Embedded Avionics

New Computer Monitors Aircraft Network Traffic for Cyber Threats

CCX's AP-250 is designed to protect connected aircraft systems from cyber intrusions that can corrupt safety critical avionics. Photo: CCX

A new aircraft device designed to monitor aircraft network traffic and protect safety critical avionics systems from potential cyber threats introduced by in-flight connectivity is expected to become available in 2020.

The AP-250, developed by Canadian avionics manufacturer CCX, can be installed with avionics and other networking devices to provide intrusion detection and prevention. CCX President Chris Bartlett said the device was developed as a means for complying with new civil aviation regulations that require operator and aircraft systems suppliers to prove the cyber resilience of their connected systems.

Bartlett said the company has already found an unnamed launch customer for the new device, which works by connecting to an aircraft’s local and wide area network to monitor all ARINC 429, 664 and other data bus and network traffic for potential intrusions. Through an interface to air to ground and satellite communications terminals and routers, AP-250 uses an intrusion detection and prevention system to log, monitor and store network traffic while also preventing threats that could lead to unauthorized access and disruption of electronic systems, interfaces and information.

An overview of how CCX's AP-250 protects aircraft systems from potential cyber attacks. Photo: CCX

“Based on the set of rules the operator has for their specific network, alerts that are deemed to be nefarious will trigger the CCX team to automatically update the ruleset while the aircraft is inflight. This protects the onboard network,” said Bartlett.

Some of the examples of cyber threats that can occur if the security levels of wireless aircraft networks are breached can include viruses, worms, trojans and ransomware according to a recent interview with Curtiss Wright CTO Paul Hart. The avionics architectures on the majority of in-service aircraft are segregated from connections to internet protocol-based traffic, however the increasing presence of new in-flight connectivity systems on aircraft has increased their vulnerability.

AP-250’s intrusion detection system is customizable based on the type of network traffic alerts set by individual operators. Network traffic, third party equipment logs and avionics data bus communications traffic is monitored by the system and logged by CCX on database storage onboard as well as in the operator’s selected remote ground server.

The aircraft’s wide area network traffic, including air to ground, Ku/Ka-band, L-band and Wi-Fi communications are also monitored, stored and logged in database storage. Bartlett said CCX’s team can also act as a remote cyber intrusion service for operators.

“Some operators may not want a constant stream of alerts going over their satcom system, so they can decide which are considered critical and when / how they will be transmitted. For example, an alert may be triggered relating to low-level data, which may not need immediate attention. Other alerts will be identified as critical, such as activity that shouldn’t ever be occurring on the airborne network. In such cases, those who must notified are immediately alerted so they can take action,” said Bartlett.

Receive the latest avionics news right to your inbox