Knowledge, planning and vigilance, and training are the best defenses against threats across networks and systems.
By Don Van Dyke
ATP/Helo/CFII, F28, Bell 222.
Pro Pilot Canadian Technical Editor
Aviation relies on cyber-enabled technologies to improve safety, efficiency, capability, and aircraft range. Greater data collection and analysis yield more efficient flightpaths, reduced flight times, lower fuel consumption and emissions, and other benefits.
Data-driven insights also facilitate interactive inflight troubleshooting, early fault detection, predictive maintenance, and no-fault-found results, as well as a reduction in AOG events. Results are likely to include reduced labor and material maintenance costs.
As technology and innovation advance, benefits will evolve in almost unimaginable ways. Since data, planning, communications, and management are core aircraft operating assets, cybersecurity must meet the challenges of an ever-changing environment.
The World Economic Forum Global Risks Report 2019 ranks cyberattacks 5th among the 10 most likely global risks. The Atlantic Council recently reported on the state of aviation cybersecurity and how poorly the problem of its compromise is understood.
Pilots and cybersecurity
Flightcrews manage the airplane flightpath using a combination of automation and manual handling. Prolonged use of autoflight systems could lead to degradation of the pilot’s manual handling skills and erosion of troubleshooting abilities in the event of an abnormal operation.
Safety authorities agree that loss of control–inflight (LOC-I) is the most significant cause of fatal accidents in commercial aviation. Avionics systems used to operate in standalone configurations physically isolated from other systems and external networks, but flightdeck architectures moved to integrated system designs to reduce form factor, weight, and required power.
This has allowed incorporation of human/machine interfaces (HMIs) like touchscreens and voice control, and connection to technologies like head-up displays (HUDs) and combined vision systems (CVS). Software development uses open architecture to improve interoperability and portability while reducing dependence on suppliers committed to proprietary designs.
Greater connectivity requires additional measures to enforce isolation (where intended) and authorized data flows between different aircraft systems. Standards like ARINC 653 describe just such an open integrated modular avionics architecture, but safety certification issues are left undefined.
The new system architectures require new fault-handling philosophies for use by flightcrews. When faced with technical faults, pilots can usually predict aircraft behavior as well as their own course of action. Hardware malfunctions in aviation are normally resolved by procedurally applying corrective measures, often by isolating the offending subsystem manually.
Given ever greater interaction and control involving hardware and software, resolution of malfunctions may involve multiple interconnected systems, which requires greater pilot knowledge.
In such circumstances, cyberattacks expose pilots to great uncertainty and the possibility of making ill-informed decisions based on ambiguous cues. It is here that professional pilots must rely on a greater understanding of cybersecurity.
Roles and responsibilities
The pilot in command is responsible for, and has the final authority as to, the disposition of the aircraft, including as it relates to cyberattacks on the aircraft. Pilots must adhere to, and inspire, a culture of risk and vulnerability management, and data sharing in routine flightdeck operations, including cybersecurity.
Moreover, as the designed balance between machine autonomy and human-assisted operations evolves, it tends to progressively isolate the pilot from physical aircraft control.
Overcoming associated difficulties is essential to maintaining situational awareness. Pilots must remain in control and be able to land, even if all ATC and non-essential equipment has failed. They are the last line of defense in the event of a cyberattack attempting to compromise or control the aircraft.
Pilots must endeavor to preserve aircraft resilience against compromise. In aviation, trust is everything, and cybersecurity is no exception. Compliant avionics should meet requirements for confidentiality, integrity, and availability in safety-critical real-time operating systems. Ultimately, a path for confirmation must be made available to the pilots, and they must use it.
Connectivity, cyberthreats, and cyberattacks
Aircraft connected with ground-based data delivery services have 3 operating domains – closed, private, and public – functionally tailored for specific user groups.
These data delivery services are designed to collect, manage, and distribute information that keeps flightdeck and cabin crews, maintenance personnel, and passengers aware, informed, and entertained.
Interference with networks and systems can include infection of interfaces or unauthorized access, use, disclosure, denial, disruption, modification, or destruction of electronic information. Adversaries continue to threaten or exploit vulnerabilities in systems.
As systems become more connected, cybersecurity is made more open to risks. Cyberthreats attempt to coerce access to a computer network without authorization from the owners, generally for nefarious purposes. A cyberthreat is an action not yet taken that concentrates on the vulnerabilities of aircraft and the data delivery services with which they are connected.
The potential inability to withstand the harm identified by a cyberthreat is called vulnerability. Waiting for threats to surface often leads to being too late to interdict them. The need to proactively identify vulnerabilities intensifies with greater digitization and connectivity.
The goal is to maintain the likelihood of breached cybersecurity as low as reasonably practicable (1 in 109 events). A mounted cyberattack may use multiple paths (vectors) to exploit target vulnerabilities.
Professional pilots receive extensive training in fault-handling, but their developed expertise may not fully equip them to recognize cyberthreats and to manage the spectrum and breadth of cyberattacks possible.
Major aviation organizations have partnered to develop, communicate, and ensure understanding of cybersecurity, and to make related recommendations. Among many others, the following have been found particularly useful as high-level introductory materials for pilots:
• International Federated Air Line Pilots Association Position on Cyber Threats (2016) and Briefing Leaflet on Cyber Threats (2017).
• Air Line Pilots Association’s White Paper Aircraft Cybersecurity: The Pilot’s Perspective (2017).
• IATA Position on Aviation Cyber Security (2019) and IATA Safety Report 2019 Edition 56 (2020).
The nature of cybersecurity is multi-faceted and multi-disciplinary, and has the capability to affect a wide range of areas simultaneously and to spread rapidly.
The US National Institute of Standards and Technology (NIST)’s Cyber Security Framework for Improving Critical Infrastructures gives guidance to “identify, protect, detect, respond and recover” from cyberthreats in order “to provide a high-level strategic view of the life cycle of an organization’s management of cybersecurity risk.”
Aviation stakeholders list the NIST Framework as vital for cybersecurity. It refers specifically to the closely allied ISO 27001:2013 Information Security Management (formally known as ISO/IEC 27001:2005), a framework of policies and procedures that includes all legal, physical, and technical controls involved in organizational information for risk management processes.
In late 2019, ICAO published its Aviation Cybersecurity Strategy, recognizing that the human element is at the core of cybersecurity. ICAO’s framework is built on 7 pillars, and seeks global harmonization of state efforts to ensure cybersecurity regarding international cooperation; governance; effective legislation and regulations; cybersecurity policy; information sharing; incident management and emergency planning; and capacity building, training, and cybersecurity culture.
ICAO stresses that curricula relevant to cybersecurity, and aviation-specific cybersecurity at all levels should be included in the national educational framework as well as in relevant international training programs.
All personnel who interact with aircraft, equipment, and infrastructure involving data handling (including flightcrew, cabin attendants, and maintenance staff) should receive cybersecurity training. Such equipment includes, but is not limited to, FMS, FANS, ACARS, CPDLC, and EFBs.
Training should include high-level and appropriately detailed reviews of aircraft, ATM and data service provider domains; cybersecurity risk domains; and national and international defense frameworks.
And anecdotal training examples should focus on cyberthreats, vulnerabilities, and cyberattacks; precautions to prevent cyberattacks or minimize their consequences; what a cyberattack might look like to an operating crew member; possible actions that may be taken in the event of a suspected cyberattack on their aircraft or any other part of aviation infrastructure, including appropriate contingency procedures; mandatory reporting of suspicious computer-related occurrences; and crew awareness that sensitive data might be gleaned from social networking sites.
Pilots need training that elevates their collective awareness of potential threats and of how an aircraft can be compromised, with everyday examples like how an aircraft may receive malware by charging a mobile phone from the EFB USB port.
Training may use classroom simulation games or surprise events in the simulator. All functionalities to monitor cybersecurity and mitigate breaches should be located on the flightdeck, and training is critically important to ensure that these are applied effectively.
Although only a fraction of possible cyberattack scenarios can be trained, the underlying evaluation, decision-making, and mitigation skills should be comprehensive. That is, pilots should be trained to handle unexpected and unusual events and cues.
ICAO’s 2019 Aviation Cybersecurity Strategy recommends and encourages exercises as useful tools to test existing cyber resilience and identify improvements. Such exercises can follow different formats (table-top, simulations, or real-time exercises) and also vary in scale (organizational, national, international).
Such approaches facilitate the development of decision-making skills for unforeseen events while incurring minimal cost. A recent analysis of the role played by alerting systems in aviation accidents found that pilots often failed to detect or even understand incoming visual or auditory alerts.
This cannot be trivialized, especially when noting that, after over a century of flying, pilots are still misled by stall warning systems alerts. Poorly designed alarms can greatly stress or distract pilots, failing to alert – especially during critical flight phases.
A well-designed cybersecurity warning would identify the affected system(s), possibly with an indicated level of confidence. The warning system might also suggest different options for handling the impending threat, including a brief rationale for each option.
While providing valuable support, such warning systems could not substitute for competent pilot decision-making nor awareness training.
New technologies are catalysts for change, offering extraordinary new capabilities. Distributed technology, artificial intelligence, extended reality, and quantum computing will be the next set of new technologies to spark a step change, allowing entire industries to reimagine themselves.
IATA notes that aviation cybersecurity is a key priority for air transport and the broader industry, particularly given increased digitization and the connectivity helping to transform approaches to customer experiences, aviation operations, delivery by service providers, and regulatory oversight, among others. Aviation is particularly unprepared for lapses in cybersecurity.
In a 2020 report, one OEM reported that “there’s been painfully little research done regarding cyber vulnerabilities on aircraft.” Flightcrew, senior management, technical staff, and system designers all need to discount the illusion that their systems and services could manage or, at least, survive a cyberattack because nothing happened in the past. Even if safety is not impaired, the risk of serious business or financial consequences remains.
As good as mechanisms for collecting data may be, and as far as agreed standards may take us, there is a measurable gap between aviation’s desire to employ data for decision-making and its trust in those data.
Pilots are a fundamental and particularly important resource when developing strategies and resilience plans to mitigate inflight cybersecurity events. The professional pilot remains the last line of defense.
Don Van Dyke is professor of advanced aerospace topics at Chicoutimi College of Aviation – CQFA Montréal. He is an 18,000-hour TT pilot and instructor with extensive airline, business and charter experience on both airplanes and helicopters. A former IATA ops director, he has served on several ICAO panels. He is a Fellow of the Royal Aeronautical Society and is a flight operations expert on technical projects under UN administration.