4. • Cyber security is an issue because many civil aviation
organizations rely on electronic systems for critical
parts of their operations, including safety-critical
functions. The protection of electronic systems from
malicious electronic attack (unlawful interference) and
the means of dealing with the consequences of such
attacks is encompassed by the term cyber security. It
comprises managerial, operational and technical
activities, and relates to the electronic systems
themselves and to the information held and processed
by such systems. Cyber security is also often referred
to as information security, and while the two terms are
not synonymous they are similar enough that the
differences can be ignored in this context.
5. Currently cyber security is a relatively minor issue in civil aviation,
but this is changing. Although the adoption of new technology is
an ongoing activity in civil aviation, the current pace and extent of
new information technologies is notably increasing the risk from
cyber attacks. This is due to a number of factors:
• There is an increased reliance on a small number of technologies,
such as Linux, Windows, IPv6 protocols and Ethernet (AFDX), and
these technologies are widely used in the IT industry
• As a result there is widespread understanding of these
technologies, and of their weaknesses and vulnerabilities
• Systems are becoming more interconnected and security lapses in
one system are likely to affect others
•There is greater impact from systems failures due to increased
reliance on them.
6. • Over and above these factors, there is the potential for
unforeseen systematic problems due to weaknesses in
oversight. This is mainly due to a lack of coherence
between the many groups working on cyber security, and
a lack of expertise and understanding amongst those
who might provide the coherence. Some knowledge of
these problems exists within the industry, but knowledge
of the big picture is more limited.
7. • ICAO estimates that US$120 billion will be
spent on the transformation of air transportation
systems in the next ten to fifteen years. This
transformation will bring significant benefits
for safety, efficiency and the environment. Stakeholders,
including service providers, regulators, airspace users
and manufacturers, will face increased levels of
interaction as new, modernized ATM operations are
implemented. Security issues related to the
transformation of the aviation system are coming into
view, issues that will require closer collaboration among
experts in safety and security disciplines. As the agenda
for AN-Conf/12 states, security matters should be
considered in the system changes that lie ahead.
8. Technologies Involved
NextGen – Next Generation Air Transportation
System
The Next Generation Air Transportation System (NextGen) is the
name given to a new National Airspace System due for
implementation across the United States in stages between 2012 and
2025.
The Next Generation Air Transportation System (NextGen) proposes
to transform America’s air traffic control system from an aging
ground-based system to a satellite-based system.
GPS technology will be used to shorten routes, save time and fuel,
reduce traffic delays, increase capacity, and permit controllers to
9. Elements within NextGen
Automatic dependent surveillance-broadcast(ADS-B).
ADS-B will use Global Positioning System (GPS)
satellite signals to provide air traffic controllers and
pilots with much more accurate information that will
help to keep aircraft safely separated in the sky and
on runways. Aircraft transponders receive GPS signals
and use them to determine the aircraft's precise
position in the sky. These and other data are then
broadcast to other aircraft and air traffic control.
Once fully established, both pilots and air traffic
controllers will, for the first time, see the same real-
time display of air traffic, substantially improving
safety.
10. • Next Generation Data Communications
Current communications between aircrew and
air traffic control, and between air traffic
controllers, are largely realised through voice
communications. Initially, the introduction of
data communications will provide an additional
means of two-way communication for air traffic
control clearances, instructions, advisories,
flight crew requests and reports. With the
majority of aircraft data link equipped, the
exchange of routine controller-pilot messages
and clearances via data link will enable
controllers to handle more traffic. This will
improve air traffic controller productivity,
enhancing capacity and safety.
11. • Next Generation Network Enabled Weather
(NNEW)
Seventy percent of NAS delays are attributed to
weather every year. The goal of NNEW is to cut
weather-related delays at least in half. Tens of
thousands of global weather observations and
sensor reports from ground-, airborne- and space-
based sources will fuse into a single national
weather information system, updated in real time.
NNEW will provide a common weather picture
across the national airspace system, and enable
better air transportation decision making.
12. • System Wide Information Management
(SWIM).
SWIM will provide a single infrastructure and
information management system to deliver data
to many users and applications. By reducing the
number and types of interfaces and systems,
SWIM will reduce data redundancy and better
facilitate multi-user information sharing. SWIM
will also enable new modes of decision making
as information is more easily accessed.
13. • NAS voice switch (NVS).
There are currently seventeen different voice
switching systems in the NAS, some in use for
more than twenty years. NVS will replace these
systems with a single air/ground and
ground/ground voice communications system.
18. Incidents and Vulnerabilities
In late 2009, Newark Liberty International
airport experienced sporadic outages of
the GPS Ground Based Augmentation
System (GBAS), used for precision
approach landing, were observed for
several weeks. Though not a directed
cyber security attack, this event shows
the potential impact that could occur in a
jamming scenario. The ground station,
located approximately 300 feet away from
the New Jersey Turnpike experienced
signal interference every day about the
same time. After an investigation, the
FAA discovered the cause of the outage:
a passing truck driver on the turnpike
using a widely available $33 personal
GPS jammer to avoid being tracked by
the employer.
19. An extract from the media in July
2012: “At a recent conference Dr.
Andrei Costin gave an unnerving
demonstration of weaknesses in
the air traffic control systems
coming into use. He showed that
with just $2 000 worth of store-
bought electronics an ADS-B
beacon could be ‘spoofed’ to
show that a non-existent aircraft
was coming in to land. This
‘Ghost Plane’ presentation was
possible because air traffic control
systems have no way of verifying
where messages are coming
from”
20.
21. Since ADS-B is supposed to support mission-critical
automatic and human decisions, and have direct impact on
the overall air-traffic safety, it is imperative that technology
behind ADS-B meets operational, performance and security
requirements.
However, the main problem with ADS-B is the lack
security mechanisms, specifically:
• lack of entity authentication to protect against message
injection from unauthorized entities.
• lack of message signatures or authentication codes to
protect against tampering of messages or impersonating
aircrafts.
• lack of message encryption to protect against eavesdropping.
• lack of challenge-response mechanisms to protect
against replay attacks.
• lack of ephemeral identifiers to protect against privacy
tracking attacks.
We did not include Denial of service (DoS), e.g., by
jamming radio signals, because it affects RF-based communication
in general, and is not specific to ADS-B.
22. Threats ADS-B
Jamming, denial of service
Eavesdropping
Spoofing, impersonation
Message injection/replay
Message manipulation
23. There have been incidents
involving crashes or tail strikes
when flight crew have made
errors in calculating take-off
performance parameters using
electronic flight bags (EFBs).
These were the result of human
error, but there is the potential
for the EFB programming to be
corrupted maliciously (hacked),
particularly when these devices
are connected to external
networks to receive updates.
24. Conclusion & Recommendation
recognize the risks in the current situation and the
potential for future problems
create a Cyber Security Task Force (CSTF) to evaluate
the extent of the problem and draw up a global cyber
security architecture, which includes contributions
from industry
25. Cont..
encourage states to provide the Aeronautical
Communications Panel (ACP) with the resources to
complete its work in developing a robust, secure
aeronautical telecommunication network (ATN)
using IPV6 as a foundational part of the next
generation air traffic management systems
encourage States and industry to contribute to the
work of the CSTF to ensure aircraft can interoperate
with air navigation service providers (ANSPs) around
the globe.