• Cyber security is an issue because many civil aviationorganizations rely on electronic systems for criticalparts of their operations, including safety-criticalfunctions. The protection of electronic systems frommalicious electronic attack (unlawful interference) andthe means of dealing with the consequences of suchattacks is encompassed by the term cyber security. Itcomprises managerial, operational and technicalactivities, and relates to the electronic systemsthemselves and to the information held and processedby such systems. Cyber security is also often referredto as information security, and while the two terms arenot synonymous they are similar enough that thedifferences can be ignored in this context.
Currently cyber security is a relatively minor issue in civil aviation,but this is changing. Although the adoption of new technology isan ongoing activity in civil aviation, the current pace and extent ofnew information technologies is notably increasing the risk fromcyber attacks. This is due to a number of factors:• There is an increased reliance on a small number of technologies,such as Linux, Windows, IPv6 protocols and Ethernet (AFDX), andthese technologies are widely used in the IT industry• As a result there is widespread understanding of thesetechnologies, and of their weaknesses and vulnerabilities• Systems are becoming more interconnected and security lapses inone system are likely to affect others•There is greater impact from systems failures due to increasedreliance on them.
• Over and above these factors, there is the potential forunforeseen systematic problems due to weaknesses inoversight. This is mainly due to a lack of coherencebetween the many groups working on cyber security, anda lack of expertise and understanding amongst thosewho might provide the coherence. Some knowledge ofthese problems exists within the industry, but knowledgeof the big picture is more limited.
• ICAO estimates that US$120 billion will bespent on the transformation of air transportationsystems in the next ten to fifteen years. Thistransformation will bring significant benefitsfor safety, efficiency and the environment. Stakeholders,including service providers, regulators, airspace usersand manufacturers, will face increased levels ofinteraction as new, modernized ATM operations areimplemented. Security issues related to thetransformation of the aviation system are coming intoview, issues that will require closer collaboration amongexperts in safety and security disciplines. As the agendafor AN-Conf/12 states, security matters should beconsidered in the system changes that lie ahead.
Technologies InvolvedNextGen – Next Generation Air Transportation System The Next Generation Air Transportation System (NextGen) is the name given to a new National Airspace System due for implementation across the United States in stages between 2012 and 2025. The Next Generation Air Transportation System (NextGen) proposes to transform America’s air traffic control system from an aging ground-based system to a satellite-based system. GPS technology will be used to shorten routes, save time and fuel, reduce traffic delays, increase capacity, and permit controllers to
Elements within NextGenAutomatic dependent surveillance-broadcast(ADS-B). ADS-B will use Global Positioning System (GPS) satellite signals to provide air traffic controllers and pilots with much more accurate information that will help to keep aircraft safely separated in the sky and on runways. Aircraft transponders receive GPS signals and use them to determine the aircrafts precise position in the sky. These and other data are then broadcast to other aircraft and air traffic control. Once fully established, both pilots and air traffic controllers will, for the first time, see the same real- time display of air traffic, substantially improving safety.
• Next Generation Data Communications Current communications between aircrew andair traffic control, and between air trafficcontrollers, are largely realised through voicecommunications. Initially, the introduction ofdata communications will provide an additionalmeans of two-way communication for air trafficcontrol clearances, instructions, advisories,flight crew requests and reports. With themajority of aircraft data link equipped, theexchange of routine controller-pilot messagesand clearances via data link will enablecontrollers to handle more traffic. This willimprove air traffic controller productivity,enhancing capacity and safety.
• Next Generation Network Enabled Weather(NNEW) Seventy percent of NAS delays are attributed toweather every year. The goal of NNEW is to cutweather-related delays at least in half. Tens ofthousands of global weather observations andsensor reports from ground-, airborne- and space-based sources will fuse into a single nationalweather information system, updated in real time.NNEW will provide a common weather pictureacross the national airspace system, and enablebetter air transportation decision making.
• System Wide Information Management(SWIM). SWIM will provide a single infrastructure andinformation management system to deliver datato many users and applications. By reducing thenumber and types of interfaces and systems,SWIM will reduce data redundancy and betterfacilitate multi-user information sharing. SWIMwill also enable new modes of decision makingas information is more easily accessed.
• NAS voice switch (NVS). There are currently seventeen different voiceswitching systems in the NAS, some in use formore than twenty years. NVS will replace thesesystems with a single air/ground andground/ground voice communications system.
Incidents and Vulnerabilities In late 2009, Newark Liberty International airport experienced sporadic outages of the GPS Ground Based Augmentation System (GBAS), used for precision approach landing, were observed for several weeks. Though not a directed cyber security attack, this event shows the potential impact that could occur in a jamming scenario. The ground station, located approximately 300 feet away from the New Jersey Turnpike experienced signal interference every day about the same time. After an investigation, the FAA discovered the cause of the outage: a passing truck driver on the turnpike using a widely available $33 personal GPS jammer to avoid being tracked by the employer.
An extract from the media in July2012: “At a recent conference Dr.Andrei Costin gave an unnervingdemonstration of weaknesses inthe air traffic control systemscoming into use. He showed thatwith just $2 000 worth of store-bought electronics an ADS-Bbeacon could be ‘spoofed’ toshow that a non-existent aircraftwas coming in to land. This‘Ghost Plane’ presentation waspossible because air traffic controlsystems have no way of verifyingwhere messages are comingfrom”
Since ADS-B is supposed to support mission-criticalautomatic and human decisions, and have direct impact onthe overall air-traffic safety, it is imperative that technologybehind ADS-B meets operational, performance and securityrequirements.However, the main problem with ADS-B is the lacksecurity mechanisms, specifically:• lack of entity authentication to protect against messageinjection from unauthorized entities.• lack of message signatures or authentication codes toprotect against tampering of messages or impersonatingaircrafts.• lack of message encryption to protect against eavesdropping.• lack of challenge-response mechanisms to protectagainst replay attacks.• lack of ephemeral identifiers to protect against privacytracking attacks. We did not include Denial of service (DoS), e.g., byjamming radio signals, because it affects RF-based communicationin general, and is not specific to ADS-B.
Threats ADS-BJamming, denial of serviceEavesdroppingSpoofing, impersonationMessage injection/replayMessage manipulation
There have been incidentsinvolving crashes or tail strikeswhen flight crew have madeerrors in calculating take-offperformance parameters usingelectronic flight bags (EFBs).These were the result of humanerror, but there is the potentialfor the EFB programming to becorrupted maliciously (hacked),particularly when these devicesare connected to externalnetworks to receive updates.
Conclusion & Recommendationrecognize the risks in the current situation and the potential for future problemscreate a Cyber Security Task Force (CSTF) to evaluate the extent of the problem and draw up a global cyber security architecture, which includes contributions from industry
Cont..encourage states to provide the Aeronautical Communications Panel (ACP) with the resources to complete its work in developing a robust, secure aeronautical telecommunication network (ATN) using IPV6 as a foundational part of the next generation air traffic management systemsencourage States and industry to contribute to the work of the CSTF to ensure aircraft can interoperate with air navigation service providers (ANSPs) around the globe.