industry unlocked
An attacker with
deep knowledge of
aviation systems
could intentionally
cause serious issues
with the aeroplane’s
intended operations.
party vulnerability assessments are
not a common practice with regards
to aviation security. To ensure secure
development, this gap must be filled. These are only three examples
illustrating what could happen when
software vulnerabilities go unresolved.
So how do we fix the problem?
Additionally, major development
standards don’t have detailed
cybersecurity policies; as of now, at least.
The ASISP 2015 initiative by the FAA,
however, is a move in the right direction. The way forward
The immediate need for change
In the 2008 crash of Spanair flight
5022, it was discovered that a central
To overcome the widespread challenges,
the industry must understand and
proactively work to defend the attack
surface. There should be a common
repository of threats to both hardware
and software detected by the developers
and/or assessors.
This needs to be maintained by
regulatory agencies like the FAA and
should also be available across different
development platforms.
Development teams should be able to
compile all known threats to build a
threat model. Within this threat model,
there should be information about
threats that exclusively affect the product
or piece of software at hand.
A security risk assessment model should
be built to effectively prevent, identify,
detect, respond and recover from the
security challenges that the aviation
industry is facing.
realm of security. The utilisation of COTS
technologies has also brought about
more software exposure within the public
domain. The aviation industry is an
excellent example of how the concept of
security through obscurity is becoming
increasingly outdated.
Avionics software has traditionally
relied heavily on the secrecy of its
development process. COTS has
ensured that this is no longer the case.
As such, software vendors must plug
loopholes as they would with any other
open architecture.
We must also consider the array of
hardware and software components
implemented from various sources.
Conducting the appropriate level of
vetting of each for security threats is a
massive undertaking. Currently, third-
46
computer system used to monitor
technical problems in the aircraft was
infected with malware.
An internal report issued by the airline
revealed the infected computer failed
to detect three technical problems with
the aircraft, which if detected, may have
prevented the plane from taking off.
The malware was found to be a trojan
horse. In 2010, the FAA published a
notice indicating that some computer
systems on the Boeing 747-8 and 747-
8F may be vulnerable to outside attacks
due to the nature of their connectivity.
In 2016, Reuben Santamarta
demonstrated that attacks such as
bypassing the credit card check and
SQL injection can be conducted on an
in-flight entertainment system.
Each failure is a lesson to be learned.
It is of great importance not to waste
those lessons by forgetting them.
Threats and attacks should be logged
and made available to all avionics
security personnel. A-ISAC is one
such organisation which can provide
intelligence on aviation security threats.
In the best-case scenario, security
considerations should be built into
the earliest phases of design, even
before requirements analysis. Software
architecture teams should consider
the potential threats faced during the
software life cycle. This will help in
providing reliable and robust software.
It is becoming ever-more critical to have
a well-established cybersecurity policy
accepted by all leading manufacturers
in place along with the accepted
avionics standards. The observance of
such policy should be mandatory for all
civil aircraft. u
Issue 08
|
www.intelligentciso.com