Archive For The “Cyber” Category
Please start here. This is huge news. Readers know that we have a significant interest in this subject. We have been concerned with the issue of cyber security as it potentially can impact the air travel process. Air travel is increasingly IT driven. We have seen what IT disruptions at American Airlines and United Airlines brought about last year. Whether these events were cyber related or not.
Any step by the industry to move on securing their systems is to be cheered. The threat no longer has to actually enter the aircraft physically if it can enter digitally.
Clearly even as the industry develops standards, it is important to understand what happens next. First once these standards are published, they become vulnerable. Second, cyber security requires ongoing, continuous improvements. Given the dependence on IT (and this will never decline), CFOs have to simply get used to CIOs always needing more resources. It’s just going to be like that. Big Data is a reality and is one of the juiciest targets.
Protecting the GPS signals as the WSJ story describes is obviously a great and good thing.
But there is another possibly even juicer target. Before we explain this, remember how hackers were able to break into the US Federal Reserve? There have been continuous attempts to hack banks. Last February hackers stole $81m from Bangladesh’s account with the Federal Reserve Bank of New York.
The world’s airlines have a club called The International Airline Transport Association (IATA). This organization performs all sorts of industry tasks. One of the most fundamental is that of clearing house. If you were impressed by the Bangladesh hack at $81m (and nobody has been caught), try this for size: IATA’s clearing house handled $54.3billion in billing transactions in 2015. Hacking IATA’s clearing house would be on any hacker’s Top Ten list.
Coming back to the industry’s heightened cyber security profile. Protecting GPS signals are an excellent start. But there are many other items the industry needs to protect. We hope the committee established becomes a permanent fixture because it has a lot of work to accomplish. Most importantly, we hope the industry can stay ahead of the threats.
Our fourth annual EFB survey report will be available from Monday January 18. The 34 page report (PDF) includes six sections (Airline Operations, Connectivity, Business Case Drivers, Future Planning, Cyber Security, Tablet EFBs) with 46 charts and a foreword by IATA. The survey has input from 80 airlines, making it one of the broadest sources on this subject.
If you are interested in getting your electronic copy on Monday please email us.
We are also offering clients access to the survey data (without airline identifications). The data set is from surveys undertaken in 2012, 2013, 2014 and 2015. The data is in Excel format and enables unlimited analyses. If you are interested in this option, please use the email link above to contact us. Delivery is available now.
You would think this activity would get even more attention than it does. It is ongoing, 24/7. The image below shows a full blast attack from China on Roseville as this is being written. (more…)
If your firm is somewhere in the aerospace supply chain, a computer hack is coming. It looks like there a pattern is forming. First, a group of Chinese hackers stole a huge trove of US data from the US Office of Personnel Management. That was followed by United Airlines and health insurer Anthem being hacked. The United hack has a special value. Not enough? How about this – Chinese hackers just hacked Sabre, the largest GDS system and a key supplier to American Airlines.
As pointed out in the link to The Washington Post article, this massive trove of data can be (is being) aggregated. The new owners of the data can pinpoint specific people of interest and then, using insight from the assembled data, develop a highly targeted campaign to exert influence on these people. We are, understandably, being deliberately vague here. China, of course, denies anything to do with these hacks. So who these China-based hackers are is unclear. We cannot be sure why this data is being stolen. Are the hackers state actors? It’s not easy to tell, it seems. Both the Americans and Chinese are officially being opaque.
If indeed the pattern is acquiring data to develop a reasonably accurate digital picture of people – what kind of usefulness would such a profile have? Since the data has not, as yet, been made available for sale on the deep web, apparently, the value of the extensive data mining remains unclear. However, being one of the people whose data was stolen has to be singularly unpleasant, especially when considering what might be aggregated and utilized to potentially create an alternate identity or be set up as a target to compromise.
Concern within the US is now starting to match concern outside the US by foreign states about US-sourced data breaches. The US Government, as revealed by Edward Snowden, is not innocent in this regard, and retaliation is to be expected. But private parties may not be as “hardened” against cyber-threats as government agencies. Regardless of who is doing the breaching, it is crucial for firms (especially in the aerospace related supply chain; link 1, link 2) to immediately increase IT budgets and deploy state of the art cyber-security.
Stealing data is only a first step. Once computer systems are compromised, hackers can do a lot more harm than merely copy files. Commercial aviation rests on one bedrock belief – safety is priority #1. Given how dependent every organization has become on IT, a compromised IT system is going to negatively impact that priority. What could a Stuxnet-like virus do inside the aerospace supply chain?
Your company is going to face a hack attack if it touches the aerospace supply chain. It may have already been attacked, with “sleeping bots” (watch this zero days video) waiting to awaken, that you might not know about it. Cold wars are about disruption, whether economically or politically, and to create havoc whenever possible. Our increasing dependency on computers has created a new class of economic warfare based on disruption, and causing additional problems wherever possible. In a capitalist society, the largest targets, apart from government, are the corporations we depend on, and particularly the transportation infrastructure.
From airlines and ATC to e-Enabled aircraft, electronic flight bags, MRO facilities and even the industry supply chain, enemies will probe until they find the weakest link, which they will then exploit. You cannot afford to be the weakest link.
Our society depends on cyber security; the issue is at the very heart of our daily lives. How will we react when threats lead to interference with aircraft, airports or ATC? How can we be prepared to thwart such an eventuality?
The London Center and AirInsight have organized a conference bringing together leaders from the global aerospace industry, government and the intelligence community. This 1½ day conference will focus on what can be done to eliminate cyber-threats to commercial air transportation.
We have drawn key figures from government, the intelligence community, and industry to focus on these issues. Our currently scheduled speakers include:
- Congressman Joe Wilson* (SC-2), Chairman of the Emerging Threats Subcommittee
- Congressman Trent Franks (AZ-8)
- Pascal Andrei, Chief Product Security Officer at Airbus
- John Craig, Chief Engineer, Cabin & Network Systems Boeing
- Deneen DeFiore, IT Risk and Security Leader at GE Aircraft Engines
- Larry Volz, Chief Information Officer at Pratt & Whitney
- Nancy Leveson, Professor of Aeronautics and Astronautics at MIT
- John Bay, Executive Director at the Cyber Research Institute
- USAF Major General (ret.) Bob Newman
- Tom Finan*, Senior Cybersecurity Strategist, Department of Homeland Security
- Pete O’Brien, Senior Fellow, London Center
- Susan Smith*, Litigator, Segal McCambridge
- Christopher Cwalina, Co-Chair, Privacy and Data Security, Holland & Knight
- Marc Schein, Risk Advisor, Chernoff Diamond
- Faye Francey, Executive Director, A-ISAC
- Idita Israeli-Sabag, Information Security Manager, El Al
- Eike Blomsma, Pilot, Lufthansa
- Hank Putek, Pilot, American Airlines
The London Center and AirInsight will lead the discussion to identify and implement countermeasures and risk mitigation strategies that industry and government can jointly adopt.
We believe there is a need to develop a comprehensive security strategy that will fully address the cyber domain. An integrated strategy through which governments and industry can jointly address threats and prevent a potential problem from becoming a crisis is needed.
Join us on Capitol Hill on October 27-28, 2015 for this “closed-door” conference with senior intelligence, national security and congressional members as well as senior level industry leaders. Seating is limited to 65 participants, on a first come, first served basis.
For additional details and registration information, please email us.
Recently we’ve seen a number of instances in which software problems have emerged on commercial aircraft, most recently, a glitch that could shut down a Boeing 787 in flight, rendering the electrical system that controls the aircraft useless. We’ve also heard that a member of the hacking community, who runs a computer security service, may have caused a United Airlines aircraft to change direction after taking control of the aircraft via the wi-fi system on board.
Couple this with prior glitches with both A380s and 787 that have been told to us by industry insiders, who are afraid to go public to protect their jobs, and it appears the industry has a new problem to address — keeping aircraft systems safe from hackers, viruses and other threats. So far, we’ve seen some gaps that don’t add to our confidence that the industry is doing all it could, either in initial design and development by the airframe manufacturers to the implementation of operational security procedures by airlines.
A recent Amtrak accident near Philadelphia brought up the issue of Positive Train Control, in which dispatchers could remotely correct for a problem such as speeding around a curve at twice the posted speed limit. Revelations regarding the Boeing Uninterruptible Autopilot, the existence of which was addressed briefly in a lawsuit, are scant, with no details about who can take control of the aircraft and under what circumstances. But if software like that could be hacked, look out. Software appears to be the Achilles’ heel in aircraft development programs, introducing new types of risks that require mitigation.
Why Have Aircraft Programs Been so Late
Most new aircraft programs are late, with an average gestation period of 6 years, up from what was a consistent 48 months from announcement to delivery in the old days – almost like clockwork. The mechanics of flight haven’t changed, nor the basics for constructing an aircraft. They still need wings, engines, cockpits and basic flight controls. What has changed, however, is the development of software that now controls virtually every element of fight through computers, rather than mechanical devices.
“Fly-by-wire” systems, employed on all current Airbus aircraft and new aircraft from other manufacturers like the Boeing 787, Bombardier C Series, and Embraer E2s are essentially the glue that hold the aircraft flight systems together, and routinely run into several million lines of code. Just double checking the code, not to mentioning testing under virtually every possible scenario that could be experienced, is problematic from a time and manpower standpoint.
Outsourced development also doesn’t help. I was speaking with a technical expert reviewing software for a major avionics firm who indicated that comment codes explaining what was going on in a programming module were in Russian or Hindi, and needed to be translated during their review of the software for testing. Sometimes outsourcing can be counter-productive in terms of what it actually costs, particularly when something goes wrong or logic needs to be reviewed.
The risks from a software mistake can be as high as those from a mechanical failure. A recent un-commanded descent of a Lufthansa Airbus A321 is an example of software not being up to the task. In this incident, an angle of attack sensor failed on the A321 in flight, resulting in a warning that the nose angle was too high. Airbus “alpha protection” software, which cannot be overridden by the pilot, decided that a descent was necessary, and pushed the nose of the aircraft downward in a 4,000 foot per minute dive – more significant than the 1,000 feet per minute in a normal descent. In this event, the good news is that the well-trained Lufthansa pilots were able to re-gain control of the aircraft, and return it to straight and level flight. But the bad news is that the computer, for all of its complex protection software, failed to perform a basic cross-check that a human would instinctively do to determine whether a sensor reading was false or something real was occurring.
An increase in angle of attack would result in an increase in altitude with a corresponding decrease in airspeed at the same throttle setting, as it would be the same as a pilot pulling back on the stick. To maintain altitude, throttle levels would need to be increased. A simple cross check of altitude, airspeed and throttle with angle of attack would have indicated that the sensor must have gone haywire if the throttle, altitude and airspeed remained constant. But the software apparently isn’t that sophisticated, allowing a failed sensor to put an aircraft at risk through mandatory software overrides of controls.
Airbus and Boeing differ philosophically regarding computers making judgments for pilots. In an Airbus, the “alpha protection” system is designed to prevent crashes due to aerodynamic stalls and is always “on”. In a Boeing, the pilot can override the computers and manually use the “stick and rudder” to fly the airplane. The first aircraft with fly-by-wire, the A320, was designed to be easier to fly by including protections against inexperienced pilots, as the computer would prevent certain actions that could become problematic.
Airbus quickly found out how difficult this could be, when during a demonstration of their prototype at the Basel-Mulhouse air show in 1985, it crashed while attempting a low speed pass of the runway, killing three people. Apparently, the software believed the airplane was in landing configuration, and overrode the pilots commands to fly low over the runway. The computer commanded a cut of the throttles, and the aircraft crashed in the woods as there was nothing the pilot could do to override the computer. Airbus defended its design.
But despite a different philosophy, Boeing is experiencing software quality control issues on its 787. Apparently if the electrical system is left on for 284 days, it can shut down. From a software perspective, it sounds to us as if a program is allocating a certain amount of memory, and perhaps not releasing it after finishing its computations. As a result, once memory is filled by not being properly released back for use, the system can crash, as it can no longer find enough space in which to function. We’ve seen these types of “leaky memory” issues often in Microsoft products, and suspect a similar event may be occurring with the Dreamliner.
Over-Reliance on Software can also Backfire
Asiana Airlines flight 214 to San Francisco crashed, killing 3 people, on a beautiful day with the sun shining and great visibility in 2013. The reason for this crash, according to the NTSB, was a lack of crew experience manually flying the aircraft. Apparently Asiana, and several other airlines, mandate the use of the autopilot for virtually the entire flight, including a coupled approach to the instrument landing system to automatically land the aircraft. But on that fateful day, the airport ILS was off for maintenance (and unnecessary on a clear day) requiring a manual landing by the pilots. But lacking experience in actually flying the aircraft, and too much deference to a captain by the other crew members (a cultural problem with Asian carriers), the pilots, with no autopilot to bail them out, landed short of the runway.
What Needs to be Done
Creating strong, robust, hack-proof and easily checked software isn’t impossible. But it does require the right tools.
First, they should be built in an easy to program language that automates the computer science elements, and allows engineers who know the design of the aircraft, to specify the operational parameters and logic for the areas they design. They know best how the aircraft should perform, and also the secondary logic to test unusual circumstances, including those situations when a sensor may fail and data no longer make sense.
Second, that software needs to be secure, and “hack proof.” It should be an old fashioned compiled language, without programmers having access to the source code. By eliminating “go to” commands and restricting programmers to a limited instruction set that contains the required building blocks for software applications, there can be no “back doors” inserted into a program for later access or sabotage. These are critical elements for security.
Third, should be machine independent. Computers and technologies change rapidly over time. Try finding parts to replace a 386 computer today – unless you are working on an airplane; in which case technologies become certified and can seem to become frozen in time. Why not have a language that segregates the API layer that links the program to the specific operating system and computing technology from the program logic itself? Then the maker of the software language could adapt the language to each new technology, and make existing programs truly machine independent. Imagine being able to replace hardware without having to reprogram all of the software. It is possible.
Fourth, the software needs to be highly productive. There are many repetitive tasks in programming, and smart programmers often have subroutines to accomplish them, or copy previously developed lines of code which accomplish the same function. The basics – including developing displays, colors, font sizes, graphics, and messaging, are fundamentals that are repetitive, and easy to incorporate as parameters. Standardizing the basics, and enabling highly productive development, would significantly decrease the time for software development and enable new aircraft programs to reduce software-based delays.
Fifth, the software should be adaptable to any language. With only a small set of pre-engineered commands, highly productive software could be language independent. By simply translating the command names, software development could be easily reviewed and debugged, whether created in Hindi, Russian, Chinese or English. If structured properly, the set of commands could be translated into any language easily and be a truly universal programming language.
Sixth, the software should be easy to use. By having the software accomplish the complicated API layer, all users will need to do are identify the data, develop the logic, and design the output. Those functions are relatively easy to accomplish with the right tool kit. With a simplified instruction set, it will be possible to renew much of our technology infrastructure, and to do so cost-effectively, with designers and end-users able to create software themselves.
While this seems quite a wish list, it is not impossible. We are aware of a technology consortium that already has these capabilities in place, and will be introducing those capabilities to interested parties in the aviation community. Our consulting arm can provide an appropriate introduction. Productive and secure systems, that can be rapidly developed on-time and at low cost are not impossible. The future looks much brighter, as new technologies are on the way.