This post is also available in: עברית (Hebrew)
To date, there has been no confirmed downing of a commercial or military aircraft through a cyber attack. However, given the weaknesses in the supply chain and the networks in use, the possibility is there. A successful cyber attack – even a minor one against an in-flight entertainment system – could undermine confidence in airlines or even the entire aviation industry. The problem is that off-the-shelf communication technologies are finding their way into aircraft, which makes security much more complicated than in the past, and these technologies weren’t necessarily created to meet the rigorous safety requirements of airlines.
A cybersecurity provider F-Secure has launched a specialized Aviation Cyber Security Services offering that’s designed to help airlines and similar organizations protect their aircraft, infrastructure, data, and reputations. The development is designed for anyone operating aircraft, fixed wing or rotary.
The new platform integrates security assessments of avionics, ground systems and data links, vulnerability scanners, security monitoring, incident response services, and specialized cybersecurity trainings for IT managers as well as cabin and cockpit crews, into a single package that helps airlines harden their operations against cyber attacks, according to the company.
The goal is to identify attacks before devices are certified for use. Protecting the aircraft themselves is only a limited solution. The weakness is often in the supply chain where component parts can be infected with malware before they are delivered. This type of attack has been seen with mobile phones and other devices over the last few years.
The solution will also help organizations create their own trust zone. Each trust zone contains equipment that has the same security rating. It allows safety-critical systems to be separated from any other equipment. The trouble is that adding multiple physical networks to an aircraft is not acceptable to manufacturers because of the weight it introduces. Even with wireless networks, there are issues such as interference and visibility to hackers.
The aviation industry is already moving to add additional protection into systems. However, much of that focus is about reacting to known threats. According to enterprisetimes.co.uk, none of the ERP companies that focus on aviation, such as Oracle, SAP, etc., have complex cyber security solutions as part of their Aviation MRO products. However, it will be interesting to see if any of them license F-Secure solution and embed it into their systems.