“Aircraft are not immune to being hacked, and if they are, it can be detrimental,” said Dr. Raju Patel, Air Force Life Cycle Management Center technical advisor for embedded computer and software systems and authorizing official for aircraft systems assessing cybersecurity risks for Air Force aircraft.
Patel said most aircraft systems are now controlled by software, and over the years there has been a significant increase of how much is controlled by that software. In the 1980s, about 25 percent of the aircraft’s capabilities were operated by software. Presently, 85 percent of aircraft capabilities are being run by software.
Examples of possible cyber effects on aircraft systems, if they are hacked, can be anything from breakdowns in communication and navigation systems to the more critical systems, such as collision avoidance and life support systems.
When Patel conducts risk assessments on aircraft systems, he assesses by judging the confidentiality, integrity and availability of the system. Patel said that confidentiality assures the information is not being disclosed to unauthorized personnel. The integrity of the system is ensuring that the material is what was expected and has not been altered, and that availability ensures the user timely and reliable access to data and information services.
Wright Patterson marks 100 years of aviation achievement
Patel said the most important action in protecting aircraft systems, as well as other computer systems, from a cyber-attack is practicing cyber hygiene.
“Cyber hygiene in avionics needs to begin with ensuring the appropriate training is being provided and the training is tailored to that specific job,” Patel said. “Operators also need to ensure that routine maintenance is conducted on the systems by running up-to-date antivirus software and to run the antivirus on any software before it is loaded on the aircraft. It is also crucial that operators follow the technical order as most errors occur when procedures are not followed.”
Looking ahead, Patel said additional steps are being implemented to protect aircraft avionic systems from cyberattacks.
Patel created a cybersecurity technical working group collaborating with industry to come to agreeable requirements for the systems. One requirement is to ensure that when contractors provide software, they are vigilant of supply chain issues for any re-used, non-developmental or sub-contracted software, that is who or where the software is coming from.
Another action is installing cybersecurity on the front end of developing weapon systems. The KC-46 is the first aircraft to address cybersecurity measures during initial system design, and throughout the system development, to protect the aircraft from potential cyber-attacks.
“Adversaries are always looking for ways to hack a system and even if only one small change is made to a system, it can affect the entire weapon system,” Patel said.
He noted that a next-generation antivirus program is currently being developed and will have the capabilities to detect and identify malware in real time.
About the Author