The aviation industry has a strong foundation and culture of safety, Pellegrini said. A culture of cybersecurity can be built on this foundation, he said.
Pellegrini also pointed out that there are firewalls among the systems that are used to control the flight of aircraft and other communications and in-flight entertainment systems. The safety features around the flight control systems are “robust,” he said.
But there are shortcomings, Pellegrini said.
“I will submit to you there are many specifications that we get for systems to put on aircraft that don’t have well-established security requirements and now we as a company (I know others do to) want to try and head that off and address them, but I think as an industry we could collectively do more,” he said.
There is a growing awareness within the industry of cyber hacking and potential vulnerabilities and more information is being shared but it’s still not enough, Pellegrini said. Efforts to combat cyber threats and hacking remain “stovepiped,” he said, pointing to the need for industry and government to work together to mitigate potential threats.
The aviation industry could learn from the lessons learned and best practices applied by other private sector groups such as financial services and retail to combat cyber threats, Pellegrini said.
“Awareness is great, action is better,” he said. “And we have good models to work on.”
Last year, a team led by the Science and Technology Directorate at the U.S. Department of Homeland Security (DHS) demonstrated that it could remotely hack a parked commercial aircraft. DHS acquired a used Boeing 757 that it parked at the airport in Atlantic City, New Jersey, and conducted a “non-cooperative penetration” of systems aboard the aircraft.
The work DHS is doing is classified and the information of the hack was provided by Robert Hickey, who at the time was the aviation program manager for S&T’s Cybersecurity Division. The disclosure of the hacking ultimately cost Hickey his job.
In a later statement, DHS said that “While certain details of the assessment remain classified,” Hickey’s comments “lack important context, including an artificial testing environment and risk reduction measures already in place. Along with our federal and industry partners, DHS takes aviation cybersecurity seriously and works with both researchers and vendors to identify and mitigate vulnerabilities in the aviation sector. The aviation industry, including manufacturers and airlines, has invested heavily in cybersecurity and built robust testing and maintenance procedures to manage risks.”
Continue reading the full article on Avionics sister publication Defense Daily.