Cyber Security in NextGen Air Transportation System

Dr Vippan Raj Duttvrdutt@yahoo.com

+91-9810297809

Presentation Flow Introduction Shortcomings of Existing Systems NextGen Air Transportation System NextGen Security Challenges

ATC Information Systems Aircraft Avionics Systems

Cyber Security Framework for Aviation Cyber Security Audit of NextGen

Air Transport Industry - Four Partners Airlines

Ticketing systems Credit card

information On-board Wi-Fi Websites ERP

Airports Business systems Airport operation

systems Facilities systems Terminal and off-site

concessions FAA / DGCA

• Air Traffic control Aircraft

Manufacturers Avionics Communication

systems

ICT Environment for Aviation

Cyber Threats ON 7 AUGUST 2015, it was disclosed that the databases of American

Airlines (AA) and Sabre Corp., one of the largest clearing houses for travel reservations, were hacked.

On June 21, 2015, LOT Polish Airlines had its flight operations system hacked, resulting in disruption or cancellation of 22 flights. (DDoS attack)

In April, 2015, American security researcher Chris Roberts claims to have accessed flight-critical controls through the in-flight entertainment system

U.S. airport computer and communications systems were among the targets announced by the Tunisian Hackers Team in April 2014.

Miami International Airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattacks.

Istanbul’s Atatürk International Airport had password control systems shut down by what is believed to have been a malware attack resulting in departure delays and extended waiting time for passengers.

Aviation Continuum of Risk

The Sky is Falling ! Next time you are about to board a flight, please consider this On any given day

More than 85,000 flights are in the skies in the United States Only 1/3 of those are Commercial Carriers 2/3 are general aviation, private planes

5000 : Average number of aircraft in the skies at any given moment of peak travel time

15,000 : Average number of air traffic controllers required in airport traffic control facilities to guide pilots

Controllers provide Air Navigation Services to aircraft in ALL domestic airspace and to 24.6 million square miles of international oceanic airspace

The flight you’re about to board is 1 of 1,000s of blinking green dots on a radar screen display for busy Air Traffic Controllers, who rely on pilot communication and slips of paper printed from computer terminals to safely coordinate your flight.

1950s : The decade the current Air Traffic Control system was implemented

A Day in the Life of Air Traffic in USA

Shortcomings of the existing ATC system System handles over 85,000 flights a day on average… all

with the best technology the 1950s had to offer. Technologically, it is outdated and limited in its capabilities. It relies on ground-based radar for surveillance and

navigation, and voice communications to relay instructions between controllers and pilots.

ATC system is slow and cumbersome. These limitations force operational procedures such as separation standards and indirect point-to-point routings that are inefficient because they appropriately put safety first. As civil aviation has grown and become more complex the ATC system has become strained and, in some geographic areas, overwhelmed.

What is NextGen Air Transportation System

NextGen Addresses Critical Needs Capacity. NextGen will enable more precise spacing of aircraft and

flight paths, which will allow FAA to handle safely and efficiently the traffic growth that it forecasts.

Efficiency and Productivity. NextGen will enable more efficient flying by taking full advantage of available and emerging technology.

NextGen will enable: optimized, direct routings between airports; reduced aircraft spacing; continuous descent arrivals, precise arrival and departure routings, and closely spaced approaches on parallel runways in instrument flight rule conditions.

Environmental Benefits, Operational Integrity and Customer Satisfaction, Safety, Scalability

The downside of NextGen technology is the magnitude of air service disruption should the system fail. For example, a computer glitch at an air traffic centre in Virginia caused more than 440 flights to be cancelled along the East Coast of the United States in August 2015. While not a cyberattack, this incident showed the vulnerability of NextGen technology in civil aviation.

Components of NextGen Program

Potential NextGen Vulnerabilities NextGen rely on satellite-based aircraft navigation and tracking and digital voice

and data communications between controllers and pilots, tied together using an integrated information management network called SWIM. This high degree of interconnectivity and access by both FAA employees and airspace users is expected to increase the capacity of the air traffic control system and improve safety, but it raises significant cybersecurity concerns.

The backbone of NextGen is a technology called Automated Dependent Surveillance-Broadcast, or ADS-B, which is slated to replace radar as the primary means of tracking and monitoring aircraft. ADS-B is inherently vulnerable to hacking, jamming, signal flooding, and spoofing because of its open architecture and unencrypted signals.

Government Accountability Office (GAO) cautioned that FAA's current approach to cybersecurity does not adequately address the interdependencies between aircraft and air traffic systems, and consequently may hinder efforts to develop a comprehensive and coordinated strategy. GAO recommended that FAA develop a comprehensive cybersecurity threat

model, better clarify cybersecurity roles and responsibilities, improve management security controls and contractor oversight, and fully incorporate National Institute of Standards and Technology (NIST) information security guidance throughout the system life cycle.

NextGen Cybersecurity Challenges Protecting air-traffic control (ATC) information systems

July 2012: ADS-B hack: a security researcher demonstrated how easily an air traffic control tower could be manipulated.

Ruben Santamarta – 2014Backdoors and remote control of SatCom Military & Civil Aviation radios http://bit.ly/SatComHack (Paper)

Protecting aircraft avionics used to operate and guide aircraft Chris Roberts – 2015

Manipulation of Flight Controls via under-seat entertainment unit http://bit.ly/EICASHack (Reuters)

Hugo Teso – 2013Remote manipulation of Flight Management System through ACARS http://bit.ly/FMSHack (Forbes)

ATC Information Systems

Cybersecurity Challenges to Protect ATC Information Systems• ATC-related information systems are currently a mixture

of old, legacy systems and new, IP-networked systems.• New information systems for NextGen programs are

designed to interoperate with other systems and use IP networking to communicate

• New Networking Technologies Expose ATC Systems to New Cybersecurity Risks

• If one system connected to an IP network is compromised, damage can potentially spread to other systems on the network, continually expanding the parts of the system at risk.

• FAA Is Designing and Deploying an Enterprise Approach Intended to Strengthen the Cybersecurity of Its Information Systems

Aircraft Avionics Systems

Cyber Security Risks to Aircraft Avionics IP networking may allow an attacker to gain remote access to

avionics systems and compromise them If the cabin systems connect to the cockpit avionics systems

(e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin

The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems

The second source of the problem can come from the internet, since the aircrafts use IP protocols like anyone, meaning that can make the aircraft vulnerable for instance for a hacker to be able to install malware

FAA yet to develop new regulations to certify cybersecurity assurance for avionics systems

Cybersecurity framework for Aviation Establish common cyber standards for aviation systems Establish a cybersecurity culture Understand the threat Understand the risk Communicate the threats and assure situational

awareness Provide incident response Strengthen the defensive system Define design principles Define operational principles Conduct necessary research and development Ensure that government and industry work together

FAA’s Acquisition Life Cycle

Aviation Continuum of Risk Mitigation

Cyber Security Audit of NextGen Performance Audit conducted by GAO from Sept 2013 to March 2015 Two key NextGen components, SBSS and Data Comm audited While FAA has integrated six activities into the AMS lifecycle, audit

revealed instances in which some of these activities were not completed properly or were completed in an untimely manner

SBSS was deployed in 2008 with weaknesses in the program’s intrusion detection system, a shortcoming that was still unresolved as of early 2015.

Of 26 SBSS Problem Tickets that were completed during 2014, 25 were at least 6 months late, and 12 of these were more than 1 year late.

As Data Comm is still under development, its security requirements and selected controls continue to evolve. As of October 2014, Data Comm had included approximately 60 percent of the more than 250 controls listed in the third version of the NIST 800-53 guidelines

Delays in adopting the latest standards extend the amount of time that system security requirements may not adequately mitigate system exposure to the newest threats

Security Activity’s Progress

Cyber Security Standards used by Aviation ISO/IEC 27000 to 27006— Information security management systems NIST Special Publication 800-53 — Recommended Security Controls for

Federal Information Systems and Organizations DO-236 Security Assurance and Assessment Processes for Safety-related

Aircraft Systems ICAO Annex 17- Security ICAO Document 9985- Air Traffic Management Security Manual NIST SP800-30 — Risk Management Guide for Information Technology

Systems NIST SP800-53 — Information Security NIST SP800-82 — Guide to Industrial Control Systems (ICS) Security RTCA DO160 – Environmental Conditions and Test Procedures for Airborne

Equipment RTCA DO178 – Software Considerations in Airborne Systems and Equipment

Certification RTCA DO-254 – Design Assurance Guidance for Airborne Electronic

Hardware RTCA DO-233 – Portable Electronic Devices Carried on Board Aircraft

Glossary ACARS : Aircraft Communications Addressing

and Reporting System ADS-B : Automatic Dependent Surveillance--‐

Broadcast ATC : Air Traffic Control FAA : Federal Aviation Administration NIST : National Institute of Standards and

Technology

Any Queries

Thank You