[Guest Column by Oussama Salah, President Gulf Aeronautics USA]

As technology advances, the obvious spinoff is increased efficiency and productivity of the aircraft, the airlines and the air traffic system (ATS). The venue is e-Enabled aircraft that automatically connect and interact in real-time with airlines and service providers’ ground based stations and ATS. New generation e-Enabled aircraft (A380, A350, B787, CSeries and others including a few business jets) have their systems linked to ground stations in real-time, and data uploads and downloads drive these operational efficiencies.

e-Enabled aircraft have unique networking, computing, security, certification and physical operating requirements that renders integration a daunting challenge. These systems and domains are:

  • Flight Deck {Electronic Flight Bag (EFB))
  • Avionics Data {Satcom, ACARS and avionics}
  • Open Networking {Avionics interfaces, Servers, Terminal Wireless, Network appliances and Core Network}
  • Maintenance {Software Loading and Maintenance Access}
  • Cabin and Airline Services {FOQA Data, FA terminals and crew wireless}
  • Passenger {IFE, wi-fi and Cell phones}

e-Enabled aircraft derive efficiency by integrating and connecting in real-time the following functions:

  • EFB
  • Integrated Management
  • Airline Flight Operations
  • Maintenance Performance
  • Airplane Health Management

Add to this the evolving automation in Air Traffic Management (ATM) through Automatic Dependent Surveillance (ADS-B and ADS-C) systems, Future Air Navigation System (FANS), Controller Pilot Data Link Communication (CPDLC) and NextGEN.

All the above requires Internet and wireless connections between the various ground centers and the aircraft:

  • OEMs
  • Airlines Centers
  • Maintenance Providers
  • and their various ancillary functions

The threat of someone hacking into a ground network and interfering with downloading or uploading data to and from an aircraft, and eventually the aircraft systems is possible, if this someone is willing to take the risk. This represents an emerging risk of acts of unlawful interference with civil aviation affecting and security.

The risk is real enough that several countries in their National Civil Aviation Programs (NCASP) and their security require airlines to secure their systems and aircraft against cyber-security threats.

This emerging threat has no developed standards for risk assessment of ground based IT systems. This is not limited to aviation. The National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices for better security for IT systems that will, once developed, provide guidance to organizations on how to manage cyber-security risk in a similar manner to financial, and operational risks.

This has prompted ICAO, FAA, EASA, IATA, OEMs and other interested parties to start discussions regarding cyber-security threats to aviation. The US DOD finalized regulations on October 22 for its cyber-security threat sharing program with defense industrial base companies.  But reporting of cyber-security incidents is not happening fast enough to provide a meaningful knowledge base.

Just as policies and actions to safeguard aviation personnel and assets from physical acts of unlawful interference took decades to develop, and are still evolving as the physical threat changes. This effort will take several years before it produces a working standard and a few more years for implementation.  Meanwhile, cyber-security threats evolve.
Please follow and like us:
%d bloggers like this: