Home / Military / Air Force / Growing Cyber threats to commercial aviation require cyber risk management, and resilient systems

Growing Cyber threats to commercial aviation require cyber risk management, and resilient systems

Cyber attacks are growing in number and sophistication affecting large corporations, critical infrastructures of all kinds, governments to SMEs, and increasingly the aviation industry.


Commercial aviation plays a central role in our daily lives and is an essential part of the national economy. The number of passengers rose from 3.4 billion passengers in 2014 and is predicted to reach 6.7 billion in 2032 and 16 billion in 2050. More than 100,000 flights take off and land every day across the world. In transportation and particularly in aviation there is a key life safety issue. The attack on Aviation and aircraft can lead to catastrophe jeopardizing the safety of hundreds of passengers.


Software safety and cybersecurity are becoming increasingly important with the growing number of highly automated systems. The increasing use of new technologies in the movement towards automation has yielded efficiencies and enhanced the customer experience. Yet, it has also inadvertently created vulnerabilities for exploitation.


With sophisticated avionics and digital communications systems on aircraft, with more connected devices and complex interconnected information systems inside the airport, and ever more resourceful cyber attackers, risk of cyber threat has also arisen. Much of the cyber threat across society comes from those who seek commercial gain, or who want to cause economic damage and disruption for a variety of motives.


Airport databases are hubs for client information such as financial and personal data. The increasing reliance on the internet for operations such as data storage, tracking of cargo in real-time, and others can subject this information to security breaches and data theft. An increasing number of airports are providing free Wi-Fi hotspots to travellers. This is allowing external parties to hack into the security systems and disrupt day-to-day activities. For instance, the system can be hacked to allow the movement of illegal items weapons and cargo through the metal detections systems and baggage screeners, leading to a terrorist attack. Securing these systems is clearly of paramount importance, especially in an era prone to dramatic turns of events and ever more sophisticated cyber-attacks.


The rising penetration of smart technologies and IoT in airports is fueling the demand for airport security market. These include technologies such as remote check-ins, sensor equipment, e-gates, RFID baggage reconciliation systems, etc. A major portion of the data is collected in real-time and stored in large central databases. The presence of security issues in such cases can leave the data vulnerable to attacks from internal and external parties. Wireless tracking technologies, for instance, can allow a hacker to utilize triangular algorithms or Received Signal Strength Indication (RSSI) Information to track the location of the Wi-Fi end-point user and unearth historical data such as the route taken by the users, purchasing data, etc. With the predicted market growth of unmanned aircraft this might pose a serious and pervasive safety


The security of commercial airlines and whether the systems crucial to fly planes are vulnerable to cyber-attacks hit the headlines  after a security researcher claimed that he had been able to hack into flight controls via his underseat entertainment unit. When British Airways suffered an IT failure, caused by the misoperation of an uninterruptable power supply, it resulted in 726 flight cancellations, seventy-five thousand stranded passengers, and total costs of around £80 million. Delta Airlines lost power at its operations center on August 16, 2017, which caused a five-hour outage, As a result, around two thousand flights were cancelled at a cost of $150 million. Although these were accidental outages and not the product of malicious activity, they demonstrate how quickly even simple failures can rapidly snowball, destabilize operations, and impose considerable costs.


Military aircraft are also increasingly become as connected as their civilian counterparts, however they face much stronger threat  environment including physical, Radio Frequency (RF), and cyber threats. Therefore Militray and aircrafts need advanced and robust cyber security solutions. As an example, the KC-46A aerial refueling aircraft, based on the civilian Boeing 767-200ER, is the first increment of replacement tankers for the United States Air Force. The aircraft has gone through a considerable modification program to increase its survivability in high threat environments. This has included a cyber threat assessment with a comprehensive vulnerability and penetration testing program, ranging from individual systems up to live aircraft.


Cyber Security  Technologies

The aviation industry relies on a quite complex infrastructure integrated in multiple systems that need to be individually and holistically protected. A thorough cyber assessment is needed involving aircraft and equipment manufacturers, Aviation Cyber Securityair-traffic control, airports, airlines and all the other elements of the aviation infrastructure as an information system. This should include penetration testing or red teaming where cyber experts try to gain access to the systems as well as vulnerability testing to look for flaws in security.


Aviation systems in the past were relatively secure from cyber threats due to the “bespoke nature” of their design and their isolation from other systems, the report notes. “But air traffic management (ATM) is no longer isolated, and ground services and supply chains are becoming fully integrated into an interconnected digital world,”  writes Pete Cooper, a senior fellow at the Atlantic Council’s Cyber Statecraft Initiative in the Brent Scowcroft Center on International Security and author of Aviation Cybersecurity—Finding Lift, Minimizing Drag,


The report points to vulnerabilities associated with emerging capabilities, ranging from additive manufacturing to unmanned systems, and warns that “their novelty may obscure the cybersecurity risks these technologies introduce.”  ATM is also undergoing a sweeping modernization program that shifts away from legacy radars and beacons to a heavy reliance on Global Positioning Systems (GPS) and digital communications. A shift from legacy radar to GPS and ADS-B greatly improves accuracy and reliability under normal conditions, the report states, but it adds that those systems “…remain susceptible to degradation by environmental hazards or manipulations by hostile actors.”


Connectivity of aircraft systems, through traditional information technologies and aviation-specific protocols, has now extended the attack surface to the aircraft itself. Aircraft are now complex data networks, yet the ability to monitor them arguably lags behind comparable ground-based networks—as does the ability to avoid and respond to potential cybersecurity incidents.


Airports, which are susceptible to physical breach, are another area of concern, says the report, pointing to numerous other vulnerable areas, such as connectivity systems on aircraft, electronic flight bags and remote towers. Concerning to the report’s authors is “the speed of innovation, technological advancement and adversary capabilities potentially outstripping policy and regulatory development in many areas of the aviation ecosystem.”


Military Aircrafts

Military aircraft are also increasingly become as connected as their civilian counterparts, however they face much stronger threat  environment including physical, Radio Frequency (RF), and cyber threats. Therefore  Military assessment of adversary threat, capability, and risk may often be based on classified assessment of threat actor capability and an anticipation of aggressive intent and determination. This means that military threat models will be considerably more robust than their civilian counterparts. Such a robust threat model is leading to an increasing amount of testing and assurance of aircraft and systems.


Warfighting systems are built for longevity. Many of their embedded components, including the MIL-STD-1553 (1553) data bus, were designed long before the days of widespread, computer network hacking. The 1553 bus and the line-replaceable units (LRUs) on it are vulnerable to unimpeded adversary mission execution and attacks such as denial of service (DoS) and exfiltration of critical data. Depending on the scope and nature of the compromise, adversaries can cause neutralization or destruction of the warfighting system, mission failure and loss of life.


Cyber Security

Realising the  cybersecurity vision  of aviation industry, “A safe and prosperous aviation industry with resilient trust and systems connected aviation industry,” requires cyber risk management, Resilient systems. Resilient stakeholder trust, Secured Human Decision-Making, Shared Perspective and Culture.


The report offers numerous recommendations for shaping a cybersecurity vision, with a need to focus on international collaboration on managing risks and developing resilient systems. Recommendations range from reinforcing standardization, developing a common understanding of cyber safety and developing robust threat models, to designing systems to capture relevant cybersecurity data and training for safety. Another recommendation it makes is to “incorporate cyber perspectives into accident and incident investigations.”


“Cyber security means analyzing the risk systematically and with a calm head, anticipating the threats and addressing the main vulnerabilities, supporting industry with the actions it needs to take, and taking the right actions as regulators to help protect industry and passengers when we need to,” says Lord Ahmad of Wimbledon, Department for Transport.


The complexity of the aviation ecosystem, with its many stakeholders, makes understanding the new nature of risk particularly challenging.  Getting the threat model correct is essential for understanding true risk levels. There should be cyber safety requirements for critical systems that could cause loss of life if compromised. For example, the risk of catastrophic failure for flight critical systems must be assessed as extremely improbable (1×10-9) and validated by test and analysis. If the cyber threat model is underestimated it may give the incorrect impression that an acceptable level of risk has been achieved.


Another very important element to consider is Insider threat. Reports show that Insider threat is on the rise, requiring employees to be educated in their role in mitigating such threats and adhering to cybersecurity policies and best practices. Processes and playbooks should be periodically reassessed and rigorously tested to ensure continuous improvement.  In addition, access controls should be put in place to only allow the people who absolutely need clearance to certain areas to the airport or the aircraft.


Security Standards

Moreover, aviation and aerospace systems must support real-time behaviour and they require ultra-high reliability. Many of these systems are safety critical and require strong certification and rigorous cybersecurity controls. Complexity is another ingredient and definitely a challenge as avionic software may have between 100 million and 1 billion lines of code. As a consequence, software verification represents an important cost and certification is a not a quick process.


Software development in safety-critical domains is dictated by software standards, such
as “Software Considerations in Airborne Systems and Equipment Certification” (DO-178C).
This standard is an acceptable means of compliance for achieving the required level of software
safety in aviation. In addition to software safety, the security aspects of cyber-physical systems
has become increasingly important in recent years, especially for unmanned aircraft systems
with an increasing number of autonomous functions.


The most comparable software standards regarding security in the aerospace domain are “Airworthiness Security Process Specification” (DO-326A), “Information Security Guidance for Continuing Airworthiness” (DO-355), and “Airworthiness Security Methods and Considerations” (DO-356A).


DO-356A acts as a companion document to DO-326A and describes the activities for security risk management and security assurance.  It contains detailed information on the risk assessment of cybersecurity threats, information that is relating to the aircraft level of development. But the document also contains details on security-specific assurance as well as security development
assurance, which is information on the system and item development level. Furthermore, this document introduces security assurance levels 0 to 3, with increasing levels of criticality. Security architecture principles are detailed at the aircraft level, system level, and item level.


DO-178C does not contain any guidance on cybersecurity. The cybersecurity standards also refer to the software safety guidance, since there are some development activities identified that also support cybersecurity aspects.


Bus Defender™ device from Perspecta Labs

Perspecta Labs, the applied research arm of Perspecta Inc. has won a contract from the U.S. Naval Air Systems Command (NAVAIR) to enhance and mature its Bus Defender solution for operational testing in airborne platforms. According to company information, the Bus Defender tool detects and blocks cyberattacks and attempts to carry out adversary missions via MIL-STD-1553 buses while ensuring and maintaining proper bus transmission and operation.


Perspecta Labs, the applied research arm of Perspecta Inc. has won a contract from the U.S. Naval Air Systems Command (NAVAIR) to enhance and mature its Bus Defender solution for operational testing in airborne platforms. According to company information, the Bus Defender tool detects and blocks cyberattacks and attempts to carry out adversary missions via MIL-STD-1553 buses while ensuring and maintaining proper bus transmission and operation.


The Bus Defender™ device from Perspecta Labs provides protection to the warfighting system without requiring any modifications to LRUs – a key advantage over softwarebased approaches. Sophisticated security processing prevents a compromised LRU from performing malicious activities via the 1553 bus and stops both attacks against other LRUs and attacks that leverage other LRUs. Bus Defender primarily targets runtime attacks, but also prevents supply chain
attacks by verifying LRU images when images are loaded via the 1553 bus.


Bus Defender devices are deployed in-line on a 1553 bus to successfully detect and block attacks while ensuring proper bus transmission and operation. The devices can be deployed in a variety of bus configurations allowing the customer to make trade-offs between size, weight and power (SWaP), security and cost.


Bus Defender is a mature prototype that has been successfully tested in Department of Defense (DoD) system integration labs and proven to prevent diverse attacks launched by DoD testers. The 1553 Bus Defender work was sponsored by the Defense Advanced Research Projects Agency (DARPA), the Air Force Research Laboratory (AFRL) and the Naval Air Warfare Center (NAVAIR).


Aviation Cyber Security Market growth

The global Aviation Cyber Security market was valued at US$ 4,180.8 Mn in 2020 and is expected to reach US$ 6,810.3 Mn by 2027 at a CAGR of 7.1% between 2021 and 2027.


Several factors are having a profound, driving effect on the industry, particularly the integration of emerging technologies to improve flight operations and the high threat posed by foreign hackers, terrorist organizations, and organized criminals.  Increasing terrorism, and smuggling of premium goods has propelled the segment growth. Growing demand for airline security to avoid the serious disruptions through cyber-attacks may enhance the airport security market revenue.


The high installation and maintenance costs of the solutions is hindering the growth of the airport security market. The technology must be upgraded at frequent intervals of time as hacking software are continuously evolving at a rapid rate. For instance, the Petya ransomware, working similar to WannaCry, is disrupting the operations of airports and large companies in Russia and Ukraine causing the normal operations to be halted.


The leading players currently supplying cybersecurity solutions to the aviation industry include Airbus SE, Amadeus IT Holding SA, Boeing Company, CISCO Systems, DXC Technology, Honeywell International, IBM Corporation, Indra Sistema’s SA, Intel Corporation, and L3Harris Technologies.



References and resources also include:




About Rajesh Uppal

Check Also

Loitering Munitions: Redefining Precision Strike Capabilities

In the ever-evolving landscape of modern warfare, the need for precision strike capabilities has become …

error: Content is protected !!