Avionics News November 2015 - 43

concluding he failed to gain access to the 737's systems and
that his self-described success at compromising aircraft systems only involved simulations. The FBI is staying mum, and
Roberts apparently has not been charged with any crime. But
the publicity he received has brought attention to the growing
use of IP networking aboard aircraft equipped with modern avionics. And the widely reported vulnerability of FCA's Uconnect
system has people asking why the same basic techniques can't
be applied to avionics.
Do these demonstrations of unauthorized access to networked systems pose a threat to aircraft operations? Is operational data vulnerable? How immune are modern avionics
to hacking?
The good news
Aircraft of all sizes increasingly are being equipped with
IP networking systems, either for entertainment or operational purposes. A common example might be Wi-Fi aboard
an airliner or business jet, allowing passengers to access the
Internet with a personal electronic device via a router wired
into a transceiver serving a satellite- or ground-based telecommunications system. Aircraft also may use wireless or
hard-wired IP connections as part of an in-flight entertainment
system. (Roberts allegedly gained access to his UAL 737's
IFE system by cabling a laptop into a box mounted under the
seat in front of him, not via Wi-Fi.) Meanwhile, even personal
aircraft often are equipped for Wi-Fi or Bluetooth wireless
transfer of situational data to a PED running electronic flight
bag software. And aircraft of all sizes may be equipped to
transfer stored operational data to a wireless Internet access
point when within range.
Of course, a Jeep Cherokee and its Uconnect system isn't
FAA certified. If it had been subject to the same certification rules applying to avionics, there's no way existing policy
would allow the kind of direct connection to an aircraft's systems demonstrated by Miller and Valasek. As the GAO noted,
"Historically, aircraft avionics systems were isolated within
the aircraft itself," eliminating the possibility of unauthorized
access to the airborne IP router or any other aircraft system
except power. That's a so-called "air gap" - the absence of a
connection between the box providing Internet access to passengers' PEDs and any other aircraft systems. But today's
highly automated aircraft - even piston singles - increasingly
use the same basic IP technology to achieve their advanced
capabilities. An example might be wirelessly transferring a
flight plan to the aircraft's certified avionics. Now what?
In its March 2014 policy statement providing guidance to
aircraft certification offices, the FAA said, "Recent designs for
aircraft systems have included connectivity to 'non-governmental services' such as the Internet, portable electronic devices,

and commercial-off-the-shelf technologies that have not been
certified and accredited for secure operations by a government
authority. These designs can introduce cybersecurity vulnerabilities beyond the scope of current airworthiness regulations and
traditional systems safety assessment methods." Airframers and
avionics manufacturers must comply with FAA-required "special conditions" that go beyond existing regulations to achieve
certification of systems connecting an aircraft to the Internet.
But the world of special conditions is an uncertain one,
and the FAA earlier this year began laying the groundwork
for eventual rulemaking on what it calls Aircraft Systems
Information Security/Protection. According to the agency,
"without updates to regulations, policy and guidance to address
ASISP, aircraft vulnerabilities may not be identified and mitigated" or "standardized and harmonized between domestic and
international regulatory authorities." An Aviation Rulemaking
Advisory Committee working group has been tasked with providing "recommendations on whether ASISP-related rulemaking, policy and/or guidance on best practices are needed," with
a target date of mid-2016 for its report.
All that's in the future, though. What's already been done to
prevent unauthorized access to aircraft systems and networks
aboard in-service aircraft?
Better news
According to Rockwell Collins' Don Kearney, the company's senior security engineering manager, "As designed today,
passenger systems such as in-flight entertainment can only
receive data from aircraft systems. Information such as airspeed
and position are sent to IFE systems, but transmission back to
the avionics is not permitted," he said. "Passenger domains are
separated from the avionic domains by various means, including physical separation and logical separation."
John Wade, executive vice president and general manager for
Gogo Business Aviation, a leading supplier of airborne Internet
service to noncommercial aviation, echoed Kearny, telling us
his company's data and voice communication systems engage
only in a one-way conversation with an aircraft's primary avionics. In a typical Gogo installation, the required router is certified by the FAA as a read-only device, one capable of receiving
messages from the rest of the aircraft's avionics but incapable
of sending any. "There's no connection between the aircraft and
passenger communications" systems, he told us. "A link just
doesn't exist" and there is "no way" to inject messages from
the router into the aircraft's primary avionics.
When considering the vulnerability allowing unauthorized
access to FCA's Uconnect systems, the aviation industry also
has put into place cutting-edge safeguards. Gogo's Wade told
Continued on following page
avionics news

*

november

2015

43



Table of Contents for the Digital Edition of Avionics News November 2015

Avionics News November 2015 - Intro
Avionics News November 2015 - Cover1
Avionics News November 2015 - Cover2
Avionics News November 2015 - 1
Avionics News November 2015 - 2
Avionics News November 2015 - 3
Avionics News November 2015 - 4
Avionics News November 2015 - 5
Avionics News November 2015 - 6
Avionics News November 2015 - 7
Avionics News November 2015 - 8
Avionics News November 2015 - 9
Avionics News November 2015 - 10
Avionics News November 2015 - 11
Avionics News November 2015 - 12
Avionics News November 2015 - 13
Avionics News November 2015 - 14
Avionics News November 2015 - 15
Avionics News November 2015 - 16
Avionics News November 2015 - 17
Avionics News November 2015 - 18
Avionics News November 2015 - 19
Avionics News November 2015 - 20
Avionics News November 2015 - 21
Avionics News November 2015 - 22
Avionics News November 2015 - 23
Avionics News November 2015 - 24
Avionics News November 2015 - 25
Avionics News November 2015 - 26
Avionics News November 2015 - 27
Avionics News November 2015 - 28
Avionics News November 2015 - 29
Avionics News November 2015 - 30
Avionics News November 2015 - 31
Avionics News November 2015 - 32
Avionics News November 2015 - 33
Avionics News November 2015 - 34
Avionics News November 2015 - 35
Avionics News November 2015 - 36
Avionics News November 2015 - 37
Avionics News November 2015 - 38
Avionics News November 2015 - 39
Avionics News November 2015 - 40
Avionics News November 2015 - 41
Avionics News November 2015 - 42
Avionics News November 2015 - 43
Avionics News November 2015 - 44
Avionics News November 2015 - 45
Avionics News November 2015 - 46
Avionics News November 2015 - 47
Avionics News November 2015 - 48
Avionics News November 2015 - 49
Avionics News November 2015 - 50
Avionics News November 2015 - 51
Avionics News November 2015 - 52
Avionics News November 2015 - 53
Avionics News November 2015 - 54
Avionics News November 2015 - 55
Avionics News November 2015 - 56
Avionics News November 2015 - 57
Avionics News November 2015 - 58
Avionics News November 2015 - 59
Avionics News November 2015 - 60
Avionics News November 2015 - 61
Avionics News November 2015 - 62
Avionics News November 2015 - 63
Avionics News November 2015 - 64
Avionics News November 2015 - 65
Avionics News November 2015 - 66
Avionics News November 2015 - 67
Avionics News November 2015 - 68
Avionics News November 2015 - 69
Avionics News November 2015 - 70
Avionics News November 2015 - 71
Avionics News November 2015 - 72
Avionics News November 2015 - 73
Avionics News November 2015 - 74
Avionics News November 2015 - 75
Avionics News November 2015 - 76
Avionics News November 2015 - 77
Avionics News November 2015 - 78
Avionics News November 2015 - 79
Avionics News November 2015 - 80
Avionics News November 2015 - Cover3
Avionics News November 2015 - Cover4
https://www.nxtbook.com/allen/avne/59-12
https://www.nxtbook.com/allen/avne/59-11
https://www.nxtbook.com/allen/avne/59-10
https://www.nxtbook.com/allen/avne/59-9
https://www.nxtbook.com/allen/avne/59-8
https://www.nxtbook.com/allen/avne/59-7
https://www.nxtbook.com/allen/avne/59-6
https://www.nxtbook.com/allen/avne/59-5
https://www.nxtbook.com/allen/avne/59-4
https://www.nxtbook.com/allen/avne/59-3
https://www.nxtbook.com/allen/avne/59-2
https://www.nxtbook.com/allen/avne/59-1
http://www.brightcopy.net/allen/avne/58-12
http://www.brightcopy.net/allen/avne/58-11
http://www.brightcopy.net/allen/avne/58-10
http://www.brightcopy.net/allen/avne/58-9
http://www.brightcopy.net/allen/avne/58-8
http://www.brightcopy.net/allen/avne/58-7
http://www.brightcopy.net/allen/avne/58-6
http://www.brightcopy.net/allen/avne/58-5
http://www.brightcopy.net/allen/avne/58-4
http://www.brightcopy.net/allen/avne/58-3
http://www.brightcopy.net/allen/avne/58-2
http://www.brightcopy.net/allen/avne/58-1
http://www.brightcopy.net/allen/avne/57-12
http://www.brightcopy.net/allen/avne/57-11
http://www.brightcopy.net/allen/avne/57-10
http://www.brightcopy.net/allen/avne/57-9
http://www.brightcopy.net/allen/avne/57-8
http://www.brightcopy.net/allen/avne/57-7
http://www.brightcopy.net/allen/avne/57-6
http://www.brightcopy.net/allen/avne/57-5
http://www.brightcopy.net/allen/avne/57-4
http://www.brightcopy.net/allen/avne/57-3
http://www.brightcopy.net/allen/avne/57-2
http://www.brightcopy.net/allen/avne/57-1
http://www.brightcopy.net/allen/avne/56-12
http://www.brightcopy.net/allen/avne/56-11
http://www.brightcopy.net/allen/avne/56-10
http://www.brightcopy.net/allen/avne/56-9
http://www.brightcopy.net/allen/avne/56-8
http://www.brightcopy.net/allen/avne/56-7
http://www.brightcopy.net/allen/avne/56-6
http://www.brightcopy.net/allen/avne/56-5
http://www.brightcopy.net/allen/avne/56-4
http://www.brightcopy.net/allen/avne/56-3
http://www.brightcopy.net/allen/avne/56-2
http://www.brightcopy.net/allen/avne/56-1
http://www.brightcopy.net/allen/avne/55-12
http://www.brightcopy.net/allen/avne/55-11
http://www.brightcopy.net/allen/avne/55-10
http://www.brightcopy.net/allen/avne/55-9
http://www.brightcopy.net/allen/avne/55-8
http://www.brightcopy.net/allen/avne/55-7
http://www.brightcopy.net/allen/avne/55-6
http://www.brightcopy.net/allen/avne/55-5
http://www.brightcopy.net/allen/avne/55-4
http://www.brightcopy.net/allen/avne/55-3
http://www.brightcopy.net/allen/avne/55-02
http://www.brightcopy.net/allen/avne/55-01
http://www.brightcopy.net/allen/avne/54-12
http://www.brightcopy.net/allen/avne/54-11
http://www.brightcopy.net/allen/avne/54-10
http://www.brightcopy.net/allen/avne/54-9
http://www.brightcopy.net/allen/avne/54-8
http://www.brightcopy.net/allen/avne/54-7
http://www.brightcopy.net/allen/avne/54-6
http://www.brightcopy.net/allen/avne/54-5
http://www.brightcopy.net/allen/avne/54-4
http://www.brightcopy.net/allen/avne/54-3
http://www.brightcopy.net/allen/avne/54-2
http://www.brightcopy.net/allen/avne/54-1
http://www.brightcopy.net/allen/avne/53-12
http://www.brightcopy.net/allen/avne/53-11
http://www.brightcopy.net/allen/avne/53-10
http://www.brightcopy.net/allen/avne/53-9
http://www.brightcopy.net/allen/avne/53-8
http://www.brightcopy.net/allen/avne/53-7
http://www.brightcopy.net/allen/avne/53-6
http://www.brightcopy.net/allen/avne/53-5
http://www.brightcopy.net/allen/avne/53-4
http://www.brightcopy.net/allen/avne/53-3
http://www.brightcopy.net/allen/avne/53-2
http://www.brightcopy.net/allen/avne/53-1
http://www.brightcopy.net/allen/avne/52-12
http://www.brightcopy.net/allen/avne/52-11
http://www.brightcopy.net/allen/avne/52-10
http://www.brightcopy.net/allen/avne/52-9
http://www.brightcopy.net/allen/avne/52-8
https://www.nxtbook.com/allen/avne/52-7
https://www.nxtbook.com/allen/avne/52-6
https://www.nxtbook.com/allen/avne/52-5
https://www.nxtbook.com/allen/avne/52-4
https://www.nxtbook.com/allen/avne/52-3
https://www.nxtbook.com/allen/avne/52-2
https://www.nxtbook.com/allen/avne/52-1
https://www.nxtbook.com/allen/avne/51-12
https://www.nxtbook.com/allen/avne/51-11
https://www.nxtbook.com/allen/avne/51-10
https://www.nxtbook.com/allen/avne/51-9
https://www.nxtbook.com/allen/avne/51-8
https://www.nxtbook.com/allen/avne/51-7
https://www.nxtbook.com/allen/avne/51-6
https://www.nxtbook.com/allen/avne/51-5
https://www.nxtbook.com/allen/avne/51-4
https://www.nxtbook.com/allen/avne/51-3
https://www.nxtbook.com/allen/avne/51-2
https://www.nxtbook.com/allen/avne/51-1
https://www.nxtbook.com/allen/avne/50-12
https://www.nxtbook.com/allen/avne/50-11
https://www.nxtbook.com/allen/avne/50-10
https://www.nxtbook.com/allen/avne/50-9
https://www.nxtbook.com/allen/avne/50-8
https://www.nxtbook.com/allen/avne/50-7
https://www.nxtbook.com/allen/avne/50-6
https://www.nxtbook.com/allen/avne/50-5
https://www.nxtbook.com/allen/avne/50-4
https://www.nxtbook.com/allen/avne/50-3
https://www.nxtbook.com/allen/avne/50-2
https://www.nxtbook.com/allen/avne/50-1
https://www.nxtbook.com/allen/avne/49-12
https://www.nxtbook.com/allen/avne/49-11
https://www.nxtbook.com/allen/avne/49-10
https://www.nxtbook.com/allen/avne/49-9
https://www.nxtbook.com/allen/avne/49-8
https://www.nxtbook.com/allen/avne/49-7
https://www.nxtbook.com/allen/avne/49-6
https://www.nxtbook.com/allen/avne/49-5
https://www.nxtbook.com/allen/avne/49-4
https://www.nxtbook.com/allen/avne/49-3
https://www.nxtbook.com/allen/avne/49-2
https://www.nxtbook.com/allen/avne/49-1
https://www.nxtbook.com/allen/avne/48-12
https://www.nxtbook.com/allen/avne/48-11
https://www.nxtbookmedia.com