At the 2019 Def Con hacker convention, the U.S. Air Force invited ethical hackers to find vulnerabilities in an F-15 Eagle fighter jet. And they did.
The hackers infiltrated the Trusted Aircraft Information Download Station, which collects data from video cameras and sensors.
"There are millions of lines of code that are in all of our aircraft and if there's one of them that's flawed, then a country that can't build a fighter to shoot down that aircraft might take it out with just a few keystrokes," Will Roper, the Air Force's top acquisition official, told The Washington Post.
Raytheon Intelligence & Space, a Raytheon Technologies business, has developed a technology called the Cyber Anomaly Detection System, or CADS, that uncovers cyber intrusions, tampering and hacks, then notifies aircraft and vehicle crews.
“When these jets and platforms were built, cybersecurity wasn’t even a consideration,” said Greg Fry, Raytheon Technologies CADS product manager. “Now, everything is interconnected, and cyberattacks can be introduced into aircraft, vehicles, spacecraft and weapons system in numerous ways.”
The system software looks for anomalies on the 'buses' of aircraft, satellites, missile systems and vehicles, among other platforms and systems. Buses are communication systems that control, monitor and transfer data between different electronic components on the platform and remote terminals. An attack on a bus could threaten flight or vehicle safety in the form of denial of service, access to avionics components, equipment failure or sending deliberately incorrect information.
“On an aircraft, there’s up to 30 remote terminals hooked up to the bus, which controls things like fuel valves, flaps, autopilot, lights and landing gear, among other things,” Fry said. “On a military vehicle like the Abrams tank, the bus connects to the turret and communications equipment, among other electronic components.”
CADS allows pilots, drivers and technicians to identify, isolate and address cyber threats before they impact critical systems.
“CADS lets the pilot or the driver know if anything falls out of the rule set, so they can determine how critical the situation is,” Fry said. “For example, if a fuel switch gets turned off, they might be able to simply switch it back on or override it. If it’s a minor problem like that, then they can decide to continue with the mission but if it’s something major, then they may have to scrub the mission.”
CADS monitors for the slightest deviations on the MIL-STD-1553 communication bus. New interface modules can easily be added to support additional communication protocols, such as MIL-STD-1760, ARINC 429, or Controller Area Network, or CAN, bus.
“CADS is system-agnostic, so we can adapt to any communication bus; we just create a new module for our core code base,” Fry said.
CADS also acts as a “flight recorder of sorts” for gathering and storing bus traffic—akin to a black box. This data can then be used offline for forensic investigation and fleet-wide analysis.
“This is a big and real threat now, and it will continue to be one in the future,” Fry said. “This isn’t like ransomware or malware that steals your credit card information. Cyberattacks against military platforms and commercial airliners can result in dire consequences.”