///////////////////////////////////////////
INDUSTRY WATCH
Let’s take a few minutes to consider the
attack surface. Modern avionics software
development often uses commercial off-the-
shelf (COTS) components to some extent.
An attacker could, in theory, tunnel through
such components to enter the heart of the
system. This is a key consideration in the
realm of security. The utilisation of COTS
technologies has also brought about more
software exposure within the public domain.
The aviation industry is an excellent example
of how the concept of security through
obscurity is becoming increasingly outdated.
Nitha Rachel Suresh, Cyber Security
Consultant at Synopsys
how to address them to move proactively
towards a more secure future: The aviation
industry isn’t any more immune to critical
cybersecurity risks than any other industry.
That’s rather unsettling when you consider
what the implications of a malicious attack
on an aeroplane full of people could mean.
Sure, it may sound far-fetched to imagine
an aeroplane’s highly complex systems
being hacked all at once to bring such
an event to life. However, an attacker
with deep knowledge of aviation systems
could intentionally cause serious issues
with the aeroplane’s intended operations.
Due to the complexity of aircraft systems,
through the years, the size of the software
supporting those systems has grown
exponentially. There are millions of lines
of code involved in avionics systems. If not
regularly tested for vulnerabilities, severe
security threats can arise. That’s easier
said than done when considering that the
complexity of these systems can lower the
testability of software; thus, leaving behind
many vulnerabilities that could potentially
be exploited.
Over the lifecycle of an aircraft, it will go
through multiple phases of overhaul and
updates. The associated software must also
undergo appropriate changes. Unless this
job is carried out with extreme caution, there
is a great deal of potential for security bugs
to creep into the software.
90
INTELLIGENTCIO
Avionics software has traditionally relied
heavily on the secrecy of its development
process. COTS has ensured that this is no
longer the case. As such, software vendors
must plug loopholes as they would with any
other open architecture.
We must also consider the array of hardware
and software components implemented from
various sources. Conducting the appropriate
level of vetting of each for security threats is
a massive undertaking. Currently, third-party
vulnerability assessments are not a common
practice with regards to aviation security. To
ensure secure development, this gap must
be filled. Additionally, major development
standards don’t have detailed cybersecurity
policies – as of now, at least. The ASISP 2015
initiative by the FAA, however, is a move in the
right direction.
The immediate need for change
In the 2008 crash of Spanair flight 5022,
it was discovered that a central computer
system used to monitor technical problems
in the aircraft was infected with malware.
An internal report issued by the airline
revealed the infected computer failed
to detect three technical problems with
the aircraft, which if detected, may have
prevented the plane from taking off.
The malware was found to be trojan horse. In
2010, the FAA published a notice indicating
that some computer systems on the Boeing
747-8 and 747-8F may be vulnerable to
outside attacks due to the nature of their
connectivity. In 2016, Reuben Santamarta
demonstrated that attacks such as bypassing
the credit card check and SQL injection
can be conducted on an in-flight
entertainment system. These are only
three examples illustrating what could
happen when software vulnerabilities go
unresolved. So how do we fix the problem?
The way forward
To overcome the widespread challenges,
the industry must understand and
proactively work to defend the attack
surface. There should be a common
repository of threats to both hardware
and software detected by the developers
and/or assessors. This needs to be
maintained by regulatory agencies like
the FAA and should also be available
across different development platforms.
Development teams should be able to
compile all known threats to build a threat
model. Within this threat model, there
should be information about threats
that exclusively affect the product or
piece of software at hand. A security
risk assessment model should be built to
effectively prevent, identify, detect, respond
and recover from the security challenges
that the aviation industry is facing.
Each failure is a lesson to be learned.
It is of great importance not to waste
those lessons by forgetting them.
Threats and attacks should be logged
and made available to all avionics
security personnel. A-ISAC is one
such organisation which can provide
intelligence on aviation security threats.
In the best-case scenario, security
considerations should be built into
the earliest phases of design, even
before requirements analysis. Software
architecture teams should consider
the potential threats faced during the
software life cycle. This will help in
providing reliable and robust software.
It is becoming ever-more critical to have
a well-established cybersecurity policy
accepted by all leading manufacturers in
place along with the accepted avionics
standards. The observance of such policy
should be mandatory for all civil aircrafts. n
www.intelligentcio.com