ADS-B and Cybersecurity: Lessons from the Maritime Domain
By Darren Cummings, Performance Software DoD / Cybersecurity Leader
The migration to Automated Dependent Surveillance-Broadcast, mandated for use in all commercial and general aviation aircraft by 2020, represents one of the most significant steps forward in the modernization of air traffic control in the United States. Presently, air traffic controllers and pilots rely primarily on radar to identify aircraft position and avoid collisions. ADS-B uses a combination GPS receiver and radio transceiver, hosted on each aircraft, to determine and report position information. Each aircraft transmits a unique identifier, which can be associated with registration information such as the N-number, type and model. Additional ADS-B services will enable in-cockpit weather and flight information such as terminal conditions, temporary flight restrictions and notes to airmen. ADS-B standalone transceivers and ADS-B-equipped GPS and flight information systems are already available in a wide range of prices and feature sets. Though ADS-B is expected to significantly improve overall aviation safety and security, it is not expected to be completely free of security vulnerabilities.
In weighing the benefits and security risks of ADS-B, the aviation industry would benefit from understanding cybersecurity problems that have emerged with parallel technologies in other transportation domains. ADS-B bears a number of design similarities to anti-collision and domain awareness technologies for ships at sea, including the now ubiquitous Automated Information System (AIS) deployed in 2002 to all medium and large commercial vessels worldwide. Fourteen years of experience with AIS in the maritime community has revealed a number of potential security concerns, and has demonstrated how both intended use and security can evolve over time. Several of these concerns have direct bearing on the implementation of ADS-B.
The first potential security concern that arose with AIS is one frequently mentioned in connection with ADS-B: spoofing of signals by malicious transceivers. Much of the discussion about ADS-B spoofing has concentrated on attacks by “hackers,” who could transmit false position information over the air via tools such as software-defined radios. While these acts would violate Federal Communications Commission (FCC) and aviation safety laws, the risk of identification to such an attacker would be low, given the ephemeral nature of radio broadcasts. Despite this, studies of AIS data have revealed few such outright rogue broadcasts.
However, careful analysis of ship registry and position information over time has revealed more sophisticated kinds of spoofing. International drug and arms traffickers have been known to report false positions, or to report other vessels’ identities instead of their own, in order to disguise their activities from law enforcement. Illegal fishers and environmental violators also make extensive use of spoofing, especially when entering exclusive economic zones or environmentally protected areas, akin to aviation TFRs and restricted areas. While the FAA system promises anti-spoofing strategies based on legacy radar systems, these systems themselves are less than perfect. It is unclear how they might disambiguate conflicting position reports, especially if the rogue aircraft is non-responsive on radio.
A second potential concern with ADS-B is with unplanned secondary uses of the data itself. Because ADS-B is broadcast unencrypted, anyone can receive, collect, process and store signals. Maritime security planners also overlooked this concern with AIS because it was initially believed signals would only be intercepted by vessels or land-based stations nearby, and that transmissions would be lost when ships sailed over the horizon. However, eventually radio amateurs began independently collecting and sharing AIS data. With ADS-B, there is already a significant enthusiast community online collecting and sharing data from ground stations on websites like ADSBExchange and PlaneFinder. Additionally, the launch of near-earth satellite systems with sensitive receivers capable of decoding AIS signals worldwide was unanticipated by the system’s original designers and users. The private owners of these satellites now offer bulk sales of this historical data to the highest bidder. When combined with big data analytics, bulk collection allows for detailed analysis of individual movements, performance and, over time, even predicted future locations, raising significant privacy concerns. All segments of the aviation industry, from private pilots and business jet owners, to commercial operators and military units, are at risk from this “unmasking,” causing the Government Accounting Office to raise concerns about the deployment of ADS-B in advanced military platforms like the F-22. 
Aviation differs from maritime transportation in a number of respects. Both the regulatory and technological schemes for aviation are much more sophisticated, and the system is monitored by highly skilled and experienced air traffic controllers. These failsafe mechanisms limit the potential impact of security vulnerabilities in ADS-B. Nonetheless, enforcement capacity is a function of resources. It is unclear how the system might handle, say, 1,000,000 spoofed position reports. While such an attack may be beyond the capability of a single malicious individual, state-sponsored or terrorist actors could still accomplish one. These risks, when taken in total, highlight the need for active engagement from the whole of the aviation security and software security community in developing appropriate countermeasures. There is no doubt that attacks against the system will happen, as they have with AIS. Here the aviation industry can learn a lot from the network security world: defense in depth, resilient technology, and active, ongoing risk assessment are the best tools to minimize overall impact to the safety and security of our flying public.
To learn more about how Performance Software can keep your mission critical systems secure, contact us today.