For veteran F-18 fighter pilot Brooks Cleveland, it’s not the obvious things that can go wrong in the cockpit that worry him, it’s the unseen attacks that can affect aircraft systems without being aware of them.
“The threats that sci-fi novelists write about are not what I’m worried about as a pilot — of the plane being taken over, or the landing gear not coming down. I’ve been trained to deal with that," said Cleveland, an experienced U.S. Navy and commercial pilot who joined Raytheon last summer as a senior aviation adviser. "What worries me as a pilot both militarily and commercially is insidious threats — something small that I don’t quite recognize, and the system is now operating on some bad information."
Cleveland’s concerns are well founded. Last year, hackers bombarded the aviation sector with more than 1,000 attacks per month. The industry now faces cybersecurity threats posed by a range of sources, from individuals to well-funded nation states. And the threats are not just aimed at Raytheon or airlines — increasing levels of connectivity between program partners, suppliers and service providers increase the industry’s overall vulnerability to cyberattacks.
Waltham, Massachusetts-based Raytheon has spent the past year funding its own answer to this threat — a cyber intrusion detection system for flight-critical avionics systems.
The system focuses on the avionics bus — an aircraft’s main data intersection point that interacts with the cockpit’s electronic components that feed key navigation and communications systems.
“We asked ourselves where can something happen statistically in the multitude of areas and decided to look at the avionics bus as the vehicle for a bad guy to introduce malware, for example,” explained Bob Delorge, VP of transportation and support services within Raytheon’s intelligence, information and services division.
“Raytheon understands how a system should work — how a handoff should occur,” he added, noting that the intrusion detection system looks for any abnormalities in the software code and then alerts the cockpit via a warning light. The pilot can consider the information and validate if there is a problem.
Raytheon is midway through the cycle of demonstrating the system, known as technology readiness 4 (TR-4). Delorge expects the system to be available as a solution on airframes in the next three years, depending on the timing for completing certification and testing.
Ultimately, Raytheon hopes to avoid what it terms “zero-day occurrences” — to stop an attack before it can be tiggered at some point in the future. Like the Trojan Horse strategy of the Greeks against the ancient city of Troy, malicious code often embeds itself with systems and only triggers after a certain number of events such as takeoffs, landings or altitude-speed changes. Fortunately, Raytheon’s system can track tiny changes in code that indicate something is amiss.
That kind of heads-up offered by the Raytheon system is precisely what pilots need, said Cleveland. “Just letting me know something is wrong will allow me to mitigate that threat and rely on my pilot training instead of technology that may not be correct.”
The timing for Raytheon’s system coincides with heightening awareness of the cyber threat among military and commercial aviation players. “We’ve been seeing in the last year a continued awareness and are starting to see particularly on the military side, requirements to address cybersecurity in a way that hasn’t been out there — embedded [in RFPs],” Delorge said.
Raytheon officials emphasized that it’s too soon to address system costs, but they indicated that the cost of the hardware piece is not typically prohibitive. The real investment will come from “the ripple effect” of introducing any new capability — such as training pilots and service technicians or introducing an active monitoring component to respond to certain alerts.
Delorge and Cleveland agree that any cyber-monitoring solution must be adaptable to a constantly changing threat environment. “This is one of the tools in our toolbox — we also have folks who are constantly trying to break the system. We want to get out in front of threats and we also constantly test the perimeters,” Delorge said.
“It’s important to take a multi-pronged approach. Raytheon’s intrusion detection system doesn’t identify a specific malware attack, but uses the aviation system to identify anything abnormal in the system so we can target the threat holistically,” added Cleveland.
To date, industry reaction to Raytheon’s system demonstrations, including most recently at the Dubai Air Show, has been positive. Delorge said customer attitudes about cyber vulnerabilities fall into two camps — well-informed customers who considered Raytheon’s demonstration a validation of the risks they see on aircraft, and others who haven’t yet had the time, energy or resources to fully understand the situation. The key, said Delorge, is ensuring that the aviation community understands the threats.
“It’s a collaborative environment we work in now — the more informed users, inquirers and regulators are, the sooner we can all get on the same page. That will be paramount to any kind of success here,” he predicted. “It’s going to take a multi-layered approach to avoid a situation. It’s not going to be a one-point solution.”