On Hacking A Passenger Airliner (GAO report)
Several news stories today have highlighted a recently released GAO report which stated that "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.”
True enough. The fundamental problem arises from the fact that the modern passenger aircraft have two networks, one for avionics and airplane control and one for in-flight entertainment.
Published by The Lawfare Institute
in Cooperation With
Several news stories today have highlighted a recently released GAO report which stated that "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.”
True enough. The fundamental problem arises from the fact that the modern passenger aircraft have two networks, one for avionics and airplane control and one for in-flight entertainment. The former is necessary because modern aircraft are increasingly “fly-by-wire” — computer controls and electronic signals do what cables and hydraulic lines used to do for control surfaces and the like. The latter is there because passengers don’t want to be bored, and airlines find competitive advantage in providing in-flight entertainment, which these days includes Wi-Fi access to on-board entertainment and the Internet.
No problem if the two networks remain physically separated (well, less of a problem – more on that later). But as the GAO report points out, they are connected, and software-based firewalls are supposed to separate them logically. Software is much easier to hack than an air gap, and I’m afraid that the use of firewalls to separate the networks doesn’t inspire me with much confidence.
Why are the two networks connected? One reason is that the in-flight entertainment system sometimes needs data from the avionics network. Why? Passengers like having real-time updates about where the flight is in its journey, and most in-flight entertainment systems provide such a feature.
So the problem arises in large part because airlines are responding to competitive pressures that “require” the entertainment system to be connected to the avionics network. Does this make sense to anyone?
As a very first step, let’s have the FAA mandate that the in-flight entertainment network and the avionics network are physically separated—I would feel much safer that way. I don’t see any technical reason why that can’t be implemented – again, if I’m wrong, someone please enlighten me. And if the FAA mandated that all airlines maintain a physical separation, no one could gain a competitive advantage by connecting them. Passengers will just have to deal with their need for real-time updates the old-fashioned way -- by asking the flight crew.
Note: physical separation probably does not solve the cybersecurity problem entirely. I’m speculating here, but I would expect that a modern airliner has a number of points inside the passenger cabin where physical access to the avionics network is possible. I would be surprised if one could just plug in an Ethernet cable, but maybe there’s a device port that is similar to the automobile on-board diagnostic port. But gaining access to such a port is likely to be visible to the flight crew and other passengers, who would wonder why someone is trying to remove a panel in the wall or floor of the cabin.
Readers might also be interested in an interesting story about a hacker’s experience in crashing an in-flight entertainment system. It has some technical content, but should be followable by readers of this blog.
Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.