Users Online: 230
Home Print this page Email this page Small font size Default font size Increase font size
Home About us Editorial board Search Ahead of print Current issue Archives Submit article Instructions Subscribe Contacts Login 


 
 Table of Contents  
ORIGINAL ARTICLE
Year : 2016  |  Volume : 1  |  Issue : 1  |  Page : 23-26

Cyber security in civil aviation


Department of Information Systems, University of Cape Town, Rondebosch, Cape Town, South Africa

Date of Submission08-Mar-2016
Date of Acceptance26-Apr-2016
Date of Web Publication7-Oct-2016

Correspondence Address:
Adrie Stander
Department of Information Systems, University of Cape Town, Rondebosch, Cape Town
South Africa
Login to access the Email id

Source of Support: None, Conflict of Interest: None


Rights and PermissionsRights and Permissions
  Abstract 

Introduction: A number of recent claims in the media suggest it is possible to hack into avionics systems and control aircraft from a distance. While cyber security is not seen as a critical issue in aviation at the moment, it is likely to become much more important in the future through the accelerated adoption of information technologies in aviation.
Objective: This study aims to determine if there are grounds for such claims. The aim of this paper is not to show how to compromise the information systems of an aircraft, but to indicate that this is not impossible and that vulnerabilities exist.
Methodology: Since experimental work in this area is difficult, for obvious reasons, an extensive literature survey was conducted in order to find material related to the subject. Most of the material found is of a theoretical nature and even where possible vulnerabilities were identified it is difficult to show that it could be exploited in real life.
Results: The study has found that steps are taken by aircraft manufacturers and controlling bodies to prevent the occurrence of such incidents. However, possible vulnerabilities exist and coordinated action is needed by the aviation industry as a whole, to determine and eradicate such vulnerabilities. Vulnerabilities are likely to increase with the move towards fly-by-wire aircraft.

Keywords: Aircraft security, cyber-attacks, cyber security, digital forensics


How to cite this article:
Stander A, Ophoff J. Cyber security in civil aviation. Imam J Appl Sci 2016;1:23-6

How to cite this URL:
Stander A, Ophoff J. Cyber security in civil aviation. Imam J Appl Sci [serial online] 2016 [cited 2017 Aug 16];1:23-6. Available from: http://www.e-ijas.org/text.asp?2016/1/1/23/191716


  Introduction Top


Ever since the first hijacking of an airplane, security has been one of the most important issues in the airline industry, with large amounts of money spent annually on this aspect. While the aspect of cyber security was certainly not unknown in the industry, events during the year preceding the writing of this paper have raised questions about the safety of commercial airlines in the media. These events include claims that certain aircraft systems could be hacked and speculation that the disappearance of a plane from a well-known international airline could have been caused by such an incident.

Denials by spokespeople from aircraft manufacturers, that this is in fact not possible, can easily lead to the assumption that they are trying to hide something. This is not accurate, as manufacturers and other parties in the industry have acknowledged this through a number of initiatives and actions over an extended period. While it is certainly not impossible to compromise the systems in question, there are continued activities aimed at minimizing the possibility of such an incident.

While cyber security is not seen as a critical issue in aviation at the moment, it is likely to become much more important in the future through the accelerated adoption of information technologies in aviation.[1]

The aim of this paper is not to show how to compromise the information systems of an aircraft, but just to indicate that this is not impossible and that vulnerabilities exist. Some of the examples used will show not only that manufacturers acknowledge the possibilities of a compromise but also that they address the problems.

These examples only serve to highlight a small number of the better-known vulnerabilities, but it is important to note that detailed information about many of the technical aspects related to aircraft is available online.

The research furthermore hopes to show that knowledge of this problem is important to the field of cyber security, as proper use of such knowledge can not only help to prevent such incidents, but it is also conceivable that digital forensic techniques might prove valuable after future incidents to provide information in addition to flight recorder data, about the cause of the incident.


  Background Top


The first question that needs to be answered is if a cyber-attack on an airplane is indeed possible? Compared to typical commercial systems, the complexity of the systems on a typical airliner can be seen as highly complex. It is well known that commercial systems cannot be protected fully and for the same reason the assumption can be made that aviation systems also cannot be guaranteed to be fully protected if exposed to an intense attack.

The aircraft industry is certainly taking this very seriously, and the possibility of such incidents is supported by many applications to the Federal Aviation Administration (FAA) for changes in systems that also include measures to prevent such incidents, even if it is not always explicitly stated. Another example is the AIAA Framework for cyber security,[2] showing that the industry recognizes the growing importance of this threat.

This situation is brought about by an increased reliance of avionics on a small number of well-known technologies from the information technology field. This includes Linux, Windows, IPV6, Ethernet, and others. To speed up development time, manufacturers also use “Commercial off-The–Shelf” software and hardware in the development of onboard systems, again adding to the potential risk as this means that the vulnerabilities of these technologies are widely understood.

Not only are there many interlinked systems involved, both on board and on the ground, the systems are also becoming more connected so that security problems in one system can have an effect on other systems.

In addition, there is a lack of coherence between the different groups working on these issues, and while knowledge of problems exist in pockets within the industry, it might not necessarily be known in the wider community.[1]

Even if vulnerabilities are known, the implementation of countermeasures can take a long time in the aviation industry, as changes cannot simply be implemented without proper testing and certification for safety. Rolling out such changes to all affected devices can take a long time.

While determining the likelihood of a cyber-attack on an airplane would be nearly impossible to determine, it would be safe to conclude that it is not impossible that it could happen.


  Vulnerability Vectors Top


The scope of this paper does not allow for a comprehensive list of possible vulnerabilities, and for this reason, only a number of possible vulnerable areas will be discussed. It only acts to show that these vulnerabilities exist and it should be noted that many of these problems are addressed by the relevant manufacturers.

The existence of many untested devices and long delay times might mean, however, that some problems might still exist. In addition, some protective measures might simply not be possible as can be seen from the following comments taken from an FAA change application:

”The design shall prevent all inadvertent or malicious changes to, and all adverse impacts***,” the wording “shall prevent ALL” can be interpreted as a zero allowance. According to the commenter, demonstration of compliance with such a requirement during the entire life cycle of the aircraft is quite impossible because security threats evolve very rapidly. The only possible solution to such a requirement would be to physically segregate the passenger information and entertainment domain from the other domains. This would mean, for example, no shared resources such as satellite communications (SATCOM) and no network connections. “***Maintained that such a solution is not technically and operationally viable, saying that a minimum of communications is always necessary.”[3]

While the bias of this paper is toward commercial aircraft, indications are that private airplanes might even be more vulnerable since less control exists over the devices used onboard.[4]

The following sections discuss some of the likely vulnerabilities. First, it looks at transmissions to the aircraft, then some onboard systems are discussed, and finally, human aspects that could have an influence are briefly discussed.

Global positioning system

The global positioning system (GPS) is a satellite-based positioning system using passive receivers of signals from 32 satellites. It is highly accurate, which makes it an attractive alternative to ground-based systems. The passive nature of GPS makes it vulnerable to replay attacks, and unauthenticated nonmilitary signals can be spoofed. Since a GPS attack needs to send a signal, ground-based attacks on airplanes would be detected by nearby receivers, making this type of attack unlikely.[4]

Automatic-Dependent Surveillance-Broadcast

Automatic-Dependent Surveillance-Broadcast (ADS-B) is the satellite-based successor to radar in aviation. It is based on the concept that every participant obtains their own position and velocity from on-board GPS equipment and periodically transmits a message with this information via the ADS-B Out subsystem. This information is then received by air traffic controls (ATCs) as well as other aircraft that is equipped with an ADS-B In subsystem.

Research has shown a number of security vulnerabilities in the ADS-B protocol, including eavesdropping, flooding, jamming, injection, modification, and deletion of messages.[5] Since the protocol does not require authentication, message tampering with fairly unsophisticated equipment is relatively easy.[6]

While large-scale jamming attacks might prove difficult, tampering with the ADS-B messages might be difficult to detect.

Traffic Information Service-Broadcast and Flight Information Service-Broadcast

Traffic Information Service-Broadcast (TIS-B) is an aircraft position reporting system using the same data format as ADS-B. It is transmitted by FAA ground stations and includes aircraft positions from radar-based aircraft tracking systems. This allows aircraft equipped with ADS-B to know about aircraft using a transponder only. Flight Information Service-Broadcast (FIS-B) provides several kinds of real-time information such as weather data, overlaid over an aeronautical chart, and time-sensitive pilot advisories. Like TIS-B, FIS-B is also a broadcast service provided by the FAA.

Both TIS-B and FIS-B show similar vulnerabilities as those in ADS-B. Since ADS-B, TIS-B, and FIS-B are all transmitted over an unauthenticated UAT link, all these technologies are vulnerable to spoofing as well.[4]

Aircraft Communications Addressing and Reporting System

The Aircraft Communications Addressing and Reporting System (ACARS) is the air-to-ground data communication infrastructure used by most airlines to communicate with ATC, national aviation authorities, and their own operations centers.

They use ACARS very high frequency (VHF) and HF ground stations as well as SATCOM to send and receive ATC and airline operational control (AOC) messages. Depending on where the aircraft is, ACARS messages are routed through a global network of thousands of ground stations or satellite links that cover the earth. When the aircraft is over land, a network of VHF stations delivers ACARS messages. Over the ocean, a message can be delivered via HF data link ground stations, Inmarsat, or Iridium SATCOM.

AOC messages include takeoff and landing confirmation, weather information, gate information, and engine reports. ATC messages include navigation information, aircraft positional reporting, departure clearances, oceanic clearances, runway conditions, and weather data.[7]

ACARS transmission is unencrypted and easy to decode as many websites such as Flightradar24 show. Using software-defined radio, it is conceivable that such data can also be transmitted, as was already shown in a simulated environment.[8]

Flight management system

The flight management system (FMS) is the computer that keeps track of many aspects of a particular flight. This includes the courses, altitudes, and speeds involved in the particular flight from takeoff until the destination.

The FMS typically consists of a computer unit and a multi-function control display unit that acts as the human–machine interface. It provides the primary navigation, flight planning, optimized route determination, en-route guidance for the aircraft, and is typically composed of the following interrelated functions: Navigation, flight planning, trajectory prediction, performance computations, and guidance.[9]

The FMS is linked not only to numerous onboard systems but also to external data links such as ACARS, navigation receivers, and surveillance systems, which makes it potentially vulnerable. It has been shown that it is possible to compromise the FMS in a simulated environment.[8] This will be difficult to repeat in a real-life situation to determine the extent of the threat.

Much of the FMS input is under the control of the pilot and that major deviations from what is considered normal should be noticed and acted upon. The input from other systems is however not under the control of the pilot, and it needs to be determined if it is possible that subtle changes to these data can have an effect on the FMS without the pilot noticing.

Inflight entertainment system

The inflight entertainment system may not seem like a likely candidate for a cyber-attack, but closer inspection shows a number of vulnerabilities. The first being that it contains a USB port on the device underneath passengers' seats.[10] These systems are also connected to a number of other devices including the FMS. In 2013, the Boeing company applied for a change to a type certificate to address this type of issue,[11] showing that unauthorized access is a real possibility, be it intentional or unintentional. These systems use well-known technologies such as LAMP servers, Ethernet, and Android Clients.[10] This means that the knowledge to commit an attack on these systems is readily available. Similar applications exist for other airplane models.

Electronic flight bags

Electronic flight bags (EFBs) act as electronic replacements for paper documents carried by pilots. It can include aeronautical charts, approach plates, aircraft manuals, and checklists. In its simplest form, it is not much more than PDF viewers for these documents, but more sophisticated versions that provide features such as interactive checklists.

The use of EFBs in air carriers requires FAA approval and regulations that prohibit the use of certain functionality such as “own-ship position” in this environment. These limitations do, however, not exist for general aviation.[4]

As these devices are simple general purpose computing devices, it is vulnerable to the same threats as normal computers. If communication is established in any way between such a device and the aircraft systems, the possibility exists that a threat could be transferred. Such a device should, for instance, not be powered from a USB port on an aircraft device.

Hardware vulnerabilities

Vulnerabilities have been identified in certain SATCOM hardware devices.[12] A successful attack on this type of device could impact a number of important systems, including the multi-function control display unit of the FMS. Of particular interest in the hardware that was tested is the vulnerability regarding access control of the device. While the research only tested one device, it is possible that similar problems can exist in some of the numerous other on-board airplanes.

The human aspect

A discussion of this nature cannot be concluded without reference to the human aspect. Some might argue that the pilot will always be able to detect anomalies and respond to it. While no research could be found in this regard, the question could be asked about what would happen if the changes are subtle or if a flood of alarm conditions are raised. Would a well-trained pilot even suspect that an alarm condition is not real and not respond to it?

It might also be assumed that the complexity of avionics systems makes it very difficult to compromise such systems. Security by obscurity is however not enough. It cannot be ignored that maintenance personnel have access to the equipment and that the access control of the devices might be compromised.[12] It would be easy to upload malware to some devices, bypassing the need to gain access via network links.


  Conclusion Top


From the discussion above, it would be hard to conclude that a cyber-attack on an aircraft is impossible. Since aircraft manufacturers have been addressing some of the issues over a long period, the likelihood of such an attack is probably very low, but it cannot be ignored.

Many factors, in particular, the accelerated use of interconnected information systems will increase the vulnerabilities in the future, and it is important that mechanisms are implemented to share knowledge about vulnerabilities among all parties involved in the industry.

It is also of critical importance that a process to roll out measures to eliminate vulnerabilities much faster is put into place so as to prevent incidents before the vulnerability can be exploited.

Financial support and sponsorship

Nil.

Conflicts of interest

There are no conflicts of interest.

 
  References Top

1.
ICAO. “Cybersecurity for Civil Aviation,” in 12th Air Navigation Conference, Montreal; 2012.  Back to cited text no. 1
    
2.
AIAA. A Framework for Aviation Cybersecurity; AIAA Decision Paper; 2013.  Back to cited text no. 2
    
3.
FAA. Special conditions: Boeing model 787 8 airplane; systems and data networks security – Isolation or protection from unauthorized passenger domain systems access. Washington; Government Printer; 2008.  Back to cited text no. 3
    
4.
Lundberg D. “On the Security of Cockpit Information Systems,” in 21st ACM Conference on Computer and Communication Security, Scottsdale; 2014.  Back to cited text no. 4
    
5.
Strohmeier M, Lenders V, Martinovic I. On the security of the Automatic Dependent Surveillance Broadcast protocol. IEEE Xplore. 1553-877X; 2013.  Back to cited text no. 5
    
6.
Schafer M, Lenders V, Martinovic I. Experimental analysis of attacks on next generation air traffic communication. Applied Cryptography and Network Security. Springer, Berlin; 2013. p. 253-71.  Back to cited text no. 6
    
7.
Collins R. ACARS. The Aircraft Communications Addressing and Reporting System; 2014. Available from: http://www.rockwellcollins.com/Services_and_Support/Information_Management/~/media/DA843DB0792946C58740F613328E5022.ashx. [Last accessed on 2014 Dec 04].  Back to cited text no. 7
    
8.
Teso H. HitB Security Conference; 8-11 April, 2013, Amsterdam. Available from: http://www.conference.hitb.org/hitbsecconf2013ams/index.html%3Fp=2991.htm. [Last accessed on 2014 Dec 04].  Back to cited text no. 8
    
9.
Walter R. Flight management systems. In: The Avionics Handbook. Boca Raton: CRC Press; 2001.  Back to cited text no. 9
    
10.
Schuberth PA. Inflight entertainment systems and communication 101 (Presentation). Santa Ana, CA: IEEE Orange County Computer Society; 2011.  Back to cited text no. 10
    
11.
FAA. Special conditions: Boeing model 777 200, 300, and 300ER series. Washington: Government Printing Office; 2013  Back to cited text no. 11
    
12.
Santamarta R. A wake up call for SATCOM security. Technical White Paper; IOACTIVE Comprehensive Information Security; 2014.  Back to cited text no. 12
    




 

Top
 
 
  Search
 
Similar in PUBMED
   Search Pubmed for
   Search in Google Scholar for
 Related articles
Access Statistics
Email Alert *
Add to My List *
* Registration required (free)

 
  In this article
Abstract
Introduction
Background
Vulnerability Ve...
Conclusion
References

 Article Access Statistics
    Viewed701    
    Printed76    
    Emailed0    
    PDF Downloaded154    
    Comments [Add]    

Recommend this journal


[TAG2]
[TAG3]
[TAG4]