Technology advances, are rendering the aircraft and the air traffic system more and more automated and connected . New generation e-Enabled aircraft (A380, A350, B787, C Series and others including a few business jets) have their systems linked to ground based systems in the form of real time data uploads and downloads to derive operational efficiencies.
e-Enabled aircraft have unique networking, computing, security, certification and physical operating requirements that renders integration a daunting challenge. These systems and domains are
- Flight Deck {Electronic Flight Bag (EFB) Class III)
- Avionics Data {Sat Comm, ACARS and avionics}
- Open Networking { Avionics interfaces, Servers, Terminal Wireless, Network appliances and Core Network}
- Maintenance { Software Loading and Maintenance Access}
- Cabin and Airline Services { FOQA Data, FA terminals and crew wireless}
- Passenger { IFE, wi-fi and Cell phones}
e-Enabled aircraft derive efficiency by integrating and connecting in real time the following functions:
- EFB
- Integrated Materials Management
- Airline Flight Operations
- Maintenance Performance
- Airplane Health Management
Add to this the evolving automation in Air Traffic Management through the Automatic Dependent Surveillance (ADS-B and ADS-C), Future Air Navigation System (FANS), Controller Pilot Data Link Communication (CPDLC) and NextGEN.
All the above requires internet and wireless connections between the various ground centers and the aircraft:
- OEMs
- Airlines Centers
- Maintenance Providers
- Airports and their various ancillary functions
The threat of someone hacking into a ground network and interfering with downloading or uploading data to and from an aircraft and eventually the aircraft systems is possible, if this someone is willing to take the risk. This represents an emerging risk to safety and security. The risk is real that several countries in their National Civil Aviation Safety Programs (NCASP) and their Security regulations require their airlines to secure their systems and aircraft against cyber-security threats.
This is an emerging threat with no developed standards for risk assessment of ground based IT systems. This is not endemic only to aviation. The National Institute of Standards and Technology (NIST) is rapidly developing a set of guidelines and best practices for better security for IT systems that will; once developed provide guidance to organizations on how to manage cyber-security risk in a similar manner to financial, safety and operational risks.
This has prompted ICAO, FAA, EASA, IATA, OEMs and other interested parties to start discussion regarding cyber-security threats to aviation. This effort will take several years before it evolves into a working standard and a few more years for implementation.
Meanwhile, threats evolve.
No comments:
Post a Comment