Keep your connected aircraft safe from cyber-attacks!

Connecting aircraft to the Open World (e.g. the internet, wifi, airline IT) will soon become a standard, enabling the transformation of aircraft operations. It interconnects onboard and ground stakeholders through aircraft gateways, leading to new usages such as Electronic Flight Bags and Flight Management System connections. This then drives an increase in overall operational performance.

However, connected aircraft operations involve opening doors to worlds which were once isolated, exposing safety-critical domains to cyber threats. Although aircraft safety is not impacted, official figures confirm that airspace users is now facing cyber-attacks. Any aircraft connected to the non-avionics world is now potentially concerned.

Technology is constantly changing the way we live, work and experience life. The connected revolution of the past decades has had a profound impact on almost every level of our world. Nevertheless, with greater openness comes greater risks. Our ecosystems of smart objects are no longer separated one from the other but rather interconnected, revealing new cyber vulnerabilities and possible cyber threats. Cyberattacks are now the norm, not only becoming more frequent but also more complex and sophisticated as the technology arms race intensifies.

The aviation industry is not exempt from this trend and connected aircraft operations are becoming a strategic asset of transformation. Commercial air transport cannot be seen any more as a safe haven, sealed off from the dangers of the open, interconnected world. In light of current trends in aviation, a white paper written by Thales analyzes this premise and asks the question, what is the future for cybersecurity in a rapidly changing, connected aviation industry?

Nowadays, connected aircraft represent a concrete means of bringing together operational stakeholders (flight crew, cabin crew, maintenance, etc.) with control centers and engineering stakeholders in the airline, the airport and air traffic control. In addition, they could interact directly with the aircraft itself.

By exposing the safety-critical domain of aircraft to new usages and new threats, the challenge facing aviation is not restricted to simply integrating appropriate protections. In fact, they extend to how to maintain protection as operational when faced with a rapidly changing open-world environment that moves faster than the heavily regulated industry.

Cyber considerations are new even if the risk has existed for a long time. The European authority (EASA) and the industry has started to complete the actual safety framework by implementing cybersecurity requirements:

• In the design, Part-21 Initial Airworthiness
• In the organizations and operations of the stakeholders, Part-IS (Information Security)

Four must-have cyber features of an aircraft gateway:

• Feature #1 Cyber secure by design, meaning it respects cyber processes that ensure safety and allow certification,
• Feature #2 Peripheral and ‘in-depth’ cyber protections, involving the implementation of the right technological and organizational protections in the right place,
• Feature #3 Management of Continuous Security (MCS). The gatekeeper becomes a digital service to maintain operational cybersecurity protections and credentials,
• Feature #4 Synergy between ‘Avionics’ and ‘Open-World’ features. The system architecture should guarantee safety with the speed and agility of the Open World to easily and rapidly keep the protection up to date.