[Guest Column by Oussama Salah, President Gulf Aeronautics USA]
As technology advances, the obvious spinoff is increased efficiency and productivity of the aircraft, the airlines and the air traffic system (ATS). The venue is e-Enabled aircraft that automatically connect and interact in real-time with airlines and service providers’ ground based stations and ATS. New generation e-Enabled aircraft (A380, A350, B787, CSeries and others including a few business jets) have their systems linked to ground stations in real-time, and data uploads and downloads drive these operational efficiencies.
e-Enabled aircraft have unique networking, computing, security, certification and physical operating requirements that renders integration a daunting challenge. These systems and domains are:
- Flight Deck {Electronic Flight Bag (EFB))
- Avionics Data {Satcom, ACARS and avionics}
- Open Networking {Avionics interfaces, Servers, Terminal Wireless, Network appliances and Core Network}
- Maintenance {Software Loading and Maintenance Access}
- Cabin and Airline Services {FOQA Data, FA terminals and crew wireless}
- Passenger {IFE, wi-fi and Cell phones}
e-Enabled aircraft derive efficiency by integrating and connecting in real-time the following functions:
- EFB
- Integrated Materials Management
- Airline Flight Operations
- Maintenance Performance
- Airplane Health Management
Add to this the evolving automation in Air Traffic Management (ATM) through Automatic Dependent Surveillance (ADS-B and ADS-C) systems, Future Air Navigation System (FANS), Controller Pilot Data Link Communication (CPDLC) and NextGEN.
All the above requires Internet and wireless connections between the various ground centers and the aircraft:
- OEMs
- Airlines Centers
- Maintenance Providers
- Airports and their various ancillary functions
The threat of someone hacking into a ground network and interfering with downloading or uploading data to and from an aircraft, and eventually the aircraft systems is possible, if this someone is willing to take the risk. This represents an emerging risk of acts of unlawful interference with civil aviation affecting safety and security.
The risk is real enough that several countries in their National Civil Aviation Safety Programs (NCASP) and their security regulations require airlines to secure their systems and aircraft against cyber-security threats.
This emerging threat has no developed standards for risk assessment of ground based IT systems. This is not limited to aviation. The National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices for better security for IT systems that will, once developed, provide guidance to organizations on how to manage cyber-security risk in a similar manner to financial, safety and operational risks.
This has prompted ICAO, FAA, EASA, IATA, OEMs and other interested parties to start discussions regarding cyber-security threats to aviation. The US DOD finalized regulations on October 22 for its cyber-security threat sharing program with defense industrial base companies. But reporting of cyber-security incidents is not happening fast enough to provide a meaningful knowledge base.
