3 minute read
Aircraft Cyber Attack
AIRCRAFT CYBER ATTACKS
Advertisement
By Maximillian Philberth Kalukamisa & Iddi Mshana
ICT(Information Communication Technology) has greatly complemented on the growth and advancement of the aviation sector in areas of aircraft design, manufacturing, operations and navigation.
Unlike previous aircraft designs, the current state of the art aircrafts (such as Boeing 787, Airbus 380, Airbus 350, Bombardier C-series, Gulf-stream 650) are electronic (e-enabled) and they consist of unprecedented amount of modern flight system such as digital fly-by wire, IP-enabled networks, Commercial of the shelf components (CoTS), wireless connectivity (Wi-Fi, Bluetooth), global positioning system (GPS), In-Flight Entertainment System (IFE) and much more.
Electronic and wireless systems reduce the amount of wiring in an aircraft and hence weight helping achieve low fuel consumption, increase efficiency of aircraft operation, reduce work load for aircraft crews and increase comfort to passengers on board.
However, these wireless and electronic systems present vulnerabilities to cyber security threats (cyber-attacks) that have potential and significant impact(s) to jeopardize the safety of both passengers on board and the aircraft.
Aircraft cyber-attack refers to the offensive maneuver of aircraft’s data, communications, functions, instruments and system(s) without authorization, potentially with malicious intent.
According to EASA (European Aviation Safety Agency) there are estimated 1,000 cyberattacks targeting aviation systems worldwide each month, some of these cyber- attacks includes: Deliberate modification of flight plans and GPS Navigation data after compromising protocols
and security of ground system(s).
i. Disruption of electronic messages transmitted across the aircraft by attaching small devices on aircraft’s wirings.
ii. Exploiting aircraft’s control systems and execute malicious instructions on aircraft’s equipment and/ or avionics for automated sabotage. An attacker can issue instructions to manipulate engine reading, compass data or/and air speed instruments among other systems to provide false readings to the pilot, or issue commands to the system to behave abnormally. This leads to potential threat posed by hacking, opening the possibility of remotely hijacking controls from the pilot.
In September 2016 CBS News reported that cybersecurity expert, Mr. Robert Hickey working with USA’s Department of Homeland Security (DHS) took only two days to remotely hack into a Boeing 757 at the Atlantic City (New Jersey) International Airport via radio frequency communications without touching or entering the aeroplane. Also, on 10th April 2015, a passenger alleged hacked into an airplane’s avionics through the In-flight Entertainment System (IFE) and tweeted that he was able to access the aeroplane’s thrust management system and order one of its engine to increase thrust for decent resulting in a temporary yaw. In addressing and combating aircraft cyber threats and attacks, aircraft and avionics manufacturers, airlines, aviation authorities, organizations and other stake holders should collaborate in developing and implementing cyber threats risk reduction and mitigation measures. And the following course of actions can be considered vital in war against aircraft cyber attack.
Firstly, secure critical supply chain as malware and unlawful hardware(s) could be introduced through the supply chain. Aircraft manufacturers and airlines should secure remote access for suppliers and curtain measures of access segregation, a full audit of aircraft and aircraft systems, production facilities and aircraft systems, production facilities and suppliers and identification of vulnerabilities.
Secondly, implement layers of security. The aviation industry should implement a layered approach to cyber security which has several defence mechanisms such as unauthorized physical access restrictions, two-factor authentication, encryption, proactive threat hunting, insider threat monitoring, managed detection and response.
Thirdly, reduce time required for aircraft avionics patch installation, maintain and regularly inspect system logs. Last but not least, develop and implement specialized cyber-security training programs for operators to support the proper use of protocols for using protection tools to secure aircraft systems and prepare them to repel cyber attacks.
