Cockpit Avionics at Risk, GAO Report Says

By Woodrow Bellamy III  | April 16, 2015
Send Feedback

[Avionics Today 04-16-2015] A new report published by the Government Accountability Office (GAO) highlights the cyber security challenges associated with providing reliable security for critical aircraft avionics systems. The challenges are arising due to the increased used of modern communications technologies and Internet Protocol (IP) connectivity on modern airframes. In the report, GAO’s investigators are recommending that the FAA continue to adapt its aircraft certification process to incorporate an increased focus on cyber security. 
In-flight connectivity air to ground network. Photo: Gogo.
Historically, airborne aircraft avionics systems used for navigation have functioned as isolated and self-contained units, which protected the avionics from remote attacks. GAO’s new report provides research featuring interviews with cyber security experts and FAA officials that indicates the increased IP networking featured on modern aircraft has created a challenge with interconnectivity between cockpit avionics and cabin broadband networks. Firewalls are used to separate cockpit avionics from intrusion by cabin systems users, however the report states that because firewalls are software components, “they could be hacked like any other software and circumvented.”
Specifically, the government investigators say that if the cabin systems connect to the cockpit avionics systems and use the same networking platform — in this case IP — a remote user could potentially place a virus within flight control computers, take over the control of the computers and control the flight path of the aircraft. One method of gaining this type of malicious access to the aircraft from the outside world would be planting a virus or malware in websites visited by passengers in the cabin, giving an attacker access to the IP-connected onboard information system through the infected machines.
Peter Lemme, chairman of the ARINC industry standards Ku/Ka-band satellite subcommittee and founder of JetWayNet, said that the challenges associated with preventing malicious attacks on avionics systems arise from the way that today’s aircraft Local Area Network (LAN) is structured.
“The LAN on the airplane is federated into different domains and the broadband radio has to serve all of them while keeping them isolated from each other,” Lemme told Avionics Magazine. The International Civil Aviation Organization (ICAO) defines these three domains as Aircraft Control Domain (ACD), the Airline Information Services Domain (AISD), and the Passenger Information and Entertainment Services Domain (PIESD). 
The ACD consists of cockpit systems, the primary function of which is to support the safe operation of the aircraft. The AISD provides services and connectivity between independent aircraft domains such as avionics, In-flight Entertainment (IFE), cabin distribution, and any connected off-board networks. PIESD is the most dynamic, as it includes multiple systems from different vendors that may or may not be interconnected with each other. These systems can include passenger device connectivity systems, broadband television or connectivity systems, and seat actuator or message systems, according to a working paper on aircraft domains presented to ICAO by Aloke Roy, a senior program manager at Honeywell Aerospace.
“The radio link extends through a wireless service provider and then may span the Internet until arriving at the borders of the various services and operator networks. Using open standards and aviation-specific quality of service, a generic approach can be applied to any radio and the majority of the untrusted segment of the networking connection,” said Lemme.
The government investigators noted that the FAA is taking steps to address the challenges highlighted in the new report. During the certification process of the Boeing 787 and Airbus A350, the FAA issued special conditions specifically designed to address the increased connectivity among aircraft cockpit and cabin systems on the two airframes to provide systems with cyber security and computer network protection from unauthorized external and internal access. FAA officials also told GAO’s investigators that it is currently considering research supporting cyber-security-related special conditions that could be used to support the adoption of new regulations to certify cyber security assurance for avionics systems on all new airframes going forward.
Still, even with new regulations, experts such as Lemme say the strategy used to provide increased cyber security will have to be an international rather than domestic rule-making effort because of the global nature of the aviation industry.

“Authentication is the elephant in the room.  We should start with one global authority,” said Lemme.  “We must demand significant diligence and accountability in handing out certificates. It is time to start over. The FAA cannot solve this problem.  Airplanes are approved by many authorities, and nobody professes perfection.  Security by obscurity is no answer.”

Receive the latest avionics news right to your inbox