Aviation Security

Prior to 9/11, aircraft hijackings became a primary threat in the aviation industry that left the world feeling vulnerable and demonstrated that terrorists can weaponize an aircraft to cause destruction. Two decades have passed since the tragic events of September 11, 2001, which changed the aviation industry to continuously revolutionize their layers of security and develop strategic measures that will mitigate along with proactively address potential risk. 

In recent times, the evolving threats and severity in aviation security has now developed into a new era of cybersecurity from emerging technologies and cyber-physical interdependency within the transportation's infrastructure. Needless to say, airlines have access to very sensitive information and operate a critical component of infrastructure (CnSight, 2021). A cyberattack could quickly result in serious fatalities and utter catastrophe; likewise, it can potentially destroy the trust in a single company in the aviation sector while cascading the dire effects on the entire industry.

The Government Accountability Office (GAO) reported in January 2015, that the Federal Aviation Administration (FAA) has taken steps to protect its Air Traffic Control (ATC) systems from cyber-based threats; however, significant security- control weaknesses still remains  to threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (GAO, 2015). The Next Generation Air Transportation System (NextGen) and the FAA faces cybersecurity challenges in at least three areas: 

  • Protecting ATC information systems 
  • Protecting aircraft avionics used to operate and guide aircraft, and
  • Clarifying cybersecurity roles and responsibilities among multiple FAA offices.


The new generation aircrafts such as the Boeing 787 Dreamliner operates on a single network that is used by both the pilots to fly the plane and the passengers using it for their WIFI. The 787 has an advance technology that uses the Common Core System (CCS), which is the backbone of the airplane’s computer systems, network systems and interfacing electronics. The CCS uses an integrated modular architecture that does these functions: 
  • Host processing and power control
  • Systems communication via fiber optic Ethernet
  • Data bus input/output 

A virus or malware planted in websites visited by passengers could provide an opportunity for malicious attacker to access the IP-connected onboard information and cause malfunctions to the CCS. Investigations have concluded that it is theoretically possible for a person to: 

  • Hijack the navigation system 
  • Bypass the Network firewall 
  • Gain access to the airplane’s network, and
  • Commandeer the plane through the in-plane network 



The Transportation Security Administration (TSA) will remain the recognized global leader of transportation security, enabled by our focus on capability innovation and threat-informed, information-driven operations (TSA, 2018). For the past few years, the TSA has mitigated certain strides to outpace the threat in cybersecurity. In December of 2018, the TSA released a cybersecurity roadmap to help guide the efforts to prioritize cybersecurity measures within its industry and across the transportation systems sector (TSA, 2018). The roadmap is also aligned with the Department of Homeland Security (DHS) Cybersecurity Strategy that executes the cybersecurity responsibilities by:

  • Strengthening the effectiveness of TSA’s core capabilities in aviation security
  • Identifying cyber security risks
  • Reducing vulnerabilities in their systems and critical infrastructure across the transportation systems sector

  • Mitigating consequences if and when incidents do occur
  • Modernize transportation vetting
  • Advance global transportation security standards, and
  • Strengthening security and ensure the resilience of the system

The effectiveness of the TSA and the DHS was shown during a cyberattack that crippled nearly half the East Coast fuel supply in May of 2021 at the Colonial Pipeline Station. This highlighted the vulnerability of critical infrastructure to online attacks and mitigated the DHS to regulate cybersecurity in the pipeline industry for the first time (Nakashima, 2021). The attack lasted 11 days; however, if it had gone much longer, it could have affected airlines, mass transit and chemical refineries that rely on diesel fuel. 

After the attack, the TSA implemented that all pipeline operators are now required to report any cyberattacks on their systems to the federal government within 12 hours and have a 24/7 on-call cybersecurity coordinator to work with in case of an attack. Companies had then reported more than 220 cybersecurity incidents within a two months timeframe of the Colonial Pipeline attack in May 2021 and have since strength the pipelines infrastructure along with advancing its security standards.

One recommendations that can further help both the TSA and the DNS from cyberattacks or black hat hackers is to start training more cyber protection specialist to fill in the jobs that are lacking within the National Security sector. Since this is a new era of cybersecurity threats, the shortfall lies from the fact that cybersecurity degrees are still relatively new within the academics of Computer Science. 

The cybersecurity agenda does not just stop there. Other transportation companies and airliners should start assessing the levels of cyber protection in their operational technology (OT) and informational technology (IT) equipment as well as programs to safeguard the most vulnerable application from an attacker. For example, adopting a complex IT security model called Zero-Trust will assume that every device, user, or application attempting to interact with the network is a potential threat. This will help eliminate the possible treat of any hacker that is trying to hijack a navigation system, bypass an aircraft's firewall to access the network or to commandeer an aircraft. 

Technology will always rapidly increase through the years; thus, maintaining a hands-off approach in cybersecurity will only encounter more aggressive hackers to cause destruction towards all platforms of National Security. 


References: 

CnSight By TDI. (2021, April 16). Top 5 Cyber Attacks in the Aviation Industry. CnSight.Io - Cybersecurity Performance Improvement. https://cnsight.io/2021/04/16/top-5-cyber-attacks-in-the-aviation-industry/

GAO. (2015, April). AIR TRAFFIC CONTROL - FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen. https://www.gao.gov/assets/gao-15-370.pdf

Nakashima, E., & Aratani, L. (2021, May 25). DHS to issue first cybersecurity regulations for pipelines after Colonial hack. Washington Post. https://www.washingtonpost.com/business/2021/05/25/colonial-hack-pipeline-dhs-cybersecurity/

National Press Release. (2018, December 4). TSA releases Cybersecurity Roadmap | Transportation Security Administration. TSA. https://www.tsa.gov/news/press/releases/2018/12/04/tsa-releases-cybersecurity-roadmap



Comments

Post a Comment

Popular posts from this blog

Image
          When researching about environmental issues that have presented the greatest concerns and impact on airports, I find it hard to describe only one. In my opinion, the primary environmental issues associated with the operation of airports are greenhouse gases (GHG) emissions, noise pollution, land utilization, waste, and congestion. For this discussion I will only talk about the environmental issues of aircraft noises, what are some of the solutions available in addressing those environmental issues, and how the Federal Aviation Administration (FAA) and the Nation Environmental Policy Act (NEPA) have dealt with these environmental issues.  The Main Concern:           The anticipated growth in air travel has heightened the significance and complexity of some environmental regulatory issues with noise being one of them. Noise, which can be defined as any unwanted sound,   can cause profound n...
Read more

Aircraft Systems and Flight

Image
           In aviation, an aircraft engine, or powerplant, is one of the most essential systems on the aircraft. There are two types of engines in aviation, a reciprocating engine and a gas turbine engine, which converts heat energy into mechanical energy by the flow of some fluid mass (air) through the engine (PHAK, 2016). This occurs from the undergo operation of the four major components that all engines share: an intake, a compression, a combustion (or power) and an exhaust. Gas turbine type engines also require an additional spool or turbine. Regardless of the type, the primary purpose of an aircraft engine is to generate enough thrust to propel the aircraft through the air by creating lift on the wings. The engine also generates power to other various systems that support the operations of the aircraft. This includes the electrical system, the hydraulic system (engine-powered only) and the bleed air system, which provides both air conditioning and pre...
Read more

Ethics and its Importance in the Aviation Community

Image
           If you were interested in building a house, the first step would include the construction process for the site preparation, the design, and the template for the foundation. The next step involves digging the footer and slab, leveling out the grounds, and then adding rebar to strengthen the concrete foundation. After the concrete is cured, the frame, roof, and walls are constructed. The result is a strong and durable home. This same process, of building a strong environment from a sturdy foundation, is necessary in building an ethical workplace. Similar to a house, people need a foundation to build their platform on when first developing their principles. Then they can build from that principle with a code of conduct or a moral compass for others to follow. This is extremely important in any business or work center to uphold ethical behavior among their employees. A strong ethical environment will encourage employees to show integrity, a concern f...
Read more