Fear in the skies – hacking aircraft

This post is also available in: עברית (Hebrew)

Cyber terrorism is threatening civil aviation. “This is something that is imminent and extremely worrying” an Israeli source told i-HLS.

Cabin Management Systems, Rockwell Collins
Cabin Management Systems, Rockwell Collins

According to Aviation Week a demonstration at a computer hacking conference in Amsterdam in April 2013 brought aviation cybersecurity into the public eye. At the so-called “Hack in the Box” annual conference, security consultant Hugo Teso described how an Android application for a smartphone could in theory be used to remotely control an aircraft’s flight path by exploiting weaknesses in the onboard aircraft communications addressing and reporting system (Acars) data link and the flight management system.

While the industry has largely dismissed Teso’s experiment as unrealistic, which was conducted in a laboratory environment using publicly available software simulations of the flight management computer, it has not discounted the growing threat from intruders as aircraft and air traffic management systems become more interconnected and software grows increasingly generic. The concerns are fueling calls for global action, with experts saying information security has not kept pace with connectivity advances.

Currently, there is no common vision, or common strategy, goals, standards, implementation models or international policies defining cybersecurity for commercial aviation,” say the authors of an American Institute of Aeronautics and Astronautics decision paper published Aug. 13. The authors present six recommendations, including building road maps for near-, mid-term and long-term actions and establishing a method of coordinating national aviation cybersecurity strategies, policies and plans.


BcpIT300x250While there may be gaps in the high-level plans, much of the groundwork for safeguarding information and communications technology in avionics and air traffic management (ATM) systems is underway. Rockwell Collins in the past year formed a security group within its commercial systems division, leveraging experience it has gained from its government business but specifically for its civil aviation products.

Scott Zogg, senior director of engineering for commercial systems, says the group has an internal charter to make sure proper processes, procedures and training are in place for avionics development and certification efforts. In part, that means helping the product development team perform vulnerability testing. Zogg says the group has also developed a security road map that is “complementary” with its product road map to make sure the systems “stay ahead” of potential threats. He says the security team will study the architectures of the systems from early development stages through the entire life cycle, including disposal.