Federal Aviation Administration (FAA) is responsible for overseeing the US National Airspace System, which comprises ATC systems, procedures, facilities, and aircraft, and the people who operate them. FAA is implementing Next Generation Air Transportation System (NextGen) to move the current radar-based air-traffic control (ATC) system to one that is based on satellite navigation and automation. It is essential that FAA ensures effective information-security controls are incorporated in the design of NextGen programs to protect them from threats. This talk discusses the threats FAA faces and the cyber security controls adopted by FAA in implementation of these NextGen Air Transportation System.
1. Cyber Security in NextGen
Air Transportation System
Dr Vippan Raj Dutt
vrdutt@yahoo.com
+91-9810297809
2. Presentation Flow
Introduction
Shortcomings of Existing Systems
NextGen Air Transportation System
NextGen Security Challenges
ATC Information Systems
Aircraft Avionics Systems
Cyber Security Framework for Aviation
Cyber Security Audit of NextGen
3. Air Transport Industry - Four Partners
Airlines
Ticketing systems
Credit card
information
On-board Wi-Fi
Websites
ERP
Airports
Business systems
Airport operation
systems
Facilities systems
Terminal and off-site
concessions
FAA / DGCA
• Air Traffic control
Aircraft
Manufacturers
Avionics
Communication
systems
5. Cyber Threats
ON 7 AUGUST 2015, it was disclosed that the databases of American
Airlines (AA) and Sabre Corp., one of the largest clearing houses for
travel reservations, were hacked.
On June 21, 2015, LOT Polish Airlines had its flight operations system
hacked, resulting in disruption or cancellation of 22 flights. (DDoS
attack)
In April, 2015, American security researcher Chris Roberts claims to
have accessed flight-critical controls through the in-flight entertainment
system
U.S. airport computer and communications systems were among the
targets announced by the Tunisian Hackers Team in April 2014.
Miami International Airport (MIA) has experienced almost 20,000 hack
attempts per day before investing in training, education, and new
hardware to protect itself from cyberattacks.
Istanbul’s Atatürk International Airport had password control systems
shut down by what is believed to have been a malware attack resulting
in departure delays and extended waiting time for passengers.
7. The Sky is Falling !
Next time you are about to board a flight, please consider this
On any given day
More than 85,000 flights are in the skies in the United States
Only 1/3 of those are Commercial Carriers
2/3 are general aviation, private planes
5000 : Average number of aircraft in the skies at any given moment of
peak travel time
15,000 : Average number of air traffic controllers required in airport traffic
control facilities to guide pilots
Controllers provide Air Navigation Services to aircraft in ALL domestic
airspace and to 24.6 million square miles of international oceanic airspace
The flight you’re about to board is 1 of 1,000s of blinking green dots on a
radar screen display for busy Air Traffic Controllers, who rely on pilot
communication and slips of paper printed from computer terminals to
safely coordinate your flight.
1950s : The decade the current Air Traffic Control system was
implemented
9. Shortcomings of the existing ATC system
System handles over 85,000 flights a day on average… all
with the best technology the 1950s had to offer.
Technologically, it is outdated and limited in its capabilities.
It relies on ground-based radar for surveillance and
navigation, and voice communications to relay instructions
between controllers and pilots.
ATC system is slow and cumbersome.
These limitations force operational procedures such as
separation standards and indirect point-to-point routings that
are inefficient because they appropriately put safety first.
As civil aviation has grown and become more complex the
ATC system has become strained and, in some geographic
areas, overwhelmed.
11. NextGen Addresses Critical Needs
Capacity. NextGen will enable more precise spacing of aircraft and
flight paths, which will allow FAA to handle safely and efficiently the
traffic growth that it forecasts.
Efficiency and Productivity. NextGen will enable more efficient
flying by taking full advantage of available and emerging technology.
NextGen will enable: optimized, direct routings between airports;
reduced aircraft spacing; continuous descent arrivals, precise arrival
and departure routings, and closely spaced approaches on parallel
runways in instrument flight rule conditions.
Environmental Benefits, Operational Integrity and Customer
Satisfaction, Safety, Scalability
The downside of NextGen technology is the magnitude of air service
disruption should the system fail. For example, a computer glitch at
an air traffic centre in Virginia caused more than 440 flights to be
cancelled along the East Coast of the United States in August 2015.
While not a cyberattack, this incident showed the vulnerability of
NextGen technology in civil aviation.
13. Potential NextGen Vulnerabilities
NextGen rely on satellite-based aircraft navigation and tracking and digital voice
and data communications between controllers and pilots, tied together using an
integrated information management network called SWIM. This high degree of
interconnectivity and access by both FAA employees and airspace users is
expected to increase the capacity of the air traffic control system and improve
safety, but it raises significant cybersecurity concerns.
The backbone of NextGen is a technology called Automated Dependent
Surveillance-Broadcast, or ADS-B, which is slated to replace radar as the
primary means of tracking and monitoring aircraft. ADS-B is inherently
vulnerable to hacking, jamming, signal flooding, and spoofing because of its
open architecture and unencrypted signals.
Government Accountability Office (GAO) cautioned that FAA's current approach
to cybersecurity does not adequately address the interdependencies between
aircraft and air traffic systems, and consequently may hinder efforts to develop a
comprehensive and coordinated strategy.
GAO recommended that FAA develop a comprehensive cybersecurity threat
model, better clarify cybersecurity roles and responsibilities, improve
management security controls and contractor oversight, and fully incorporate
National Institute of Standards and Technology (NIST) information security
guidance throughout the system life cycle.
14. NextGen Cybersecurity Challenges
Protecting air-traffic control (ATC) information systems
July 2012: ADS-B hack: a security researcher
demonstrated how easily an air traffic control tower could
be manipulated.
Ruben Santamarta – 2014
Backdoors and remote control of SatCom Military & Civil
Aviation radios http://bit.ly/SatComHack (Paper)
Protecting aircraft avionics used to operate and guide aircraft
Chris Roberts – 2015
Manipulation of Flight Controls via under-seat
entertainment unit http://bit.ly/EICASHack (Reuters)
Hugo Teso – 2013
Remote manipulation of Flight Management System
through ACARS http://bit.ly/FMSHack (Forbes)
16. Cybersecurity Challenges to Protect ATC
Information Systems
• ATC-related information systems are currently a mixture
of old, legacy systems and new, IP-networked systems.
• New information systems for NextGen programs are
designed to interoperate with other systems and use IP
networking to communicate
• New Networking Technologies Expose ATC Systems to
New Cybersecurity Risks
• If one system connected to an IP network is
compromised, damage can potentially spread to other
systems on the network, continually expanding the parts
of the system at risk.
• FAA Is Designing and Deploying an Enterprise Approach
Intended to Strengthen the Cybersecurity of Its
Information Systems
18. Cyber Security Risks to Aircraft Avionics
IP networking may allow an attacker to gain remote access to
avionics systems and compromise them
If the cabin systems connect to the cockpit avionics systems
(e.g., share the same physical wiring harness or router) and use
the same networking platform, in this case IP, a user could
subvert the firewall and access the cockpit avionics system from
the cabin
The presence of personal smartphones and tablets in the cockpit
increases the risk of a system’s being compromised by trusted
insiders, both malicious and non-malicious, if these devices have
the capability to transmit information to aircraft avionics systems
The second source of the problem can come from the internet, since
the aircrafts use IP protocols like anyone, meaning that can make
the aircraft vulnerable for instance for a hacker to be able to install
malware
FAA yet to develop new regulations to certify cybersecurity
assurance for avionics systems
19. Cybersecurity framework for Aviation
Establish common cyber standards for aviation systems
Establish a cybersecurity culture
Understand the threat
Understand the risk
Communicate the threats and assure situational
awareness
Provide incident response
Strengthen the defensive system
Define design principles
Define operational principles
Conduct necessary research and development
Ensure that government and industry work together
22. Cyber Security Audit of NextGen
Performance Audit conducted by GAO from Sept 2013 to March 2015
Two key NextGen components, SBSS and Data Comm audited
While FAA has integrated six activities into the AMS lifecycle, audit
revealed instances in which some of these activities were not
completed properly or were completed in an untimely manner
SBSS was deployed in 2008 with weaknesses in the program’s
intrusion detection system, a shortcoming that was still unresolved as of
early 2015.
Of 26 SBSS Problem Tickets that were completed during 2014, 25 were
at least 6 months late, and 12 of these were more than 1 year late.
As Data Comm is still under development, its security requirements and
selected controls continue to evolve. As of October 2014, Data Comm
had included approximately 60 percent of the more than 250 controls
listed in the third version of the NIST 800-53 guidelines
Delays in adopting the latest standards extend the amount of time that
system security requirements may not adequately mitigate system
exposure to the newest threats
24. Cyber Security Standards used by Aviation
ISO/IEC 27000 to 27006— Information security management systems
NIST Special Publication 800-53 — Recommended Security Controls for
Federal Information Systems and Organizations
DO-236 Security Assurance and Assessment Processes for Safety-related
Aircraft Systems
ICAO Annex 17- Security
ICAO Document 9985- Air Traffic Management Security Manual
NIST SP800-30 — Risk Management Guide for Information Technology
Systems
NIST SP800-53 — Information Security
NIST SP800-82 — Guide to Industrial Control Systems (ICS) Security
RTCA DO160 – Environmental Conditions and Test Procedures for Airborne
Equipment
RTCA DO178 – Software Considerations in Airborne Systems and
Equipment Certification
RTCA DO-254 – Design Assurance Guidance for Airborne Electronic
Hardware
RTCA DO-233 – Portable Electronic Devices Carried on Board Aircraft
25. Glossary
ACARS : Aircraft Communications Addressing
and Reporting System
ADS-B : Automatic Dependent Surveillance--
‐Broadcast
ATC : Air Traffic Control
FAA : Federal Aviation Administration
NIST : National Institute of Standards and
Technology