Embed Size (px)
Citation preview
Publications
7-2016
Aviation and Cybersecurity: Opportunities for Applied Research Aviation and Cybersecurity: Opportunities for Applied Research
Jon Haass Embry-Riddle Aeronautical University, [email protected]
Radhakrishna Sampigethaya Embry-Riddle Aeronautical University, [email protected]
Vincent Capezzuto Aireon Corporation - McLean, VA
Follow this and additional works at: https://commons.erau.edu/publication
Part of the Aviation Safety and Security Commons, and the Information Security Commons
Scholarly Commons Citation Scholarly Commons Citation Haass, J., Sampigethaya, R., & Capezzuto, V. (2016). Aviation and Cybersecurity: Opportunities for Applied Research. TR News, (304). Retrieved from https://commons.erau.edu/publication/299
From Haass, J. C., K. Sampigethaya, and V. Capezzuto. Aviation and Cybersecurity: Opportunities for Applied Research. TR News, No. 304, July–August 2016, pp. 39–43. Copyright, National Academy of Sciences, Washington, D.C., 2016. Reproduced with permission of the Transportation Research Board. None of this material may be presented to imply endorsement by TRB of a product, method, practice, or policy. This Article is brought to you for free and open access by Scholarly Commons. It has been accepted for inclusion in Publications by an authorized administrator of Scholarly Commons. For more information, please contact [email protected].
TR NEW
S 304 JULY–AUGUST 2016
39
Haass is Associate Profes-sor, and Sampigethaya isAssistant Professor, Cyber-intelligence and Security,Embry-Riddle Aeronauti-cal University, Prescott,Arizona. Capezzuto isChief Technology Officerand Vice President of Engi-neering, Aireon Corpora-tion, McLean, Virginia.
Aviation connects the global community and ismoving more people and payloads faster thanever. The next decade will experience an
increase in manned and unmanned aircraft and systemswith new features and unprecedented applications.Cybertechnologies—including software, computer net-works, and information technology—are critical andfundamental to these advances in meeting the needs ofthe aviation ecosystem of aircraft, pilots, personnel,passengers, stakeholders, and society.
Air travelers already are using aviation cybertech-nologies when booking tickets, checking in at the air-line counter, going through airport security, andconnecting to aircraft cabin Wi-Fi and in-flight enter-tainment. Many of the advances, however, are “underthe hood”—in the infrastructure of avionics, air traf-
fic control, airlines, and airports—on the ground, air-borne, and in space. Cybertechnologies are embeddedin the time-critical fabric that controls and assures avi-ation operations, safety, and performance.
Despite the great gains achieved and anticipated,cybertechnologies expose aviation to a dangerous andcostly world of threats. Aviation is no stranger to threatsand has matured to operate amid physical adversitiesfrom nature and mankind. But one century of flight isnot sufficient to master completely the art of managingthe risks threatening safety and performance.
Threats to cybersecurity pose a major challenge—the unpredictability of an attack makes the risks dif-ficult to understand. In addition, the opportunities forattacks continually grow as new services and systemsare developed.
Aviation and CybersecurityOpportunities for Applied ResearchJ O N C . H A A S S , K R I S H N A S A M P I G E T H AYA , A N D V I N C E N T C A P E Z Z U T O
PH
OTO
: TA
SAY
UT
ASN
APH
UN, F
LICK
R
(Above:) Technology isinvolved in almost everystep of air travel, fromcheck-in to baggage claim.
TRN_304_TRN_304 9/16/16 3:58 PM Page 39
TR N
EWS
304
JULY
–AUG
UST
2016
40
Emerging Cyberrisks In 1997, the aviation sector experienced one of theearliest cyberattacks, when a teenager in Worcester,Massachusetts, exploited a vulnerability in a localairport’s telecommunications service infrastructure.This denial-of-service attack exposed a weakness inthe system—the reliance on an infrastructure’sunfailing availability.
Recent remote hacking incidents targeting air-lines, airports, and air traffic control systems showthat cyberrisks will only grow; airport passport con-trol, crews, airline passengers, and baggage controlsystems are frequent targets.
In 2013, more than 75 U.S. airports reportedphishing—e-mails that attempt to defraud users intorevealing financial information. The same year,Miami International Airport experienced more than20,000 hack attempts per day, and Los AngelesWorld airports blocked almost 60,000 cases of Inter-net misuse and 2.9 million hacking attempts.
In addition, in 2014, a Tunisian hacker team tar-geted U.S. airport computer and communicationssystems. In the summer of 2015, LOT Polish Airlineswas forced to ground flights at Warsaw airport afterhackers disabled the flight plans for outbound air-craft.
Cyberadvances that have assisted in aviationoperations include commercial technologies, suchas Wi-Fi, GPS, Internet protocols, open-source oper-ating systems, virtualization, and cloud computing.These have made aviation systems cheaper, faster,and interoperable worldwide. But these technologiesalso have inherent vulnerabilities that can be tar-geted remotely by cyberadversaries.
Open-source, cheap, and powerful tools that canexploit vulnerabilities make external cyberattackson aviation assets far less complicated. For example,a White Sands Missile Range test exercise demon-strated that the GPS signals used for navigating anunmanned aircraft, or drone, can be accessedremotely to divert the flight onto erroneous paths.
Simulation studies at hacker conferences have reit-erated the feasibility of attacking air traffic control sys-tems with inexpensive equipment. A cyberattackcould show bogus aircraft on the screens of air trafficcontrollers and pilots, influencing unsafe actions andunwarranted performance losses. Moreover, the recentGermanwings flight allegedly crashed by a suicidalpilot suggests the potential for insider threats and theneed for improvements in managing the peopleentrusted with legitimate access to the system.
Visibility and scale make the aviation industry anattractive target for malicious actions. A single, seem-ingly isolated, disruption of aviation—caused, forexample, by a single computer failure, a weather-affected sector, or a natural disaster near an airport—can cascade quickly across the system and affect theeconomies of a nation and of continents for days tomonths. Millions of passengers can be stranded andinconvenienced worldwide, an enormous financialloss. Addressing aviation cybersecurity aggressively iscritical.
Aviation CybersecurityAlthough the aviation industry is not alone in fight-ing cybersecurity threats, the challenges to trans-portation systems—and specifically to aviation—areunique. The aviation industry is working to under-stand cybersecurity threats, risks, and management.
For example, the Aviation Information Sharingand Analysis Center1 (ISAC) and the second editionof the Cyber Security Toolkit2 from the InternationalAviation Transport Association provide guidance forairlines and strategic partners about evolving regu-lations, new attack vectors, and more.
Other efforts include the Cybersecurity SpecialTask Force of the International Civil Aviation Orga-nization and the proposed FAA CyberAIR Act,intended to bridge the gaps in aviation cybersecurity.The goals include identifying cybersecurity vulner-
An early cyberattack onthe aviation sectoroccurred at WorcesterRegional Airport in 1997,when a teenagerexploited vulnerability inthe telecommunicationsservice infrastructure.
1 a-isac.com.2 iata.org/publications/.
PH
OTO
: TER
AG
EOR
GE, W
IKIM
EDIA
CO
MM
ON
S
TRN_304_TRN_304 9/16/16 3:58 PM Page 40
TR NEW
S 304 JULY–AUGUST 2016
41
abilities, assessing threats, and finding standard mit-igations to manage the risks to the system.
Systems and AdversariesSystem at RiskThe aviation ecosystem is a complex system of sys-tems—a large number of aircraft and their users areconnected to a global infrastructure composed ofmany systems of competing airlines, national air traf-fic control systems, competing airport systems, air-craft stakeholder businesses, personnel, andpassengers. The ecosystem also includes the naturalenvironment within which aircraft operate.
Safety, efficiency, capacity, security, and environ-mental sustainability are key performance goals ofthis system. Cyberthreats can degrade these perfor-mance goals by compromising a combination ofinformation, network, Internet, and other elementsof the critical information infrastructure.
Who Is the Adversary?An adversary can be classified according to motiva-tion, resources, target, attack vectors, and other char-acteristics. Adversaries by motivation and resourcescommonly include amateurs, hacktivists, criminals,insiders, spies, and terrorists.
An adversary may directly target any system asset,including ground-based systems, aircraft, or satel-lites, via vulnerabilities in network connectivity, soft-ware, hardware, and human-in-the-loop processes.The adversary also can compromise the integrity,authenticity, confidentiality, and availability of data.Furthermore, an adversary may target a single com-ponent—part of the air traffic control system; a per-formance goal of the aviation ecosystem, such as
on-time flights or safety metrics; stakeholder busi-nesses; or passengers.
In general, cyberattacks fall into three categories:
u Passive—the adversary simply listens andobserves;
u Active—the adversary transmits signals or dataand receives responses; and
u A passive–active combination.
Passive listening can reveal sensitive informationor lay the groundwork for more active attacks. Theactive transmission of incorrect data, however, canprompt erroneous and inappropriate reactions fromthe targeted system or systems and therefore canpose the greatest threat.
Embedding CybersecurityThe risks, the adversaries, and the pathways forattacks are similar for a single corporate company orfor a large government agency. Attacks cause losseswithin minutes and hours, but the discovery andresponse can take days.
Best practices have evolved to reduce this timegap, but even with best practices, large institutionscan be breached. The adversary is global, persistent,sufficiently funded and always learning. Defeatingthe adversary may be difficult, but focusing on man-agement and approaches that can hinder an attackerlong enough for a response could be feasible.
Cybersecurity is not yet as embedded as reliabil-ity into the design life cycle of aviation systems. Typ-ical aviation system concerns—such as safety, flightperformance, environmental impact, fuel efficiency,and airspace security—are alien to the world of
A LOT Polish AirlinesBoeing 767. In 2015,hackers disabled flightplans for outbound LOTaircraft.
PHO
TO:
KO
NFL
IKTY
.PL,
WIK
IMED
IAC
OM
MO
NS
IMA
GE: FA
A
FAA began using theAutomatic DependentSurveillance–Broadcastsystem for air trafficcontrol in 2009.
TRN_304_TRN_304 9/16/16 3:58 PM Page 41
TR N
EWS
304
JULY
–AUG
UST
2016
42
cybersecurity. In designing a system to protect air-craft data, do programmers consider how a pilot oran aircraft mechanic would use the system? Is acybersecure system able to perform in an aircraftemergency?
Similarly, the concepts of cybersecurity may bealien to aviation professionals. Pilots today oftencarry an electronic tablet containing their flight kitinto the cockpit. What security precautions areappropriate for connecting the tablet to the avionicssystem?
The trade-offs are complex when considering easeof use, safety, performance, cost, and on-time depar-tures with last-minute crew changes. Adding cyber-security concerns to the design, deployment, andupgrading of modern aviation systems will increasethe cost and complexity of slow processes alreadyheavily regulated. Cyberadversaries are not encum-bered by these same rules and timescales.
Combatting CyberrisksCombating aviation cyberrisk requires segregatingthe intended function of each system and analyzingthe criticality of a threat to each component. Forexample, communicating air traffic control data to acontroller separating in-flight aircraft is an intendedfunction distinct from the collection of passengermanifests and credit card information for ticket pay-ments. But if all these data are uploaded to a cloudplatform, an attack on that data could create a time-sensitive and life-threatening situation.
Proactively addressing security threats to the mostsafety-critical systems requires the expertise of theuser community—air traffic controllers, mainte-nance technicians, pilots, and security experts—toidentify and rate the potential risks and to focus themitigation options on the most critical issues. Inbuilding systems that address security concerns, thedesign must allow for security upgrades as part of thenatural life cycle; this requires a continuous reviewof threats and a secure funding stream to implementmitigating strategies.
In the aviation environment, many resilient ele-ments within systems decrease the likelihood of anevent. For example, a remote takeover of an air trans-port aircraft would require intimate knowledge ofthe systems and the ability to defeat checks built intothe onboard avionics. Nevertheless, radio frequency(RF) links into the aircraft may provide a possiblepoint of entry for the introduction of malwareattacks. Many of these links—but not all—are con-sidered strong and robust and may limit the oppor-tunity to jam or spoof the signals without detection.
Weak RF links in the system include the GlobalNavigation Satellite System signal that provides crit-ical navigation information to the pilot and transmitsdata to air traffic controllers via an onboard Auto-matic Dependent Surveillance–Broadcast (ADS-B).An independent validation process has beendesigned to address some of the threats to thesedata—secondary means are needed to validate theaircraft’s location.
This secondary validation gives the pilot or con-troller the opportunity to confirm the integrity of theaircraft’s position, inserting a pause into the decisionprocess and arming the operator with knowledgeabout a possible exploit. Although this helps to miti-gate the data security risk, the stress increases with theinvolvement of weather or other factors—the crewmust decide which system to trust if the systems donot agree. Not all pathways to mitigation are ideal.
RF links are only one of many systems thatrequire continued investigation of all the cybersecu-rity implications. Security must be designed into thesystem as part of the ongoing life cycle, allowing for
A technician rewires andinstalls telecommunica-tions equipment at theChicago En Route Centerin Aurora, Illinois. Thescale of interconnectedtechnology in aviationmakes the industry a target for hackers.
PH
OTO
: FAA
TRN_304_TRN_304 9/16/16 3:58 PM Page 42
TR NEW
S 304 JULY–AUGUST 2016
43
appropriate responses to known risks and for theflexibility to detect and prevent “unknownunknowns” from crippling the aviation system.
Standards and Best PracticesThe Federal Aviation Administration (FAA) recentlyissued a call for proposals on aircraft systems infor-mation security and protection measures.3 The callresponded to a 2015 breach and a GovernmentAccountability Office report4 pointing to cybersecu-rity concerns for increasingly electronically enabledplanes and airports—both indications of the need forbetter cybersecurity standards and practices in theindustry.
A comprehensive framework for preventingcybersecurity threats is in development, based onthe National Institute of Standards and Technology’sbest practices for FAA’s next-generation aviation sys-tem, NextGen. In addition to these steps, significantnew work and research are needed to design, test,and deploy more cybersecure systems. In the UnitedStates, the Radio Technical Commission for Aero-nautics has published a document, AirworthinessSecurity Methods and Considerations,5 offering guid-ance on information security for continued airwor-thiness; these concepts will have an impact on theNextGen systems.
The Aviation Information Sharing and AnalysisCenter serves as a clearinghouse for best practicesfrom industry and academia in addressing individ-ual systems, as well as the encompassing environ-ment. Airlines are racing to provide services topassengers, flight support for crew, and more effi-cient tools for diagnostics and maintenance. Thecybersecurity of these initiatives may not be keep-ing pace with the rush to the competitive market-place.
The new cybersecurity systems being deployednot only must address current threats but must antic-ipate the need to address current and possible futurethreats that were not part of earlier designs. The avi-ation systems in development for flight control, posi-tion, and automatic pilot capabilities must includeintegrity checks, authentication mechanisms, andprivacy-preserving capabilities. Any communicationsystem in the aviation industry must be consideredfor its potential to be blocked, spoofed, intercepted,and possibly altered in a way that may look correctbut is dangerously wrong.
The best practices to identify, protect, monitor,mitigate, and update should become the frameworkfor each stage of new system designs and upgrades.
Research and DevelopmentFAA’s recent call for proposals on cybersecurity mea-sures is a step in the right direction for investigatingand recommending solutions to some of the knownweak links in proposed communication systems.These include research into the impact of larger vol-umes of UAS traffic and increased reliance on com-puter-to-computer signaling for decisions fromaircraft spacing to weather avoidance.
Other areas for investigation include privacyissues involving access to the precise positioning andidentification of air traffic in real time. Satellite-basedsystems can be exploited for communication chan-nels, and positioning system signals can be delayed,altered, or blocked.
Vulnerabilities are not in the avionics systemsonly. Crews, their authentication, security practicesfor devices, route planning, and integration in thecockpit present areas to address. The insider threat,described in more detail in the article on page 44, cannever be solved via technology alone.
Airports and airlines are an increasingly complexsystem of industrial control systems, from lighting tobaggage handling to maintenance, in addition to pas-senger manifests, cargo information, and flight plan-ning. As society increasingly relies on electronicdevices, the security of the Airport of Things is ripefor definition and understanding.
In-flight Wi-Fi and otherpassenger services alsoare vulnerable tocyberattack.
PHO
TO:
KO
NST
AN
TIN
OS
KO
UK
OPO
ULO
S
3 DTFACT-16-R-00037.4 GAO-15-370.5 DO-356.
TRN_304_TRN_304 9/16/16 3:58 PM Page 43
