Avionics Safety and Secured Connectivity: A Look at DO-326A/ED-202A, DO-355 and DO-356
One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with attendant challenges that are not unrelated to cybersecurity risks. Safety for aircraft no longer rests upon physical security. Now, it extends to securing connectivity between networked aircraft components, including avionics systems.
Avionics, Connectivity, and Cybersecurity Risks
In 2015, security researcher Chris Roberts was sanctioned for exploiting vulnerabilities in a United Airlines plane and causing it to fly sideways briefly. According to widely publicized report of the FBI, Roberts hacked into the plane’s In-Flight Entertainment (IFE) system while aboard the flight and tampered with the command of the plane. Three years later, researcher Ruben Santamarta hacked planes flying above by exploiting weaknesses in satellite communications infrastructure. These flaws enabled him to gain remote access to and to spy on hundreds of planes from the ground.
Both events brought to light the new reality of aviation and why flight connectivity must be kept very secure. Flight connectivity is the vehicle of sensor information and analytics data flow. Any digital device can be hacked—even more so if it’s connected to the internet. The connectivity capability of airplanes boosts efficiency, but it could also create loopholes for unauthorized remote access. And since connectivity is based on networking, one cannot imagine the far-reaching damage that a hacker can wreak by exploiting one teeny-weeny loophole.
For instance, according to the Design Assurance Levels set by avionics certification documents, a ‘no-effect’ danger level would be a failure that affects no more than the IFE system. Recalling what Roberts was able to (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/avionics-safety-secured-connectivity-do-326a-ed-202a-do-355-do-356/