NBAA 2013

Living in the UAE one tends to attend the regional business aviation shows. MEBAA has always provided a venue for business aviation professional from MENA and the world to meet. Last week (October 22-24),
I attended my first NBAA Convention and Exhibition in Las Vegas. The venue was huge, but so was the event, after all the USA is by far the largest and most mature business aviation market in the world.

Compared to other industry and trade events I attended, the mood was definitely upbeat. The halls were buzzing with activities and discussions. The people I talked to were all optimistic that things have turned around and that 2014 is going to be a good year.

What is most impressive about the NBAA is the amount of educational venues that were provided free of charge during the convention. The value of these venues in terms of knowledge and networking is priceless.

Aviation's Emerging Threat, Cyber-security

Technology advances, are rendering the aircraft and the air traffic system  more and more automated and connected . New generation e-Enabled aircraft (A380, A350, B787, C Series and others including a few business jets) have their systems linked to ground based systems in the form of real time data uploads and downloads to derive operational efficiencies.

e-Enabled aircraft have unique networking, computing, security, certification and physical operating requirements that renders integration a daunting challenge. These systems and domains are

•  Flight Deck {Electronic Flight Bag (EFB) Class III)
• Avionics Data {Sat Comm, ACARS and avionics}
• Open Networking { Avionics interfaces, Servers, Terminal Wireless, Network appliances and Core Network}
• Maintenance { Software Loading and Maintenance Access}
• Cabin and Airline Services { FOQA Data, FA terminals and crew wireless}
• Passenger { IFE, wi-fi and Cell phones}

e-Enabled aircraft derive efficiency by integrating and connecting in real time the following functions:

• EFB 
• Integrated Materials Management
• Airline Flight Operations
• Maintenance Performance
• Airplane Health Management

Add to this the evolving automation in  Air Traffic Management through the Automatic Dependent Surveillance (ADS-B and ADS-C), Future Air Navigation System (FANS), Controller Pilot Data Link Communication (CPDLC) and NextGEN. 

All the above requires internet and wireless connections between the various ground centers and the aircraft:

• OEMs
• Airlines Centers
• Maintenance Providers
• Airports and their various ancillary functions

The threat of someone hacking into a ground network and interfering with downloading or uploading data to and from an aircraft and eventually the aircraft systems is possible, if this someone is willing to take the risk. This represents an emerging risk to safety and security. The risk is real that several countries in their National Civil Aviation Safety Programs (NCASP) and their Security regulations require their airlines to secure their systems and aircraft against cyber-security threats.

This is an emerging threat with no developed standards for risk assessment of ground based IT systems. This is not endemic only to aviation. The National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices for better security for IT systems that will; once developed provide guidance to organizations on how to manage cyber-security risk in a similar manner to financial, safety and operational risks.

This has prompted ICAO, FAA, EASA, IATA, OEMs and other interested parties to start discussion regarding cyber-security threats to aviation. This effort will take several years before it evolves into a working standard and a few more years for implementation. 

Meanwhile, threats evolve.