to cyber security threats that have the potential to impact the safety of both aircraft and passengers on board.

Cyber-attacks in Aviation

Aircraft cyber-attack refers to the offensive maneuver of aircraft’s data, communications, functions, instruments, and system(s) without authorization, potentially with malicious intent. 

According to the European Aviation Safety Agency (EASA), there are an estimated 1,000 cyber-attacks targeting aviation systems worldwide each month. Some of these cyberattacks include:

[wlm_private "Airways Premium"]

1. Deliberate modification of flight plans and GPS Navigation data after compromising protocols and security of the ground system(s).
2. Disruption of electronic messages transmitted across the aircraft by attaching small devices to aircraft’s wirings.
3. Exploiting aircraft’s control systems and executing malicious instructions on aircraft equipment and/or avionics for automated sabotage.  An attacker can issue instructions to manipulate engine readings, compass data, or/and air speed instruments among other systems to provide false readings to the pilot or issue commands to the system to behave abnormally.  This leads to the potential threats posed by hacking, opening the possibility of remotely hijacking controls from the pilot.

Also, on April 10, 2015, a passenger allegedly hacked into an airplane’s avionics through the In-flight Entertainment System (IFE) and tweeted that he was able to access the airplane’s thrust management system and order one of its engines to increase thrust for the descent, resulting in temporary yaw.

In September 2016, CBS News reported that cyber-security expert, Mr. Robert Hickey, working with the USA’s Department of Homeland Security (DHS), took only two days to remotely hack into a Boeing 757 at the Atlantic City (New Jersey) International Airport via radio frequency communications without touching or entering the airplane. 

Combatting Aircraft Cyber Threats

In addressing and combating aircraft cyber threats and attacks, aircraft and avionics manufacturers, airlines, aviation authorities, organizations, and other stakeholders should collaborate in developing and implementing cyber threat risk reduction and mitigation measures. 

The following course of action can be considered vital in the war against aircraft cyber attacks.

Firstly, secure the critical supply chain as malware and unlawful hardware could be introduced through the supply chain. Aircraft manufacturers and airlines should secure remote access for suppliers and implement certain measures of access segregation, a full audit of aircraft and aircraft systems, production facilities, suppliers, and vulnerabilities.

Secondly, implement layers of security. The aviation industry should implement a layered approach to cyber security that has several defense mechanisms such as unauthorized physical access restrictions, two-factor authentication, encryption, proactive threat hunting, insider threat monitoring, and managed detection and response.

Thirdly, reduce the time required for aircraft avionics patch installation; maintain and regularly inspect system logs.

Last but not least, develop and implement specialized cyber-security training programs for operators to support the proper use of protocols for using protection tools to secure aircraft systems and prepare them to repel cyber-attacks.

[/wlm_private]

Featured image: Irkut