SAE - Commercial Aviation Cyber Security: Current State and Essential Reading

Organization: SAE
Publication Date: 31 December 2016
Page Count: 90


Recently, the International Institute for Counter-Terrorism released a report on "Trends in Aviation Terrorism" which included a section on the "Cyber Terrorism Threat." Although covering cyber threats, it concluded with the statement: "Nevertheless, experts in the field estimate that at this stage, terrorist organizations are not capable of executing cyber attacks at the magnitude of an attack on civilian aircraft" (1)

Unfortunately, this has been widely quoted in the press, although most cyber-security professionals would not support this view. This is especially true in light of the technical capabilities terrorist organizations have demonstrated in physical attacks around the world, and their active recruitment of cyber talent

Every new commercial aircraft model entering service in the last 25 years has cyber-attack surfaces, or apertures, as the Federal Aviation Administration (FAA) refers to them, and each succeeding model has increased the number and complexity of these apertures. These include loadable software , airline modifiable interfaces (AMIs), legacy Air Traffic Management (ATM) and Air Traffic Network (ATN) communications, and onboard wireless systems for both passengers and crew, to mention just some of the major ones. They are just the beginning of the transformation of commercial aircraft into full digital systems

In the next decade, commercial aviation will see Next Generation ATM (NextGEN), Single European Skies ATM Research (SESAR), and others utilizing Internet-based air-to-ground communications links for adanced "air traffic control" (ATC) communications, which may include direct links into the aircraft flight-critical systems. It will also see remote electronic maintenance, virtual "line replaceable units" (LRUs) taking the spot of many traditional hardware units, and cloud technology for onboard computing. These will include flight-critical functions, inflight diagnostic assistance, and (very possibly) some other advanced technologies like real-time voice translation for controllerpilot communications

This technical paper collection and introduction will touch on challenges to legacy ATM and ATN communications, and to securing the new generation of advanced ATC communications over Internet-based air-to-ground links