A heat-seeking hack
During military operations, a cyber attack on an aircraft could trick pilots into not trusting their instruments and aircraft. If they don’t trust their aircraft, then their mission fails.
“For a military pilot, a cyber attack on their aircraft could cause mission failure,” said Bill Leigher of the former Raytheon Company and a retired U.S. Navy rear admiral. “It could be really subtle, such as an alarm going off at a critical time, during a weapons release run. The pilot might miss an opportunity and have to circle back, exposing themselves to a greater threat from the ground.”
According to Leigher, malware could be introduced through the supply chain, since aircraft parts are manufactured by many different sources around the world. The detection system would look for anomalies on the specialized aircraft networks called buses. These communication systems control, monitor and transfer data between different electronic components in the aircraft and remote terminals. Many devices connect to those buses, such as annunciators, flaps, lights and landing gear. The cyber warning system would detect if a component aboard is “misbehaving” or suddenly appears when it shouldn’t.
Both Leigher and Delorge also advocate a thorough cyber assessment with the FAA, its partners, original equipment manufacturers, airlines and the aftermarket. This would include penetration testing, or "red teaming," where cyber experts try to gain access to a system, as well as vulnerability testing, where they look for flaws in security. The overall approach: to look at planes, air-traffic control, airports and all the other elements of aviation infrastructure as an information system, to understand their strengths and weaknesses, then to inspect them frequently.
In simpler terms: to protect planes and everything around them as attentively as people protect their smartphones.
“On my phone, I’m constantly being pushed updates to improve the device’s security,” Delorge said. “We need that same diligence and vigilance in aviation.”
While many commercial businesses, such as the banking and health care industries, have beefed up cybersecurity measures, the aviation industry needs to keep pace.
“There’s been painfully little research done regarding cyber vulnerabilities on aircraft,” Leigher said. “There needs to be consistent and constant red teaming and vulnerability assessments based on overall system risk, which keeps pace with the ever-evolving threat. It makes sense to scan for malware and vulnerabilities as part of doing routine maintenance checks, even make it part of the pre-flight checklist.”
Layers of Security
Leigher and Delorge believe the aviation industry should implement a layered approach to cybersecurity, which use several defense mechanisms such as access restrictions, two-factor authentication, encryption, proactive threat hunting, insider threat monitoring, and managed detection and response.