industry unlocked
Barbara Dalibard, CEO, SITA
being hacked all at once to bring such
an event to life. However, an attacker
with deep knowledge of aviation systems
could intentionally cause serious issues
with the aeroplane’s intended operations.
Due to the complexity of aircraft systems,
through the years, the size of the software
www.intelligentciso.com
|
Issue 08
It is encouraging
to see that both
airlines and airports
are investing in
biometric technology
to deliver a secure,
paperless way to
identify passengers
across multiple
steps of the journey.
supporting those systems has grown
exponentially. There are millions of lines
of code involved in avionics systems. If
not regularly tested for vulnerabilities,
severe security threats can arise. That’s
easier said than done when considering
that the complexity of these systems can
lower the testability of software, thus
leaving behind many vulnerabilities that
could potentially be exploited.
Over the life cycle of an aircraft, it will
go through multiple phases of overhaul
and updates. The associated software
must also undergo appropriate changes.
Unless this job is carried out with
extreme caution, there is a great deal of
potential for security bugs to creep into
the software.
Let’s take a few minutes to consider
the attack surface. Modern avionics
software development often uses
commercial off-the-shelf (COTS)
components to some extent. An attacker
could, in theory, tunnel through such
components to enter the heart of the
system. This is a key consideration in the
45