Even aviation industry executives who have attended APEX Technology Committee conferences for years found this month’s session on inflight connectivity and cyber security in Newport Beach, California to be a bit intense at times. Hoping to garner a (mostly) acronym-free understanding of the situation at hand, RGN sat down for a quick cyber security primer with the “Satcom Guru” himself, Peter Lemme. A long-time industry consultant, Lemme chairs the AEEC subcommittee that builds standards for Ku- and Ka-band satcom systems on board aircraft.
RGN: OK, realistically, what do people have to worry about these days when they fly?
Well, I think when we talk about cyber security there are two fundamental issues. One is control of the airplane and the other is commands issued to the airplane and whether they are going to respond to it. In the case of control to the airplane, flight control systems are hardened; they are purposefully isolated from all other communications networks onboard the aircraft [and] they are tested to a very high degree, so, by virtue of their design they are somewhat impervious to attack. There is no direct way to get into it.
On the other side, communications to the airplane such as ACARS – if you manipulate those communications you can create commands to the airplane, to the pilot for example, that would be misleading or incorrect.
RGN: What about cabin connectivity? Does inflight wifi really make the cabin less safe?
I think the issue here is – is there a way to use the connectivity provided by the wifi system for some nefarious activity? The inflight entertainment system is vulnerable because you’re connected into it, in theory. So, it’s possible that hackers could get into the IFE system [and perhaps manipulate messages on the screen, or the lighting system] but their ability to take control of required systems beyond the IFE itself would be pretty much inconceivable.
Mostly the things that we see happening on wifi are people putting up a man-in-the-middle access point and running all of the traffic that’s in the airplane through their own device and stealing all of the passwords. Of course, that happens anywhere that there’s a public wifi, so, you have to take with a grain of salt that you are really connecting to the infrastructure of the facility [and not] connecting to that guy three seats over who’s pretending to be, you know, LAX wifi.
I think we’re on a path that we have to deal with. Inevitably we’re going to have problems if we don’t step up, and the good news is the flight control systems are good today. I really don’t worry about those. The communication systems, there’s things we can do better and we’re dealing with that and that’s some of the work that I’m doing in the industry with Project Paper 848, trying to address some of the weaknesses in the communications themselves.
RGN: Can you please tell us about Project Paper 848?
Project Paper 848 is a draft specification that establishes a framework of IPsec VPN tunnels to extend between the airplane and each enterprise and application on the ground. PP848 end-end security spans the untrusted networks, such as the Internet. PP848 defines a means to segregate traffic between ARINC 664 Ethernet domains such as aircraft control, aircraft information, and passenger information and entertainment. Finally, PP848 establishes a quality of service methodology between end systems and internetworks, such as a broadband radio.
RGN: Do you have any other aviation security-related concerns?
There are two other aspects to inflight security that I think are worthy of discussion. One is the presence of the Electronic Flight Bag (EFB) which has brought into the flight deck a kind of a potpourri, a one-size-fits-all platform that can do many, many things and flight crews are becoming more entrenched and dependent on it. Connectivity is a part of it and this is an avenue for potential disruptions. We’ve already had at least one airline [American] have an issue for part of the day because their EFBs didn’t have the right data installed in it.
So, that’s an aspect and then the other aspect and I think the part that’s the most frightening … is software data loading. Right now we are required to have a human being on the airplane make these changes. We would like to be able to do these changes remotely, but we don’t want to create the opportunity for someone to introduce malicious software in that process. So, that’s an area that needs addressing because, for security in particular, when an exploit comes into being and it gets known, all of the airplanes become vulnerable at once.
And in today’s sort of legacy processes/”sneakernet” where you have to go out and touch the airplanes, it can take months to do that and we might need to touch all of the airplanes tonight. So, we have to have a way to do remote management of airplanes and we’ve got to come up with methods to overcome the concerns about the introduction of improper software being put on the plane within the same vein.
RGN: That sounds like a tall order.
[Laughs] Well, I’m not solving all those problems today.
See the video below for Lemme’s full APEX Technology Committee conference presentation.