When Boeing was developing its 787 twinjet and 747-8 jumbo the US airframer had to demonstrate to the FAA that certain flight critical domains could not be tampered with by hackers. Special Conditions issued by the agency in 2008 and 2010 for the 787 and 747-8, respectively, noted that the airliners have novel or unusual design features associated with the architecture and connectivity capabilities of their computer systems and networks, “which may allow access to external computer systems and networks”. NDAs surround these and other aircraft with Special Conditions, which is why industry stakeholders are loathe to say definitely whether new design jets can be hacked via inflight entertainment and connectivity systems, even while hitting back at hacking claims concerning legacy aircraft.
But after a hacking attack of Polish airline LOT’s ground-based computer systems, and in the face of recent high-profile IFE hacking claims, the FAA has proposed guidelines for operators to create an Aircraft Network Security Program (ANSP) for all truly e-enabled aircraft to ensure appropriate defenses are in place to address the threat of intentional unauthorized electronic interaction to aircraft safety.
The Advisory Circular (AC), now in draft form and open for comments, “is essential due to technologies in modern aircraft that may be vulnerable to threats common to IT platforms”, says the FAA. Previously, aircraft designers used ARINC 429/629 or MIL-STD (Military Standard) data buses to interconnect flight-critical avionics. Transmission Control Protocol (TCP)/Internet Protocol (IP) were used only to support passenger information and entertainment systems. But new aircraft designs use TCP/IP technology “in a manner that virtually makes the aircraft an airborne interconnected network domain server”, notes the agency.
Developing a comprehensive ANSP for e-enabled aircraft, “ensures network security onboard the aircraft, the off-airport supporting infrastructure (corporate offices), and everything in between”, adds the agency.
The AC describes an acceptable means of obtaining operational approval for an aircraft certified with a Special Condition related to security of the onboard computer network. It doesn’t only apply to new types like the 787, as TCP/IP can be found in post-delivery modifications. And it has been released at a time when the FAA is already establishing an industry working group to provide guidance on how to enhance aircraft cyber security.
Addressing security vulnerabilities in ACARS, including on legacy aircraft, will surely be on the agenda for the working group. ACARS has long been a point of concern, as it’s quite conceivable to originate false ACARS messages that would be accepted as legitimate. Moreover, the industry is now looking at moving non-safety ACARS traffic over broadband connectivity pipes, and graduating more fully to ACARS-over-IP, which opens up further security considerations.
“When I receive an [ACARS] message it is based on trust on who sent me the message, but there is nothing in the message necessarily that is giving me that confidence to the level that we would be satisfied with,” notes industry expert Peter Lemme, who chairs the AEEC subcommittee that builds standards for broadband satcom systems. “Yes there are bits and pieces in there but not to the degree that would pass the security audit. So we have a lot of work to do to build up the infrastructure in an IP framework to make sure this is going to work but the wheels are moving and I think … it is going to happen because the economics are there.”
Comprised of technical experts, the FAA industry working group will be tasked with developing recommendations for the industry. But in the meantime, the FAA’s draft AC represents an important step in bolstering system security of e-enabled aircraft in the face of hacking threats.
[Photo credit: Boeing gallery]