Securing cyber in the sky

Layered cybersecurity needed to protect aviation ecosystem

When the WannaCry ransomware warning popped up on the arrival-and-departure signs of Germany's national rail system, experts in aviation security took notice.

While the now-infamous attack did not affect travel, it did show how easily malicious code can infiltrate mass transit systems. And with thousands of attacks on aviation systems every month, Raytheon Technologies, a company with expertise in both cybersecurity and air traffic management, is taking steps to mitigate cyber attacks in the skies.

Disrupting commercial flights in the United States would damage the U.S. economy. U.S. civil aviation is a huge economic driver, accounting for more than 5 percent of the U.S. economy, generating $1.8 trillion in economic activity and supporting nearly 11 million jobs, according to a January 2020 FAA economic impact report.

“The aviation industry, like the rest of the world, is becoming more and more interconnected, which increases attack vectors to gain entry into systems,” said Bob Delorge, who served as vice president of Transportation and Support Services at the former Raytheon Company, a legacy company of Raytheon Technologies.

While disrupting air traffic and crippling the economy is frightening enough, the greater fear is that hackers could crash airplanes or make them vanish from radarscopes. One solution, the Cyber Intrusion Detection System, is a cyber attack warning system that alerts pilots if anything on the aircraft has been hacked or is doing something it shouldn't. Raytheon Technologies is working on this company-funded research and development project, and planning to make it available to commercial and military markets in the first half of the decade.

Raytheon Technologies is developing tech to alert pilots of potential cyberattacks against the connected electronics of an aircraft.

A heat-seeking hack

During military operations, a cyber attack on an aircraft could trick pilots into not trusting their instruments and aircraft. If they don’t trust their aircraft, then their mission fails.

“For a military pilot, a cyber attack on their aircraft could cause mission failure,” said Bill Leigher of the former Raytheon Company and a retired U.S. Navy rear admiral. “It could be really subtle, such as an alarm going off at a critical time, during a weapons release run. The pilot might miss an opportunity and have to circle back, exposing themselves to a greater threat from the ground.”

According to Leigher, malware could be introduced through the supply chain, since aircraft parts are manufactured by many different sources around the world. The detection system would look for anomalies on the specialized aircraft networks called buses. These communication systems control, monitor and transfer data between different electronic components in the aircraft and remote terminals. Many devices connect to those buses, such as annunciators, flaps, lights and landing gear. The cyber warning system would detect if a component aboard is “misbehaving” or suddenly appears when it shouldn’t.

Both Leigher and Delorge also advocate a thorough cyber assessment with the FAA, its partners, original equipment manufacturers, airlines and the aftermarket. This would include penetration testing, or "red teaming," where cyber experts try to gain access to a system, as well as vulnerability testing, where they look for flaws in security. The overall approach: to look at planes, air-traffic control, airports and all the other elements of aviation infrastructure as an information system, to understand their strengths and weaknesses, then to inspect them frequently.

In simpler terms: to protect planes and everything around them as attentively as people protect their smartphones.

“On my phone, I’m constantly being pushed updates to improve the device’s security,” Delorge said. “We need that same diligence and vigilance in aviation.”

While many commercial businesses, such as the banking and health care industries, have beefed up cybersecurity measures, the aviation industry needs to keep pace.

“There’s been painfully little research done regarding cyber vulnerabilities on aircraft,” Leigher said. “There needs to be consistent and constant red teaming and vulnerability assessments based on overall system risk, which keeps pace with the ever-evolving threat. It makes sense to scan for malware and vulnerabilities as part of doing routine maintenance checks, even make it part of the pre-flight checklist.”

Layers of Security

Leigher and Delorge believe the aviation industry should implement a layered approach to cybersecurity, which use several defense mechanisms such as access restrictions, two-factor authentication, encryption, proactive threat hunting, insider threat monitoring, and managed detection and response.