Back to news

May 22, 2020 | International, C4ISR, Security

Opinion: Aviation’s Cybersecurity Imperative

Remzi Seker May 22, 2020

With the expansion across the aviation industry of connectivity and computing services, cybersecurity has become ever more important. Connecting people, processes and assets creates new vulnerabilities and multiple attack points—from flight-critical avionics to passenger inflight entertainment networks and airline backend operations. Information about systems, protocols and technologies such as software-defined radio are now readily available well beyond the industry. Demand for greater efficiency meanwhile continues to increase connectivity and accelerate computerization within aviation infrastructure, including aircraft.

Fortunately, ongoing efforts to protect aircraft, airlines and passengers from cybersecurity threats have been largely unaffected by the global pandemic, suggesting an opportunity for the industry to ramp up cybersafety programs and training amid the current slowdown. The comprehensive, coordinated nature of aviation cybersecurity initiatives means committees have long carried out their work primarily through virtual meetings, so those efforts are able to continue in full swing. With slowdowns taking place in other areas, the industry can address cybersafety at a more rapid pace.

The aviation industry and its stakeholders have been working hard to tackle cybersecurity challenges comprehensively—from the supply chain and the maintenance of aircraft to operations. Such efforts remain essential so that cyberthreats affecting safety can be mitigated before they materialize, whether that happens during flight through physical access to a bus, by interfering with equipment through Wi-Fi or remotely disrupting operations.

The need to weigh cyberthreats according to their safety impact, a practice referred to as “cybersafety,” requires a different perspective than that of IT cybersecurity. Cybersafety differs from traditional IT cybersecurity because of the need for safety certification, which relies on guaranteeing a system's behavior, or “determinism.” This unique characteristic of aviation cybersafety means that solutions widely used across traditional computing systems may pose serious certification challenges. Imagine rolling out security patches for every avionics component on a commercial aircraft.

Tackling cybersafety challenges requires a coordinated, comprehensive, global effort. Multiple agencies are cooperating to establish much-needed standards. For example, the U.S. FAA and the European Union Aviation Safety Agency have been working with the RTCA and the European Organization for Civil Aviation Equipment to set harmonized cybersecurity standards.

Efforts to secure the aviation ecosystem also include dedicated committees such as the FAA's Aviation Rulemaking Advisory Committee Aircraft System Information Security/Protection working group. Similarly, the Aerospace Industries Association has established the Civil Aviation Cybersecurity Subcommittee.

In the U.S., the Aviation Cyber Initiative (ACI) is led by the Defense Department, Department of Homeland Security and FAA. The ACI includes experts representing government, defense, industry and academia who collaborate to tackle aviation cybersecurity threats. The Aviation Information Sharing and Analysis Center shares global threat intelligence among aviation companies.

Globally, the International Civil Aviation Organization (ICAO) leads this work. Its Trust Framework Study Group (TFSG) includes experts from the FAA, EASA, commercial industry and academia and has established three important working groups.

Academic institutions play a critical role in advancing cybersecurity research and training, too. Embry-Riddle Aeronautical University, for example, develops engineering solutions and provides degree, certification and training programs in aviation cybsersecurity. Faculty researchers contribute expertise to cyberdefense and preparedness efforts by serving on national and international committees and working groups and by organizing the annual Aero-Cybersecurity Symposium.

Aviation's impeccable safety culture positions it well to combat and defeat cybersafety risks. In the years ahead, the industry will need to invest in expanded education and training as well as research to secure high-assurance systems that can be updated with minimal impact on certification.

Computerization and Cyberphysical Systems

As computing becomes ever more affordable, functions that were traditionally implemented through hardware are now being realized through software, and inclusion of software has supported increased customization. Cyberphysical systems are designed to perform a set of functions with limited impact on the physical environment, such as temperature control, welding and parts assembly. One feature of cyberphysical systems is a failsafe property that involves shutting down—an approach that is clearly not desirable midflight.

Connectivity

Inexpensive and ubiquitously available computing, combined with advancements in networking, have accelerated the networking of devices. The Internet of Things concept does not require any form of certification or service-quality assurance, let alone any safety requirement or oversight. Rather than leveraging the Internet of Things, the aviation industry might consider using “networked wings” to underscore its safety commitment.

Remzi Seker is the associate provost for research at Embry-Riddle Aeronautical University.

The views expressed are not necessarily those of Aviation Week.

https://aviationweek.com/air-transport/safety-ops-regulation/opinion-aviations-cybersecurity-imperative

On the same subject

  • Sea-Air-Space Exposition 2019 Day One

    May 7, 2019 | International, Aerospace, Naval, Land

    Sea-Air-Space Exposition 2019 Day One

    By Mass Communication Specialist 2nd Class Brittney Kinsey, Defense Media Activity Public Affairs NATIONAL HARBOR, Md. (NNS) -- Sea service chiefs and civilian defense leadership discussed myriad opportunities and challenges commanders face while operating on land, sea and air during the first day of the 54th annual Sea-Air-Space Exposition (SAS), May 6, 2019. Derived from the Chief of Naval Operations' (CNO) Design for Maintaining Maritime Superiority 2.0 (Design 2.0), this year's exposition theme is “Sustainability, Agility, Superiority.” CNO Adm. John. M. Richardson, Commandant of the Marine Corps General Robert B. Neller, Commandant of the U.S. Coast Guard Adm. Karl Schultz and Administrator of the U.S. Maritime Administration retired Rear Adm. Mark H. Buzby each addressed during the sea service chiefs panel the specific obstacles their services contend with in the current maritime environment. Richardson explained that rapid changes in technology and maritime security requires a level of trust and confidence in leaders tasked with commanding maritime forces. “It's very important that our leaders are people of character and integrity so that when we put them in front of our Sailors to lead them, not only do they know their business in warfighting but also that we would be proud for our sons and daughters to follow them,” he said. “Whether at sea or near the sea, responding to any man-made or natural crisis, [they] are so much more than a maritime warrior, [they] are also diplomats and are securing our prosperity.” Richardson also stressed the importance of improving the logistical capabilities, stating that services will only maintain an upper hand in the maritime environment by becoming more agile. ‘'We have got to get capabilities into the hands of our soldiers, Sailors, airmen and Marines – more and faster,” he said. “It's important that as the pace quickens, as new technology enters the fray, as the security environment manifests itself in a really fast-changing world that we don't forget those fundamentals in terms of providing sustainable forces. ” During a panel on the Arctic, speakers explained why partnering with other services is also crucial to maintaining superiority, particularly in places like the Arctic Circle where there hasn't been a large naval presence. “When it comes to maritime readiness in the Arctic, we cannot and should not go alone,” said Rear Adm. John A. Okon, commander, Naval Meteorology and Oceanography Command. “Collaboration is key. Resources and access points are limited, so we must work with our maritime partners to be successful.” Richardson echoed Okon's comments during his keynote remarks at the Sea Services Luncheon. “The Arctic is a very dynamic situation,” he said. “There are seaways that are open that were not open before, continental shelves that are being exposed that weren't exposed before, so I think that merits a response from our maritime forces and there's tremendous value in partnering with our fellow services such as the Coast Guard.” Keeping the waters open for Indo-Pacific trade routes, which bolster global economic prosperity, also remains a top priority for the Navy. “A third of the world's trade flows through the South China Sea, 90% of the world's trade flows by the sea, tens of trillions of U.S. dollars flow through that body of water,” said Richardson. “It's extremely important that those lines of communication and sea lanes remain open, and that's why the United States Navy is there and that's why we're going to stay there.” Other scheduled keynote speakers and panelists include Secretary of the Navy Richard V. Spencer, Undersecretary of the Navy Thomas Modly, Assistant Secretary of the Navy for Research, Development and Acquisition James “Hondo” Geurts and Master Chief Petty Officer of the Navy Russell Smith. Founded in 1965 and the largest maritime exposition in the United States, SAS brings together the U.S. defense industrial base, private sector U.S. companies and key military decision makers for an annual event to share the most current policies, programs, information and technology relevant to maritime service. SAS takes place May 6-8 and will include speaker and professional development sessions and dynamic maritime and defense exhibits on the latest technology and military equipment. https://www.navy.mil/submit/display.asp?story_id=109502

  • Les Royal Marines testent une combinaison volante (« jet pack »)

    May 19, 2021 | International, Naval

    Les Royal Marines testent une combinaison volante (« jet pack »)

    Les forces navales anglaises ont testé l'utilisation d'une combinaison volante, ou « jet pack », pour une manœuvre d'embarquement sur un bateau patrouilleur. La startup britannique Gravity Industries a développé un système de propulsion composé de cinq mini-réacteurs alimentés en kérosène : deux à chaque bras et un dans le dos. Le système a été testé en pleine mer début mai. « Bien qu'il soit sans aucun doute impressionnant, les experts ont conclu que le kit n'est pas encore prêt pour une utilisation militaire », a précisé la Royal Navy, qui souhaite observer avec un « intérêt constant » les futurs développements de la combinaison volante. L'Usine Nouvelle du 19 mai

  • Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

    May 27, 2024 | International, Security

    Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

    Indian government, defense, and aerospace sectors targeted by Pakistan-nexus actor Transparent Tribe.

All news