[Avionics Today 03-29-2016] Executives from across all segments of aviation agree that aircraft cybersecurity is an issue that the industry needs to continue to address. But, as several prominent CEOs told attendees of last week’s Aviation Summit, presented by the U.S. Chamber of Commerce, the industry has the issue under control. Chief executives from Global Eagle Entertainment (GEE), Jet Blue, Thales and ViaSat joined the summit last week for a panel on the connected aircraft, and discussed what the industry is doing now as well as what it needs to continue to do to prevent the possibility of hackers gaining access to mission-critical flight control systems on connected aircraft flights.
Boeing 737 MAX flight deck. Photo: Boeing.
The panel addressed how the aviation industry and regulatory awareness of aircraft cybersecurity issues have proliferated over the last year after the FBI set out to investigate claims that a professional hacker was able to control aircraft navigation systems after tapping
into a seatback In-Flight Entertainment (IFE) interface. While all avionics suppliers, airframe manufacturers and airlines have addressed those claims as false, they have also acknowledged that the threat itself is real. And it will remain an issue that industry and regulators need to continue monitoring as more and more aircraft add Internet Protocol (IP) to their many different technological capabilities.
“There is a lot of talk about cybersecurity for connectivity systems that are onboard today, but it is important to note that our systems today are pretty well firewalled off from the flight controls or any safety-critical systems on the aircraft. There’s one-way, read-only paths for data from the aircraft to the system. Really, without a wiring change, it is almost impossible to be able to hack into the flight control systems on the aircraft. But, as our systems become more-and-more integrated and are used for operational applications, obviously this becomes more important,” said Dave Davis, CEO at GEE.
Davis’ comments echo the sentiments expressed by GEE in a 2015 white paper it published, which states that the architecture for next generation aircraft, such as the Boeing 737 MAX and Airbus A320neo, will completely isolate the onboard aircraft network used for cockpit avionics and the Wireless Access Point (WAP) used by passengers for cabin connectivity. This is a different arrangement from legacy aircraft, in which avionics networks and third-party aircraft interface devices serrate operational data collection and transmission from passenger Internet use onboard.
Mark Dankberg, CEO of ViaSat, was also on the panel, and said he believes separation is key, along with continued collaboration between operators and manufacturers.
“I think where we’re going … is that you do want to get the benefits of having the connectivity integrated with the mission of the aircraft, but that is really going to require the participation of the airframe makers and the airlines themselves in thoroughly taking advantage of the cyber tools that exist before we do that,” said Dankberg.
Thales USA CEO Alan Pelligrini was also a member of the panel, and shared his thoughts on the regulatory aspects of cybersecurity and the connected aircraft.
“Any apparent hack gets a lot of news publicity and when it gets a lot of publicity it gets a lot of congressional attention. And in fact some recent activity over the last 12 months or so has raised the level of awareness and interest in Congress where they are starting to put forth potential legislation that may affect the ability to roll out this kind of service that we have talked about in a quick way,” said Pelligrini. “I hope there’s not an overreaction to high-profile and, in a lot of cases, blown-out-of-proportion instances of hacking into networks talking to aircraft.”
Although Pelligrini believes some of the reports of outsiders claiming to be able to hack into aircraft flight control systems are often blown out of proportion, his company Thales is taking strides to bolster its own existing cybersecurity capabilities, especially as it pertains to aviation. The Thales e-security division recently completed the acquisition of Silicon Valley private data security firm Vormetric, and has now headquartered its e-security division in California’s technology hotbed, Silicon Valley. That adds Vormetric’s data security platform, encryption key management technology, and enterprise cloud security capabilities to the e-security division at Thales that already provides cybersecurity services for a range of industries, including health care and financial firms.
The Thales executive still believes, though, that avionics suppliers deserve some criticism for the security features of their legacy hardware and software.
“If there is any kind of critique of us as suppliers it is that the legacy or historical systems didn’t necessarily take that mindset from the outset,” said Pelligrini. “It is imperative that those of us that are dealing with the airlines and providing this system, operate on behalf of the airlines a seven by 24 security ops center that is monitoring the traffic across networks. That is how we are going to detect any patterns in behavior that shouldn’t be there, and that we can intercede just like we would with our own corporate networks. It is that level of maturity that we are now bringing to systems connecting airlines,” he added.