Home Critical engine How to Fight Cyber ​​Threats to Aircraft – Airways Magazine

How to Fight Cyber ​​Threats to Aircraft – Airways Magazine


DALLAS – Information and Communication Technology (ICT) has greatly complemented the growth and advancement of the aviation sector in the areas of aircraft design, manufacturing, operation and navigation .

Modern aircraft – the Boeing 787, Airbus A350, Bombardier C-series and Gulf-stream 650 – are electronics-enabled, which means they have an unprecedented number of electronic flight systems .

These include cable digital flight, IP networks, commercial off-the-shelf (CoTS) components, wireless connectivity (Wi-Fi, Bluetooth), a global positioning system (GPS) and a in-flight entertainment. (IFE), among others.

Electronic and wireless systems reduce the amount of wiring in an aircraft, which reduces weight, helps reduce fuel consumption, increases the efficiency of flight operations, eases the workload of aircraft crews and improves the passenger comfort on board.

However, these wireless and electronic systems have vulnerabilities to cyber threats that could impact the safety of aircraft and passengers on board.

Flights at LGW will be capped at 825 per day in July and 850 in August. Photo: Gatwick Airport

Cyber ​​attacks in aviation

Aircraft cyberattack refers to the offensive manipulation of aircraft data, communications, functions, instruments and systems without authorization, potentially with malicious intent.

According to the EASA (European Aviation Safety Agency), there are an estimated 1,000 cyberattacks targeting aviation systems worldwide every month. Some of these cyberattacks include:

  1. Deliberate modification of flight plans and GPS navigation data after compromising protocols and security of ground system(s).
  2. Disruption of electronic messages transmitted through the aircraft by attaching small devices to aircraft wiring.
  3. Exploiting aircraft control systems and executing malicious instructions on aircraft equipment and/or avionics for automated sabotage. An attacker can issue instructions to manipulate engine readings, compass data, or/and airspeed instruments among other systems to provide false readings to the pilot or issue commands to the system to it behaves abnormally. This leads to the potential threats posed by hacking, opening up the possibility of remotely hijacking pilot controls.

In September 2016, CBS News reported that cybersecurity expert Mr. Robert Hickey, working with the US Department of Homeland Security (DHS), took just two days to remotely hack into a Boeing 757 at the airport. Atlantic City (New Jersey) International Airport via radio frequency communications without touching or entering the aircraft.

Additionally, on April 10, 2015, a passenger allegedly hacked an aircraft’s avionics through the in-flight entertainment (IFE) system and tweeted that he was able to access the aircraft’s thrust management system. plane and order one of its engines to increase thrust for a decent result. in temporary yaw.

ACA B38M at YVR | Boeing 737-8 MAX. Photo: Michal Mendyk/Airways

Fighting cyber threats from the air

In the fight against cyber threats and cyber attacks related to aircraft, aircraft and avionics manufacturers, airlines, aviation authorities, organizations and other stakeholders should collaborate in the development and implementation of cyber threat risk reduction and mitigation measures.

The following course of action can be considered vital in the war against aerial cyberattacks.

First, secure the critical supply chain, as malware and illegal hardware could enter the supply chain. Aircraft manufacturers and airlines should secure remote access for suppliers and implement certain access segregation measures, comprehensive auditing of aircraft and aircraft systems, production facilities, suppliers and vulnerabilities.

Second, implement layers of security. The aviation industry should implement a layered approach to cybersecurity that includes multiple defense mechanisms such as unauthorized physical access restrictions, two-factor authentication, encryption, proactive threat hunting, insider threats, as well as managed detection and response.

Third, reduce the time required to install aircraft avionics patches; maintain and regularly inspect system logs.

Finally, develop and implement specialized cybersecurity training programs for operators to support the proper use of protocols for using protection tools to secure aircraft systems and prepare them to fend off cyberattacks.

Featured Image: Irkout