In early October 2022, I participated in a panel discussion at the Aerospace IT Conference in Chicago. The panel topic was “Cybersecurity in the Connected Aircraft”. The lively discussion that ensued was highly insightful and informative to the panelists and the audience alike. This blog captures the essence of that discussion to help broaden the dissemination of this topic and increase cybersecurity awareness for aircraft systems design.
One of the main areas of interest for the panelists and the audience was the extent of cybersecurity concerns around the connected aircraft. On commercial aircrafts, significant focus is on improving passenger experience. The continuous availability of wi-fi, access to the broader internet, and even being able to make cellphone calls during flight are all desirable passenger “wants”. On the other hand, there is an effort to ensure that pilots and ground systems have more information from each aircraft with increased communication over IP networks in these systems. The combined effect of these advances leaves the possibility of several cybersecurity threats that affect confidentiality, integrity, and availability of these systems. One of my fellow panelists shared controlled experiments done to show remote hacking of aircraft systems. The consensus was that these security threats are real and will only increase in the wake of greater interconnectivity.
Our attention then turned to potential solutions to counter these security threats. It was pointed out that network security alone is not sufficient and we need platform security. How does one allow connectivity among multiple systems and simultaneously ensure isolation of those critical systems? Platform technologies like separation kernels may have the answer. It brings forth the key concepts of strict isolation, real-time responsiveness, and security policy enforcement, along with DO-178C certified artifacts for airworthiness certification. The LYNX MOSA.icTM for Avionics safety-certified platform for instance combines the best of breed separation kernel (LynxSecure), a real-time operating system (LynxOS-178) with a proven pedigree of logging millions of flight hours, along with a safety-certified modern IPv6 stack as a strong foundational base to design safety-critical systems that can address safety and security concerns. A key aspect of this type of platform is that it harnesses modern processor architecture advances in security and safety, like cache isolation or IOMMUs, to provide advanced mechanisms that can greatly assist in improving the security posture of mission critical systems.
The regulatory oversight of aircraft systems also seems to be catching up to the changing landscape where several systems within an aircraft are interconnected. Historically the standards coming from the FAA were focused on safety in airborne systems. The RTCA standards like DO-178C, which governs the safety certification of software, and DO-254 which governs the safety certification of hardware for airborne systems. However, more recently there are standards such as DO-356, “Airworthiness Security Methods and Considerations”, that outlines a formal security framework for defining security risks for systems, and producing evidence that shows that the aircraft, system or component has an acceptable level of security. A detailed review of the DO-356 standard is beyond the scope of this blog, but an architectural review by Lynx experts is highly recommended if you have security considerations to contend with.
As we concluded the panel discussion, it was noted that despite adherence to emerging standards like DO-356, the scope of that compliance is for one system at a time. However, given the emergent nature of security threats when one or more of these systems are interconnected, the work is far from done by certifying a single system. It is imperative that security is extended at the aircraft level, ground systems that connect to aircrafts and potentially aircraft-to-aircraft communication as well. As I reflect on that panel discussion and other insightful presentations at that conference, I am reminded that the issues of security and safety for airborne systems should be at the forefront of systems design for modern aircraft systems.