On July 30th, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued a security alert warning small aircraft owners about vulnerabilities that can be exploited to alter airplane telemetry. At risk to cyberattack, the aircraft’s Controller Area Network (CAN bus) connects the various avionics systems–control, navigation, sensing, monitoring, communication, and entertainment systems–that enable modern-day aircraft to safely operate. This includes the aircraft’s engine telemetry readings, compass and attitude data, airspeeds, and angle of attack; all of which could be hacked to provide false readings to pilots and automated computer systems that help fly the plane.
The CISA warning isn’t hypothetical, and the consequences of inaction could prove deadly. Airplane systems have already been compromised. In September 2016, a U.S. government official revealed that he and his team of IT experts had successfully remotely hacked into a Boeing 757 passenger plane as it sat on a New Jersey runway, and were able to take control of its flight functions. The year before, a hacker reportedly used vulnerabilities with the IFE (In Flight Entertainment) system to reportedly take control of flight functions, causing the airplane engines to climb.
A researcher with security analytics and automation provider Rapid7 wrote about the security of CAN Bus avionics systems in a recent blog and discussed the challenge at this year’s DEFCON security conference. He explained, "I think part of the reason [the avionics sector is lagging in network security when it comes to CAN bus] is its heavy reliance on the physical security of airplanes . . . Just as football helmets may actually raise the risk of brain injuries, the increased perceived physical security of aircraft may be paradoxically making them more vulnerable to cyberattack, not less."
A False Sense of [Physical Access] Security
The DHS CISA warning stated, "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.” CISA fears that, if exploited, these vulnerabilities could provide false readings to pilots, and lead to crashes or other air incidents involving small aircraft. Attackers with CAN bus access could alter engine telemetry readings, compass and attitude data, altitude, and airspeeds. Serious stuff.
Not all of these attacks required physical access.
These risks should serve as a wake-up call to everyone in manufacturing. Any device, system, or organization that controls operation of a system is at risk, and the threats can originate from internal or external sources. It’s critical for OEMs, their supply chains, and enterprises to include security and identity management at the device level and continually fortify their security capabilities to close vulnerabilities.
Security Solutions for Avionics Devices
Today’s airplanes have dozens of connected subsystems transmitting critical telemetry and control data to each other. Currently, tier-one suppliers and OEMs in aviation have failed to broadly implement security technologies such as secure boot, secure communication and embedded firewalls on their devices, leaving them vulnerable to hacking. While OEMs have begun to address these issues, there is much more to be done.
Sectigo offers solutions so that OEMs, their supply chains, and enterprises can take full advantage of PKI and embedded security technology for connected devices. Our industry-first end-to-end IoT Platform, made possible through the acquisition of Icon Labs, a provider of security solutions for embedded OEMs and IoT device manufacturers, can be used to issue and renew certificates using a single trust model that’s interoperable with any issuance model and across all supported devices, operating systems (OS), protocols, and chipsets.
Much like the automotive industry, the aviation sector has a very complex supply chain, and implementing private PKI and embedded security introduces interoperability challenges. With leading avionics manufacturers introducing hundreds of SKUs per year, maintaining hundreds of different secure boots within a single aircraft is complex, cumbersome, and ultimately untenable. Using a single homogenous secure boot implementation greatly simplifies the model.
Purpose-built PKI for IoT, such as the Sectigo IoT Manager, enables strong authentication and secure communication between devices within the airframe. Using PKI-based authentication prevents communication from unauthorized components or devices and will eliminate a broad set of attacks.
Embedded firewall technology provides an additional, critical security layer for these systems. This is particularly relevant for attacks such as the Boeing 757 attack via the airline Infotainment Wi-Fi Network. An embedded firewall provides support for filtering rules to prevent access from the Wi-Fi network to the control network.
Icon Labs embedded firewall has been has deployed in airline and automotive systems to address attacks such as these. In both instances, our embedded firewall sits on a gateway device in the vehicle or airplane to prevent unauthorized access from external networks or devices into the control network, or from the Infotainment network to the control network. We continue to see interest in this area, indicating manufacturers are beginning to act.
From Cockpits to Control Towers
Securing connected devices in aviation is not limited to airplanes. The industry requires secure communication between everything on the tarmac, from cockpits and control towers to provisioning vehicles and safety personnel. For that reason, Sectigo provides an award-winning co-root of the AeroMACS consortium, which addresses all broadband communication at airports across the world and calls for security using PKI certificates to be deployed into airplanes, catering trucks, and everything else on the tarmac.
Future Proofing with Crypto Agility
It’s worth noting that aviation is also uniquely challenged by the tenure of its components. Unlike devices that are designed to last for months or years, airplanes are designed to last for decades. Advances in quantum computing, which many experts believe is just around the corner, threaten to make today’s cryptographic standards obsolete. Aeronautical suppliers need to be prepared for this coming “crypto-apocalypse” and to update the security on their devices in the field while the devices are in operation. Sectigo’s over-the-air update abilities provide the cryptographic agility to guard against this upcoming crypto-apocalypse (listen to the related Root Causes podcast).
The ecosystem has fast work to do. Manufacturers must secure the CAN buses in their existing, and future fleets – whether those planes idle on fenced tarmacs, or in airplane hangars. In the meantime, CISA counsels that aircraft owners restrict access to planes avionics' components "to the best of their abilities,” leaving passengers to hope security soon extends beyond their TSA experiences.