Aviation Cyber Security
Next generation Aircrafts that integrates connectivity and allows the crew to sync the information with the outside world in real time also opens the gateway to cyber security threats.
Aviation Threat Landscape
Previously Aircrafts used to communicate with flight avionics systems using aviation (ARNIC 429/629) or military (MIL-STD-1553) and TCP/IP for the passenger infotainment system that are physically separated from each other.
​
The new generation Aircrafts are using TCP/IP technology that connects both flight avionics and flight deck creating an airborne interconnected network. This airborne network connects with numerous technologies from outside using SATCOM, ADS-B, ACARS, Gatelink etc. This resulted in the introduction of new vulnerabilities that may impact the airborne network and create safety and airline business concerns.
What are Security Risks?
Cyber Attack on aircraft puts the safety of passengers at risk and airline reputation suffers a significant impact. Researchers have shown a successful compromise of the airborne network using the infotainment system.
​
Devices that are vulnerable to attack are:
-
Passenger Infotainment System
-
Cabin Crew Systems
-
Electronic Flight Bags
-
Air Traffic Management System
-
GateLink Protocols
-
Legacy Systems and Data Links
-
VHF and CPDLC
-
Airborne Flight Management System
-
Commercial Off The Shelf Devices (COTS)
Airworthiness Security Assessment
​
Modern aircraft flight critical avionics components can be reprogramed wirelessly and via various data transfer mechanisms. This alone, or coupled with passenger connectivity on the aircraft network, may result in cybersecurity vulnerabilities and corruption of data which is critical to the safety and continued airworthiness of the airplane.
​
Countries in a joint effort are working continuously to develop standards and regulations to assess the risk associated with the Aviation industry. RTCA DO-355 and EUROCAE ED-204 standards provide the Information Security Guidance for Continuing Airworthiness.
Security Spoc assists airlines to create Aircraft Network Security Program (ANSP) by building security policies and procedures, such as managing airworthiness, regular security audits, and technical security testing of aircraft networks.
Aviation Services
Technical Security Assessment
​
Today's modern aircraft have introduced a significant risk of maintaining continuous airworthiness. IoT & Interconnected cyber-physical systems are susceptible to cyber security threats.
​
-
Assess the interconnected aircraft network for identifying the threats
-
Perform vulnerability assessment of the aircraft systems and network to identify security issues
-
Provide a roadmap for remediation plan for all the identified risks to maintain the continuous airworthiness
Risk Assessment
​
RTCA, EUROCAE, and ICAO Annex 17 require airlines to perform the security assessments for identifying cyber security threats.
​
​
-
Perform a tailored risk assessment for airborne systems and ground connectivity requirements
-
Identify and document the identified risks
-
Provide a roadmap for remediation of identified risks and segmentation between ground and airborne network
Supply Chain Risk Assessment
​
Aviation industry depends on numerous third-party vendors for delivering the services efficiently. Regulators may require airlines to conduct the Third-party risk assessment.
​
-
Helps in identifying the risk associated with the third-party vendors
-
Helps in developing efficient vendor risk assessment framework covering initial contract and till the termination
-
Assist in maintaining the compliance to industry regulators and industry frameworks
Reporting
Well Structured
With years of experience, we have created a report template that is easy to work with and highlights issues for technical and business world to work upon.
Prominent
Reports and presentations highlight the prominent issues to act upon and mitigate to increase resilience against a cybersecurity attack.
Complete
Our reports consist of sections of technical and business stakeholders. We always include risk ratings and recommendations as per the industry's best practices.