(Image by Martin Winkler from Pixabay)
Today’s commercial and military aircraft are critical infrastructure for transportation and logistics. However, researchers have detected vulnerabilities in them that pose potential cybersecurity risks, particularly during periods of military conflicts. Nevertheless, funding is rising for companies that secure the crucial operational technology (OT) layer powering flight systems; and public and private stakeholders are making sizable progress in adding visibility to this pocket of converged tech stacks where malicious actors could operate. Startups with tailored solutions have been key in advancing protections and I remain a strong advocate for continued innovation to further empower today’s defenders and to ultimately field these new capabilities.
While in previous years there may have been a love-hate relationship between aviation and cybersecurity (around implicit questions over safety), the tides have begun to change, and strong partnerships have been forged amid cybersecurity’s rapid ascent. While avionics and aviation systems are clearly more digital, fly-by-wire systems, versus the mechanical stick and yoke pilots flew in the 1950s, the industry has recognized areas to intervene and strengthen defenses. Stakeholders have responded in kind with research initiatives and operational testing, some of which I’ll explore here.
A Widening Attack Surface
Over time, today’s aircraft have become dotted with smart technologies. This has provided a more connected flight for passengers, smoother operations for pilots and more data for airline operators to make better fleet-wide decisions. However, this modernization brings with it cybersecurity risk. Exploits have been identified that can skirt weak authentication, jam GPS signals, or even tamper with misconfigured in-flight or ground systems.
In fact, in 2018, the U.S. Department of Homeland Security ran “nose to tail” tests of an aging commercial airliner to detect weak spots and found that the vessel could be hacked by breaching the plane’s radio frequency communications. Nevertheless, rising awareness and technological advancements have helped counter this activity. The DHS assessment, along with similar testing and certification processes, have helped enhance protections aboard our aircraft (from software and hardware to the wider network architecture).
Large suppliers like Boeing maintain that effective cybersecurity is essential to the business, including both operations and overall data protection, and for one, the manufacturer adheres to the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework – and expects similar efforts from partners to secure the aviation supply chain.
Thanks to this type of recognition and progress, a once-held assumption that flight systems simply prioritize physical safety and reliability over cybersecurity is waning. Manufacturers have grown more aware of the physical (and fiscal) impact of today’s cyberattacks (ransomware hits on flight operation systems, grounded flights, etc.), which has hastened innovation. Now, scores of solution providers are emerging with capable products that can be deployed for immediate results.
(Image by StockSnap from Pixabay)
Data Visibility: A Source of Hope
Overall, I’m certainly optimistic about our future. As partner and head of AEI HorizonX, a VC venture formed in partnership with Boeing, I spend my time researching and investing in next-generation aerospace defense and security startups around the world. I believe that if the industry continues to foster innovation and increased awareness, cybersecurity challenges of all kinds can be overcome (and threats averted).
In fact, we’re seeing rapid innovation around the use of data, specifically. Companies providing tailored, dual-use solutions for both public and private deployment are primed to excel – and attract VC funding – in the current market. Security innovators like OT cyber firm Shift5, for example, are working to provide continuous monitoring of onboard networks and data buses (hardware subsystems used for data transmission), bringing greater observability, and therefore cybersecurity, to Airplane Information Management Systems (AIMS), ground/onboard systems, connected fuel gauges, and other mechanisms.
Data as a Force Multiplier
Early adopters of these tailored solutions are seeing security improvements, and performance and efficiency benefits. Enhanced data monitoring using artificial intelligence and machine learning, for example, helps defenders see patterns and anomalies that could indicate security issues. But they can also surface mechanical issues in real time – reducing the chances of a damaging cyberattack or malfunction.
I’m confident that with OT-level data available to innovative solution providers, operators can enhance their strategic decision-making around fleet usage and drive profitability. I believe it will take even further momentum, however, to up-level the overall security of every aircraft. Like the equipment retrofitting we’ve seen around new cabin services (personalized IFE software or purchase-tracking Wi-Fi sensors), enlightening OT security tools are an investment in the future, poised to uncover new efficiencies.
There's never been a more exciting time for innovation in this space. Despite greater levels of connectivity and associated cyber-risk, operators proceeding with cybersecurity in mind will maintain safe flying conditions – and the industry has the tech offerings to make this happen.
Brian Schettler leads AEI HorizonX, the venture capital investment platform formed in partnership with The Boeing Company. He was also a founder and senior managing director of Boeing HorizonX Ventures and led Boeing’s venture capital team chartered with investing in next-generation aerospace defense and security startups around the world. He has more than two decades of experience in aerospace, technology and defense companies and has led numerous investment transactions. He was also formerly the VP of Corporate Strategy at Cobham and a senior strategist for Boeing Military Aircraft, Phantom Works, and the space systems division of Northrop Grumman.