It has been a while since we last addressed this issue. Our interest in cyber security within commercial aviation has not waned. The subject has become more obscure as the players in the industry close ranks. This is understandable. Industry firms know only too well that they must collaborate to ensure the safety of the entire aviation system.
So it was great interest that we noted on September 29 that a new group has been established. The group is named Aviation Information Sharing & Analysis Center and goes by the moniker A-ISAC. It is a non-profit organization based in Annapolis Junction, MD. A-ISAC functions as “a specialized forum for managing security risks to the aviation industry as well as those encountered by companies directly linked to the broader aviation infrastructure. It members are companies in the aviation sector which are collaborating to create a means for analyzing and sharing information about physical and cyber security threats across the industry. A-ISAC will create a framework for government and industry stakeholders to enhance existing intelligence resources through quick and efficient information sharing. The Center also will establish initiatives to improve incident response time to security threats and be active in the development of policies on security, incident response, and information sharing issues“.
This appears to be an excellent way of responding to the quietly growing cyber security issue. Integration of air traffic management, with satellite-based navigation and data networks available within the flight deck and cabin drive the need. SESAR and NextGen impact e-Enablement. e-Enablement drives inter-connected aviation systems. Of course this means data exchange formats and System Wide Information Management (SWIM) exchanges are needed. Essentially this means the ability of every system to communicate with any other in real-time. Information exchanges between systems enable vast increases in data flow. These networks require huge bandwidth for the traffic between ground-based SWIM compliant ATM systems and aircraft cockpit avionics. The benefits of the data flow for decision support are easy to understand within the confines of aviation operations. The attraction is lower costs and even better safety. But like everything in life, it does not come at no cost.
A recent move by the FAA hints at what is coming. Just we have seen in terrestrial markets, software development is faster and outpaces hardware development. The FAA faces a daunting task. Keeping aviation safe is its primary job and they do it well. But rapidly changing technology deployments in aircraft means they are playing “catch up” all the time. Just when they approve the iPad as an EFB, for example, Apple moves to iOS 8. All applications for the iPad are updated for the new iOS and the FAA may only have approved iOS5. This is a hypothetical example used for illustration.
The job A-ISAC is going to be busy with is all encompassing. If one considers the technologies involved from booking a flight, DCS, push back, takeoff, cruise, descent, landing, taxi pull in and disembarking the mind boggles. In addition to the airline facing technologies there are ancillary technology inputs like weather, ATC and airports. To make it even more interesting you can also throw in security monitoring like Homeland Security. The data flow is more like a tsunami. Processing all this data into decision support is a massive job. It is easy to see how such a system would have leaks and spillages. Now imagine securing it.