1. Home
  2. CONNECTIVITY
  3. Connected aircraft and cybersecurity

Connected aircraft and cybersecurity

0

Aviation meets business needs in a complex operating environment with sophisticated technology, innovation, and cybersecurity measures.


By Don Van Dyke
ATP/Helo/CFII, F28, Bell 222.
Pro Pilot Canadian Technical Editor

Systems and infrastructure supporting connected aircraft can be terrestrially- or satellite-based. Major satellite operators include Inmarsat, Iridium, and Viasat. Achieving inflight Internet is a complicated feat, subject to limitations in technology, equipage, and cost, which in turn depend on an aircraft’s distance to ground-based connection towers and geostationary satellites.
Trends emerging from the continued impact of the global pandemic have shown that business aviation is changing.

Reliable and consistent inflight connectivity is an increasingly essential work enabler offering a competitive advantage to owner/operators, OEMs, and maintainers. Connectivity investment per aircraft will rise significantly in the near term.

What is a connected aircraft?

Aviation today depends largely on aeronautical-specific communications, navigation, and surveillance (CNS) networks which share information and data (voice, digital) with qualified users.

In the digital transformation of aviation, a connected aircraft will be a link point (node) within airborne networks, sharing data with other aircraft, ground-based operations control centers, and air traffic management (ATM).

It will also use advanced technologies to access reliable, robust inflight Internet services which augment situational awareness, improve information sharing, and make an expanded range of services available to passengers and crew.

An NBAA survey from 2017 concluded that the majority of cabin-connected aircraft (93%) were in the mid- to large-cabin range (Bombardier, Dassault, Gulfstream), comprising fleets of 1 to 3 aircraft (58%) operating under Part 91 (95%), and usually operating flights of more than 2 hours (65%).

The use of commercial broadband services permits many more connections to be established between aircraft, networks, and service providers beyond the classic aeronautical sphere. The opportunity to use technology in this way expands dramatically the amounts and character of data to be shared, as well as the rates of information exchange.

FAA’s vision for connected aviation technologies would, for example, permit aircraft to exchange information with a variety of entities responsible for coordinating unmanned aircraft systems (UAS) or commercial space operations without needing to dialogue with ATM.

Direct communication with NOAA would allow access to and evaluation of real-time weather information beyond the range and limitations of conventional radar.

While there is no single unified aeronautical CNS roadmap agreed worldwide, connected aircraft share information in 3 domains – aircraft (control, navigation, and systems health monitoring), cabin (IFE, office-level functionality), and operations (overarching flight movement management, mx).

Basic concepts

The digital world in which connected aircraft operate never stops evolving, relying more than ever on cyber-enabled technologies (involving computers, computer networks, or virtual reality) to improve flight safety, efficiency, capability, and product range.

Network operators and connectivity solutions include Collins Aerospace with its ARINC GLOBALink/ACARS, Gogo Business Aviation with air-to-ground (ATG) cell towers, Honeywell Aerospace with Forge datalink for ARINC and SITA networks, Inmarsat with inflight Wi-Fi and JetConneX, Iridium with Certus maintenance services, Satcom Direct with SD Pro dashboard for synchronized planning data, Smart Sky with ATG cell towers, and Viasat offering high-capacity, high-speed Wi-Fi.

Operations domain. Greater data sharing and analysis yields wide-ranging benefits, such as more efficient flightpaths, reduced flight times, and lower fuel consumption and emissions.

Service providers for the operations domain include Collins Aerospace with ARINC ground ops, Honeywell Aerospace with Forge datalink for ARINC and SITA networks, Satcom Direct acting as source of data for flight operations, SmartSky with Skytelligence aeronautical, security, aircraft and flight following data management software, and Viasat offering direct cloud connectivity.

Aircraft domain. With ever greater miniaturization, technologies previously available only on airliners now appear on connected business aircraft either as new designs or as upgrades.

Examples include Collins (GLOBALink/ACARS, ARINC Voice, Pro Line Fusion), and Honeywell (channel to Inmarsat Jet ConneX).

Predictive maintenance is the next frontier of connected technologies, a clear beneficiary of sharing aircraft health monitoring data. Connected maintenance analyzes aircraft data to identify trends and set maintenance alerts and proximity warnings for failures and faults. Major MRO service providers in the area of connected aircraft include Honeywell with Forge, and Collins Aerospace with FOMAX.

Cabin domain. Inflight entertainment (IFE) was originally limited to what could be carried on board, like movies and games, but evolving customer demand has shown that business aircraft cabin facilities must go far beyond merely keeping passengers aware, informed, and entertained.

An Inmarsat study concluded that cabin connectivity is largely used for e-mail, web browsing, tunneling (VPN access), social media, streaming, and large file transfers. Today’s cabins, however, offer to bring the office/home experience to the air through wireless streaming by downloading IFE content to bring-your-own-devices (BYODs) such as tablets, laptops, and smartphones.

IFE plus connectivity (IFEC) seeks to enrich and personalize the inflight experience by entertaining, connecting, informing, and inspiring passengers. Dominant cabin domain service providers include Gogo Business with its AVANCE L3, Honeywell with JetWave, and Inmarsat with SwiftBroadband.

Airspace must accommodate an increasingly diverse array of vehicles ranging from manned and unmanned aircraft to manned and unmanned spacecraft. Continuing and improving safety and operational effectiveness are critically dependent on situational awareness, navigational accuracy, and communications among all users.

Cybersecurity

The evolution of digital infrastructure and connectivity has benefited aviation communications and administration, but has also increased cybervulnerability. Interference with networks and systems can include infection of interfaces or unauthorized access, use, disclosure, denial, disruption, modification, or destruction of electronic information.

Breaches are often multifaceted and multidisciplinary, capable of simultaneously affecting wide-ranging activities and spreading rapidly.

For example, controller-pilot data link communication (CPDLC) enhances ATM surveillance and intervention capability to reduce mid-air collision risk while decreasing voice traffic on radio frequencies.

However, the October 2020 US GAO Report on Aviation Cybersecurity, available at gao.gov/assets/gao-21-86.pdf, notes that these communications are unauthenticated and/or unencrypted, leaving them open to compromise.

Since shared data, planning, communications, and management are core aircraft operating assets, cybersecurity must meet the challenges of an ever-changing landscape of threats, attacks, breaches, actors, targets, and vectors.

Selected significant threats and defenses were discussed in a previous article (Pro Pilot, May 2020, p 38). Vulnerabilities in aviation are increasingly fast-moving and unpredictable. Adversaries continue to probe for security gaps in systems to exploit for financial, reputational, and mass disruption gains.

As systems become more connected, cybersecurity is more open to risks. Increased risk of breaches in aviation is widely acknowledged. However, scarce resources, tight budgets, and absent skills remain key barriers to advancing cybersecurity.

Flightcrews, senior management, technical staff, and system designers need to discount the illusion that their systems and services could manage – or at least survive – a cyberattack because nothing happened in the past.

Even if safety is not impaired, the risk of serious business or financial consequences remains. ICAO has a leadership role in coordinating international efforts to ensure the safety, security, and continuity of civil aviation in a world increasingly jeopardized by cybersecurity threats.

All personnel who interact with aircraft, equipment and infrastructure involving data handling should receive relevant cybersecurity training. The ICAO Aviation Cybersecurity Strategy from Oct 2019 is available for download from icao.int/cybersecurity/Pages/Cybersecurity-Action-Plan.aspx.

IATA’s strategy is to inspire a cybersecurity culture founded on transparency and trust (as is flight safety), shared information and strong relationships among industry players, and involvement of aviation personnel trained to recognize and manage cybersecurity risks.

Its Aviation Cyber Security Guidance Material (Feb 2021) and other related resources are available at iata.org/en/programs/security/cyber-security. Useful NBAA materials on cybersecurity are available at nbaa.org/aircraft-operations/security.

Major providers of hardware and software solutions and systems for connected aviation cybersecurity include Collins with Cybersecurity Operations Center (CSOC), Honeywell with Forge for business aviation, Raytheon Technologies in the supply chain, and Thales defining standards.

The need for training

Why do pilots need an understanding of cybersecurity? Flight deck architectures moved from federated to integrated (unified) system designs that reduce form factor, weight, and required power.

Moreover, as connected aircraft operate as network nodes, security breaches are less conspicuous than in previous years. Professional pilots receive extensive training in fault handling, but their developed expertise may not fully equip them to recognize cyberthreats and to manage the spectrum and breadth of cyberattacks possible.

In such circumstances, cyberattacks expose pilots to great uncertainty and the possibility of making ill-informed decisions based on ambiguous cues. It is here where professional pilots must rely on a greater understanding of cybersecurity.

At the IATA 2020 Legal Symposium in New York, attorneys and risk assessment experts raised a fundamental issue that many operators overlook: What is a company’s liability if an attack occurs? Although a conclusion was not reached, a small set of high-impact cyberdefenses was identified that, when implemented, make it harder for a threat to compromise a hacked network.

Tools like multifactor authentication, encryption, endpoint detection and response, logging, and operating in a zero-trust environment will be introduced in the near term.

Conclusion

High-bandwidth satellites enable new opportunities to display real-time weather updates for routing decisions, to collect detailed data necessary to reduce aircraft separation, and to use GPS-based approaches to improve operating efficiencies safely.

In addition, these systems will track aircraft in remote airspace outside of radar coverage continuously, while monitoring the inflight health of critical systems to provide operations centers with better trend monitoring and maintenance scheduling of aircraft fleets.

Connectivity will support future smart and proactive cabin domain personalization, including, for example, use of passenger information to proactively arrange for disruption-free transportation for last-minute shopping, and even dinner arrangements – all before deplaning at destination.

As the Internet of Things (IoT) era unfolds, the greatest IFEC growth will be in the form of wireless video on demand to portable electronic device (VOD-to-PED) market. Other segments may offer higher bandwidth for large data-transfers, videoconferencing, and other business-oriented uses.

Roughly 100–200 aircraft are diverted annually due to inflight medical events. In the future, connected aircraft may allow flightcrews and ground medical professionals to collaborate in diagnosing and dealing with medical emergencies.

Cockpit connectivity is a crucial component in developing a satellite-based communication system for ATM. The European Space Agency’s (ESA) Iris Program aims to enable 4D trajectory-based operations in the future by determining an aircraft’s flightpath before takeoff, using a prescribed path determined not just by lateral and vertical components, but also by time.

If waypoints can be achieved within a 4-second window and other aircraft in the vicinity are capable of similar performance, more aircraft can be put into the same available airspace safely and confidently. In other words, statutory separation between aircraft can be reduced to permit more flying in smaller airspace. Flow management can be optimized, leading to fewer delays.

Climbs and descents can also be managed more smoothly, resulting in fuel savings. Governments will likely mandate hardening of defenses in the industrial base, including aviation, in light of recent high-profile cyberattacks (SolarWinds, Colonial Pipeline, Air India).

This may make cyber intelligence sharing and threat identification mandatory across aviation. In all this, professional pilots are a fundamental and particularly important resource when developing strategies and plans to maximize the utility and cybersecurity of connected aircraft. Aviation’s growth will benefit from their insights.


Don Van Dyke is professor of advanced aerospace topics at Chicoutimi College of Aviation – CQFA Montréal. He is an 18,000-hour TT pilot and instructor with extensive airline, business and charter experience on both airplanes and helicopters. A former IATA ops director, he has served on several ICAO panels. He is a Fellow of the Royal Aeronautical Society and is a flight operations expert on technical projects under UN administration.

 

subscription