Cyber Threat Analysis for the Aviation Industry

February 26, 2015 by

Dan Virgillito

Cyber attacks on the aviation industry are becoming a sensitive issue. Considering that cyberspace provides a low-cost haven for carrying out a broad range of disruptive activities, it is reasonable to conclude that hackers will consider the aviation sector as one of their targets. Also, because of lower risk, cyber terrorism is replacing the bomber and hijacker and becoming the weapon of choice when it comes to attacks against the aviation industry.

Hosting one of the most integrated and complex information and communications technology (ICT) systems, and with increasing inter-connectivity, the aviation industry faces threats on multiple fronts from adversaries working in anonymity.

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

Start Learning

Cyber threat actors conduct attacks focused on theft of personal data, malicious intent, financial gain, hacktivist national and political motivations, and physical damage. Therefore, adopting a risk-informed cybersecurity roadmap derived via threat analysis to strengthen the aviation industry's resilience against cyber threats is of utmost importance.

Threat analysis

Owing to onboard and offboard computer systems, navigation systems and prevalent use of data networks, cyber attacks and data breaches are perceived to be growing threats for the aviation sector. The following are some of the leading threats faced by the industry:

Phishing attacks: Phishing attacks have already been successful against victims employed in the aviation industry. Last year, CIS (Center for Internet Security) reported that 75 US airports were the targets of advanced persistent threats (when unauthorized groups or individuals gain access to an organization's network). A public document listing email addresses of the targeted airports was listed as the root cause of the attack.

Jamming attacks: This is when an attacker injects a ghost flight into the air traffic control system to alter the projection and mapping of airplanes, or delete their position from the radar screen. The attack can have dire consequences as the hackers compromise the accuracy of data provided to the aircraft management, such as speed, location and direction of nearby airports and other planes.

Remote hijacking: Security flaws in communication technologies utilized in the aviation industry enables hackers to remotely attack/control in flight and on-board systems. A hacker has demonstrated how the flight management system (FMS) could be attacked, which can open a gateway for cyber criminals to attack other critical systems such as flight controls, engine and fuel systems, navigation receivers, surveillance systems, aircraft displays, and others.

DDoS and botnet attacks: Distributed-denial-of-service attacks have grown in popularity to carry out a range of malware injection activities. Within such attacks, hackers utilize botnets of compromised networks to flood air traffic control and other critical systems with traffic, which results in a crash of the platform. Attackers may also ask for a ransom amount from the authorities to prevent disruption of flight management and control systems.

WiFi-based attacks: IOActive's consultant discovered vulnerabilities in the onboard system that could allow hackers to use the onboard WiFi signal or inflight entertainment system to hack into the plane's avionics equipment, and disrupt or modify satellite communications. It is also believed that after the hack, the plane could be landed successfully via a remote control. A framework of code injected by cyber terrorists can get into the plane's system and override security implementations.

Ensuring secured aviation systems and staying ahead of these threats requires the aviation industry to collaborate with manufacturers, governments, airlines and airports. It is also important for the sector to establish a cyber security culture and develop mitigation/prevention strategies after threat analysis. A proper security framework should include the following objectives:

• Understand the risk and nature of the threats
• Conduct research and development
• Communicate the risk and ensure situational awareness
• Take necessary measures to strengthen the defense system and design mitigation strategies
• Ensure the industry and government are working together to keep threats at bay

Post-threat analysis measures

The industry must learn from successful collaborative examples of industry/government to design aviation cybersecurity solutions. An example is the CAST (Commercial Aviation Safety Team) that created a risk management model to reduce cyber risk as well as initiated new safety and government initiatives.

Additionally, the aviation sector can reduce the risk of cyber threats being successful through the following implementations:

1. Share data with the government

It is important for the industry and government to share data to address sensitive aviation cyber risks. The current means for industry stakeholders and the government to address such issues is the CIPAC (Critical Infrastructure Partnership Advisory Council). And as cyber threats may cause ramifications at an international level, mechanisms must be in place to exchange data so that both the government and the aviation industry works together to mitigate damage when attacked.

Both these industries can also consider integration of threat intelligence feeds that notify when control systems are attacked and point out the location of threat actors. This data can be used to curb the damage and prevent risks in the future by making appropriate security implementations.

2. Implement cyber education policy

To prevent threats such as phishing scams, organizations in the industry should implement a cyber education policy for everyone attached to the organization. Employees should be educated about detecting malicious emails and to avoid opening any links that look suspicious. The policy can also include social networking best practices as employees may upload credentials to social networks that may give hackers clues to their official email accounts.

Two-factor authentication should be implemented where possible to prevent access to official accounts even if credentials are breached. As an SMS code needs to be entered as a second step to gain access to an account, hackers without physical access to employee/management smartphone won't be able to use the account to gain more information. The aviation industry heavily depends upon cloud services, which usually provide the option of two-factor authentication.

3. Use NED and IFE systems

Another important measure the aircraft industry should take is to start using NED (network extension device) solutions. These solutions enable data transfers between IP-based equipment (such as IFE systems) and avionics systems. The NED solution will enforce network security through firewalls, as well as manage high-speed datalinks and communication systems to provide connectivity between ground/satellite networks and an aircraft.

And although IFE systems are generally difficult to use to conduct cyber attacks, the companies in the aviation industry should ensure that the vendor of the IFE system has integrated a degree of built-in security in the solution, which would add another layer of security apart from the security provided by the NED or aircraft working equipment.

4. Secure vulnerable bottlenecks

Which parts of the control network can become a weak link or a bottle neck in a cyber attack? Is it the wireless system? Or a network load balancer? The aviation industry needs to secure all vulnerable bottlenecks with the latest security implementations available. For example, if a network is discovered as vulnerable, aircrafts can use VPNs (virtual private networks) to separate several networks in an aircraft. VPNs are generally considered as somewhat safe from cyber threats.

While it is not feasible for aviation cyber security authorities to check every single bottleneck, they should be able to provide guidance regarding common vulnerabilities and how cyber issues should be mitigated if an attack takes place. Such guidance must evolve to encompass theoretical cyber issues as well so that the aviation industry can prevent cyber-attack led damage more swiftly.

5. Establish a common cybersecurity standard

With the aviation industry now hosting one of the most complex control and ICT systems around the globe, it needs to develop a common cybersecurity standard that should be followed by every organization associated to the industry. Applying common practices or standards can help provide mitigation against cyber threats.

For instance, applying encryption standards to communication would reduce the risk of man-in-the-middle attacks and other cyber threats in control and aviation systems. The full implications of the increased ICT dependency and connectivity need to be understood to ensure establishment of common cybersecurity standards in light of evolving cyber risks.

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

Start Learning

Lastly, international aviation organizations should act in harmony to formalize a common front against the cyber criminals, hacktivists, hackers and terrorist groups to stop malicious attacks that are aimed at general disruption and theft of information to potential loss of life. Cyber signatories should proactively share critical information such as risk assessments and risk assessments within and outside the industry to promote a robust cybersecurity culture for the benefit of all actors in the sector.