Aviation Industry

Civil Aviation

  • General Aviation (GA) – Private transport and recreational flying
    • Corporate Aviation: Company own-use flight operations
    • Fractional Ownership Operations: aircraft operated by a specialized company on behalf of two or more co-owners
    • Business Aviation (or Travel): self-flown for business purposes
    • Personal/Private Travel: travel for personal reasons/personal transport
    • Air Tourism: self-flown incoming/outgoing tourism
    • Recreational Flying: powered/powerless leisure flying activities
    • Air Sports: Aerobatics, Air Races, Competitions, Rallies etc.
  • Aerial Work (AW)
    • Specialized services such as agriculture, construction, photography, surveying, observation and patrol, search and rescue, aerial development, etc.
    • Does not carry passengers
  • Commercial Air Transport (CAT)
    • Scheduled Air Services ⇦ Most associated with airlines and airports
    • Non-Scheduled Air Transport
    • Air Cargo Services
    • Air Taxi Operations

State Aircraft

  • State VIP Transports
  • Police/Customs Aircraft
  • General Air Traffic – Military
  • Operational Air Traffic - Military
Business man touching a screen from behind with airplane icon on circular button with lines running out from airplane icon like the lines on a circuit board.

Aviation and Digital Transformation

  • Innovation driving “big data”
  • Increased dependence on digital systems
  • Increasing connectivity interdependence across value chain
  • Analytics and business intelligence – better customer service/experience, security, efficiency and operations
  • Aviation changing from a…

centralized, proprietary, closed point-to-point system

decentralized, standards based, open IP based network

  • Networked IT (TCP/IP) replacing analog systems (for better or worse)
  • Avionics evolving from multiple discrete Line Replaceable Units (LRU) to few integrated Integrated Modular Avionics (IMA)
  • Implementing Controller Area Network (CAN) data buses – dramatically reduces wiring
  • Software Defined Radios (SDR) generally available – allows communication with aircraft
  • Systems were not designed to be used in an adversarial environment
  • Complex and expanding attack surface with additional vulnerabilities
  • Business aviation cyber attacks much greater than commercial aviation
  • High-dollar, time-sensitive market makes extracting payments easier
  • Increasing and complex accountability
  • Aviation cybersecurity market growing CAGR 11% (2019-24 - pre-COVID)*

Cybersecurity Developments

 

Not about cyber-kinetic risks

  • More nuisance (disruption) than safety risk
  • On-the-ground systems not as protected as in-flight
  • "Pilot-in-the-Loop" prevents errors
  • Financial risks - Non-operation, fines/penalties and lost customer reputation large
  • Cascading effects high due to sharing and interconnected systems

Motivations

  • Theft of financial or operational data – Stealing of assets or blackmail victims
  • Tracking of aircraft – Obtain competitive advantage by predicting business actions
  • Financial traders used aircraft movements to track potential deals and for insider trading 
  • Other – Personal data/identity theft, political action, hactivist, financial gain, weakening competitor, cyber espionage and physical damage

Theoretical attacks

  • Eavesdropping – e.g. ACARS
  • DDoS / jamming – Disruption of any component
  • Masquerade - e.g. MITM attack on ATC messages
  • Replay attacks - e.g. CPDLC or ACARS
  • Message alteration - Delay, modify, redirect, forge any component
  • Disabling ground systems – e.g. ticketing, baggage, etc…
  • Control / remote hijacking – e.g. malware introduced onto aircraft via infected maintenance laptop
  • Spoofing – GPS information, flight plans

Aviation Unique Aspects

(from an IT perspective)

  • A Fail-Operational design – Essential systems must not have a single point of failure
  • “Pilot-in-the-loop” - Pilot awareness and control allow planes to land even if all communication and non-essential equipment are shut down or disabled
  • Configuration control – Software can only change during authorized maintenance, needs to stay compliant and can reboot (even in flight) into a clean configuration
  • ALARP – “As Low As Reasonably Practicable” mentality
  • No concept of IT “system administrator” 
  • Equipment roams worldwide to varying infrastructure crossing sovereign lines and regulations.
  • Design, production, operation, and in-service life cycles of aircraft's are measured in decades - difficult to "patch"

Aeronautical Telecommunication Network (ATN)
vs. OSI Layer

Layer  OSI Model ATN ISO Stack ATN / IPS Stack
7 Application DS Upper Layer

CPDLC, ATS/AOC, Tenet,

FTP, HTTP, Etc...

 
6 Presentation Fast Byte (P)
5 Session Fast Byte (S)
4 Transport TP4 or CLTP TCP or UDP
3 Network

CLNP/IDRP/ESIS

Mobile SNDCF

IP
2 Data Link Data link LLC/MAC
1 Physical Physical Hardware 

Let us help you with Aviation

Aviation