As the aviation ecosystem becomes more connected, there’s an ever-increasing threat of cyber attacks. Aviation experts are well aware of this and have kept cybersecurity top of mind, leading to it being a key topic at several industry trade shows like the Farnborough Airshow.  In addition to events, Connected Aviation Today has spoken with subject matter experts like Aero Tech Partners’ Dominic Nessi and Antoine Rostworowski of ACI World about how leaders can best prepare themselves for an increasingly connected industry with stronger approaches to cybersecurity in aviation.

With these growing concerns around cybersecurity in aviation and the recent conclusion of Black Hat 2018, the world’s leading information security event, we are highlighting important trends and events in a space that decision makers are paying attention to.  As the industry continues to focus on cybersecurity, here are some of the top stories industry stories to keep in mind:

This Guy Hacked Hundreds of Planes from the Ground

Thomas Fox-Brewster, Forbes Cybersecurity Reporter, covered the actions of cybersecurity researcher Ruben Santamarta, who was able to hack into several commercial aircraft via vulnerabilities in their satellite communication systems. “Fortunately, the safety systems on the planes were not at risk, thanks to the ways in which modern aircraft segment networks,” Fox-Brewster reported, meaning there was no threat to the fliers’ physical safety, but they could easily be surveilled using the Wi-Fi, similar to vulnerabilities seen when using public Wi-Fi at Starbucks, for example.

Santamarta actually shared the full details of his attacks during Black Hat 2018 and discussed how he theoretically could turn a satellite communications kit into “radio frequency weapons.” His research points out the need for important security best practices to be in place for every connected aircraft.

Read the whole story here.

Applying Aviation Safety Practices to Cybersecurity

The aviation industry is known for its prudence when it comes to aircraft safety, and now that aircraft today are more connected, cybersecurity falls under that umbrella. The Connected Aviation Today team learned more about the application of aviation’s safety traditions to the digital space in a conversation with Joel Otto, Vice President of Strategy and Business Development for Rockwell Collins Information Management Systems business unit.

Much like safety precautions taken when developing an aircraft, cybersecurity is not a one-time box to be checked. Otto explained that continued cybersecurity testing and processes are part of the aircraft’s life cycle and should be conducted on a regular basis, just like any other safety test.

Shany Seawright at Connected Aviation Today reported, “As the industry looks forward, now is the time to take the mandates, certifications, and minimum requirements for safety, which have made air travel one of the safest methods of transportation in the United States, and apply it to cybersecurity, according to Otto.”

Read the whole story here.

Thales Warns of Cyber Threats

Thales USA CEO Alan Pellegrini and Peter Cooper, a nonresident senior fellow at the Atlantic Council think tank shared their thoughts on growing concerns on cybersecurity in aviation in a recent article by Thierry Dubois on Aviation Week.

“[Thales’] focus is finding new vulnerabilities faster than a difficult-to-identify adversary. Threats are diverse, from aircraft system hacking via the internet – against which the industry has long relied on a segregated system architecture – to a malicious load into a flight management system and spoofing communications between the crew and the air traffic controller,” reported Dubois. “On the ground, hacking into passenger security check or baggage delivery systems could cause a major disruption.”

Cooper noted that a secure system cannot exist if it’s connected, and because that’s the way the aviation industry is headed, there is a pressing need for more comprehensive cybersecurity approaches both in the air and on the ground.

Read the whole story here.

What Airports Need to Know: Creating a Comprehensive Approach to Cybersecurity

The Connected Aviation Today team spoke with Jim Knaeble, Global Products Management at Rockwell Collins, about the approach airports should be taking to cybersecurity and what elements build a strong strategy defending against cyber attacks. He especially emphasized the need to tailor approaches that suit each airport’s individual needs.

“There’s no ‘one size fits all’ for airport cybersecurity,” he noted. “Each airport environment is unique. Conducting a proactive risk assessment can identify vulnerabilities so a holistic cybersecurity program can be established.”

Between internal threats from employees connecting their devices or clicking on infected sites and new external cyber threats being created every day, Knaeble stressed the importance of a thoughtful cybersecurity approach for airports that suits their sizes and budgets.

Read the whole story here.

For more information and perspective about the rise of cybersecurity in aviation, visit here.

Chelsea Barone

About Chelsea Barone

Chelsea is an editor for Connected Aviation Today, managing the day-to-day editorial activities. Chelsea writes for other federal government and technology industry publications. Her background lies in B2B and enterprise technology, specifically cloud computing, SaaS, travel IT, and mobile devices.