By Darren Cummings, DoD/Cyber Leader
Satellite communications enable a diversity of onboard capabilities for aviation. SATCOM extends the range of ACARS, the most popular protocol for both operational messages and automated machine-to-machine (M2M) communications like performance and safety monitoring. SATCOM enables voice telephony, both for crew communications and as a passenger amenity. Increasingly, airlines are accessing satellite-based internet service as well, supporting not only the entertainment and business needs of their customers but extending the air operations enterprise into the sky. Each of these applications can give rise to cyber attacks with the potential to impact business operations, harm operator reputations and even endanger passengers and crew. As a result, the effective assessment of SATCOM security is critical in the ongoing development and deployment of modern air systems.
Satellite systems are often viewed as safer than other communications channels from a cybersecurity perspective, and there are good reasons for this. Satellite integrators leverage well-designed protocols and secure development practices to maximize reliability, and generally, have respectable control of the interfaces between their systems and outside networks. However, many assume that the cost and skills required to hack satellite communications are considerably higher than they are—a fact that has been demonstrated on several occasions. In 2016, the German security researcher Stephan Zell exposed a wide range of vulnerabilities in the Iridium satellite-based telecommunications and internet system, ultimately including the ability to intercept airborne calls made from the military variant of the Gulfstream V. In 2017, Hackers from IOActive were able to find a critical vulnerability in Inmarsat’s SATCOM control software which allowed an attacker to take arbitrary control of the system. While that vulnerability affected only maritime systems, Inmarsat markets aviation solutions leveraging many of the same technologies.
The ease with which attackers have discovered these vulnerabilities suggests that aviation system integrators need to pay more attention to security design considerations when integrating SATCOM with other aviation systems, and apply considerable additional testing. A fully secure system-of-systems would manage the possibility that SATCOM communications, and potentially even the satellites themselves, could be compromised. Design strategies like isolation, enforcement of communication protocols and security monitoring, aided by tamperproof solutions like virtualization, should be employed wherever data from SATCOM systems interfaces with life-and-safety critical systems. Both fault injection testing and penetration testing should anticipate possible attacks against the SATCOM system itself and interconnected subsystems.
Finally, aviation integrators and operators should consider the potential impacts of cybersecurity attacks in the overall business and social landscape. While a compromise of, say, the satellite-based passenger internet, may not be of top concern when it comes to airframe safety, the consequences of a data breach can wreak havoc on an operator’s reputation and future sales potential. It would be no less damaging for high revenue international first-class passengers to learn, the hard way, that the business calls they make aboard are not in fact encrypted. For these reasons, integrators, avionics developers, and airlines should not wait for the first big SATCOM cyber attack to begin improving security.
To learn more about how JETS can help you assess and improve the security of your aviation communications systems, contact Performance Software.