Aviation Cyber Security
Next generation Aircrafts that integrates connectivity and allows the crew to sync the information with the outside world in real time also opens the gateway to cyber security threats.
Aviation Threat Landscape
Previously Aircrafts used to communicate with flight avionics systems using aviation (ARNIC 429/629) or military (MIL-STD-1553) and TCP/IP for the passenger infotainment system that are physically separated from each other.
The new generation Aircrafts are using TCP/IP technology that connects both flight avionics and flight deck creating an airborne interconnected network. This airborne network connects with numerous technologies from outside using SATCOM, ADS-B, ACARS, Gatelink etc. This resulted in the introduction of new vulnerabilities that may impact the airborne network and create safety and airline business concerns.
What are Security Risks?
Cyber Attack on aircraft puts the safety of passengers at risk and airline reputation suffers a significant impact. Researchers have shown a successful compromise of the airborne network using the infotainment system.
Devices that are vulnerable to attack are:
Passenger Infotainment System
Cabin Crew Systems
Electronic Flight Bags
Air Traffic Management System
Legacy Systems and Data Links
VHF and CPDLC
Airborne Flight Management System
Commercial Off The Shelf Devices (COTS)
Airworthiness Security Assessment
Modern aircraft flight critical avionics components can be reprogramed wirelessly and via various data transfer mechanisms. This alone, or coupled with passenger connectivity on the aircraft network, may result in cybersecurity vulnerabilities and corruption of data which is critical to the safety and continued airworthiness of the airplane.
Countries in a joint effort are working continuously to develop standards and regulations to assess the risk associated with the Aviation industry. RTCA DO-355 and EUROCAE ED-204 standards provide the Information Security Guidance for Continuing Airworthiness.
Security Spoc assists airlines to create Aircraft Network Security Program (ANSP) by building security policies and procedures, such as managing airworthiness, regular security audits, and technical security testing of aircraft networks.
Technical Security Assessment
Today's modern aircraft have introduced a significant risk of maintaining continuous airworthiness. IoT & Interconnected cyber-physical systems are susceptible to cyber security threats.
Assess the interconnected aircraft network for identifying the threats
Perform vulnerability assessment of the aircraft systems and network to identify security issues
Provide a roadmap for remediation plan for all the identified risks to maintain the continuous airworthiness
RTCA, EUROCAE, and ICAO Annex 17 require airlines to perform the security assessments for identifying cyber security threats.
Perform a tailored risk assessment for airborne systems and ground connectivity requirements
Identify and document the identified risks
Provide a roadmap for remediation of identified risks and segmentation between ground and airborne network
Supply Chain Risk Assessment
Aviation industry depends on numerous third-party vendors for delivering the services efficiently. Regulators may require airlines to conduct the Third-party risk assessment.
Helps in identifying the risk associated with the third-party vendors
Helps in developing efficient vendor risk assessment framework covering initial contract and till the termination
Assist in maintaining the compliance to industry regulators and industry frameworks
With years of experience, we have created a report template that is easy to work with and highlights issues for technical and business world to work upon.
Reports and presentations highlight the prominent issues to act upon and mitigate to increase resilience against a cybersecurity attack.
Our reports consist of sections of technical and business stakeholders. We always include risk ratings and recommendations as per the industry's best practices.