Aircraft IT systems are getting more and more complex and airlines need to be more vigilant about the risk of a cyber security attack.
That was the message from John Craig, chief engineer, cabin network systems, Boeing, at the 2014 Aircraft eEnablement (Connectivity and IFE) Conference. held in Heathrow last week.
“We need to be more vigilant,” Craig said. “Don’t be in denial and don’t underestimate the problem, but the risk is real, so don’t get overconfident.
“We work in a security and safety-based culture – the enhanced ground proximity warning system (EGPWS) has helped reduce controlled flight into terrain (CFIT) issues and now we need a similar approach to cyber security.”
He said that in 2005, Wired magazine published an article about a passenger trying to hack other passengers’ laptops while on an aircraft.
“If you look at the entire aviation ecosphere the cyber security risk is enormous,” Craig said. “It involves multiple software providers, airlines, airports and others. Once you move away from physical devices such as floppy disks and CDs you need to address a whole new level of security.”
He said a Boeing 787 transmits around 28Mb of data per flight, compared with less than 1Mb on a Boeing 777.
“We are now putting Ethernet IP connectivity into an aircraft, which introduces a whole new level of complexity compared with earlier ARINC protocols,” he said.
“Organisations have to understand the cyber threat at all levels in an organisation – from the CEO down. We also have to have an industry-wide strategy.”
Craig also referenced the newly-formed Aviation Information Sharing and Analysis Center (ISAC), which was formed in September 2014. The Aviation ISAC will focus on “risk mitigation, incident response and information sharing”.
It will be collocated with the Air Domain Intelligence Integration Center in the Transportation Security Administration’s (TSA) secure flight facility just outside Fort Meade, the location of the National Security Agency (NSA).