With Ref to Doc ICAO 12-WP/122

ICAO – International Civil Aviation Organization

WHY ?

• Cyber security is an issue because many civil aviation organizations rely on electronic systems for critical parts of their operations, including safety-critical functions. The protection of electronic systems from malicious electronic attack (unlawful interference) and the means of dealing with the consequences of such attacks is encompassed by the term cyber security. It comprises managerial, operational and technical activities, and relates to the electronic systems themselves and to the information held and processed by such systems. Cyber security is also often referred to as information security, and while the two terms are not synonymous they are similar enough that the differences can be ignored in this context.

Currently cyber security is a relatively minor issue in civil aviation, but this is changing. Although the adoption of new technology is an ongoing activity in civil aviation, the current pace and extent of new information technologies is notably increasing the risk from cyber attacks. This is due to a number of factors:

• There is an increased reliance on a small number of technologies, such as Linux, Windows, IPv6 protocols and Ethernet (AFDX), and these technologies are widely used in the IT industry

• As a result there is widespread understanding of these technologies, and of their weaknesses and vulnerabilities

• Systems are becoming more interconnected and security lapses in one system are likely to affect others

•There is greater impact from systems failures due to increased reliance on them.

• Over and above these factors, there is the potential for unforeseen systematic problems due to weaknesses in oversight. This is mainly due to a lack of coherence between the many groups working on cyber security, and a lack of expertise and understanding amongst those who might provide the coherence. Some knowledge of these problems exists within the industry, but knowledge of the big picture is more limited.

• ICAO estimates that US$120 billion will be spent on the transformation of air transportationsystems in the next ten to fifteen years. Thistransformation will bring significant benefitsfor safety, efficiency and the environment. Stakeholders, including service providers, regulators, airspace users and manufacturers, will face increased levels of interaction as new, modernized ATM operations are implemented. Security issues related to the transformation of the aviation system are coming into view, issues that will require closer collaboration among experts in safety and security disciplines. As the agenda for AN-Conf/12 states, security matters should be considered in the system changes that lie ahead.

NextGen – Next Generation Air Transportation System

The Next Generation Air Transportation System (NextGen) is the name given to a new National Airspace System due for implementation across the United States in stages between 2012 and 2025.

The Next Generation Air Transportation System (NextGen) proposes to transform America’s air traffic control system from an aging ground-based system to a satellite-based system.

GPS technology will be used to shorten routes, save time and fuel, reduce traffic delays, increase capacity, and permit controllers to monitor and manage aircraft with greater safety margins.

Technologies Involved

Elements within NextGenAutomatic dependent surveillance-broadcast(ADS-

B). ADS-B will use Global Positioning System (GPS) satellite signals to provide air traffic controllers and pilots with much more accurate information that will help to keep aircraft safely separated in the sky and on runways. Aircraft transponders receive GPS signals and use them to determine the aircraft's precise position in the sky. These and other data are then broadcast to other aircraft and air traffic control. Once fully established, both pilots and air traffic controllers will, for the first time, see the same real-time display of air traffic, substantially improving safety.

• Next Generation Data Communications Current communications between aircrew and air traffic control, and between air traffic controllers, are largely realised through voice communications. Initially, the introduction of data communications will provide an additional means of two-way communication for air traffic control clearances, instructions, advisories, flight crew requests and reports. With the majority of aircraft data link equipped, the exchange of routine controller-pilot messages and clearances via data link will enable controllers to handle more traffic. This will improve air traffic controller productivity, enhancing capacity and safety.

• Next Generation Network Enabled Weather (NNEW) Seventy percent of NAS delays are attributed to weather every year. The goal of NNEW is to cut weather-related delays at least in half. Tens of thousands of global weather observations and sensor reports from ground-, airborne- and space-based sources will fuse into a single national weather information system, updated in real time. NNEW will provide a common weather picture across the national airspace system, and enable better air transportation decision making.

• System Wide Information Management (SWIM). SWIM will provide a single infrastructure and information management system to deliver data to many users and applications. By reducing the number and types of interfaces and systems, SWIM will reduce data redundancy and better facilitate multi-user information sharing. SWIM will also enable new modes of decision making as information is more easily accessed.

• NAS voice switch (NVS). There are currently seventeen different voice switching systems in the NAS, some in use for more than twenty years. NVS will replace these systems with a single air/ground and ground/ground voice communications system.

Brief Working ADS-B

SSR Transponder (Secondary Surveillance Radar)

Incidents and VulnerabilitiesIn late 2009, Newark Liberty International airport experienced sporadic outages of the GPS Ground Based Augmentation System (GBAS), used for precision approach landing, were observed for several weeks. Though not a directed cyber security attack, this event shows the potential impact that could occur in a jamming scenario. The ground station, located approximately 300 feet away from the New Jersey Turnpike experienced signal interference every day about the same time. After an investigation, the FAA discovered the cause of the outage: a passing truck driver on the turnpike using a widely available $33 personal GPS jammer to avoid being tracked by the employer.

An extract from the media in July 2012: “At a recent conference Dr. Andrei Costin gave an unnerving demonstration of weaknesses in the air traffic control systems coming into use. He showed that with just $2 000 worth of store-bought electronics an ADS-B beacon could be ‘spoofed’ to show that a non-existent aircraft was coming in to land. This ‘Ghost Plane’ presentation was possible because air traffic control systems have no way of verifying where messages are coming from”

Since ADS-B is supposed to support mission-criticalautomatic and human decisions, and have direct impact onthe overall air-traffic safety, it is imperative that technologybehind ADS-B meets operational, performance and securityrequirements.However, the main problem with ADS-B is the lacksecurity mechanisms, specifically:• lack of entity authentication to protect against messageinjection from unauthorized entities.• lack of message signatures or authentication codes toprotect against tampering of messages or impersonatingaircrafts.• lack of message encryption to protect against eavesdropping.• lack of challenge-response mechanisms to protectagainst replay attacks.• lack of ephemeral identifiers to protect against privacytracking attacks. We did not include Denial of service (DoS), e.g., byjamming radio signals, because it affects RF-based communicationin general, and is not specific to ADS-B.

Threats ADS-BJamming, denial of serviceEavesdroppingSpoofing, impersonationMessage injection/replayMessage manipulation

There have been incidents involving crashes or tail strikes when flight crew have made errors in calculating take-off performance parameters using electronic flight bags (EFBs). These were the result of human error, but there is the potential for the EFB programming to be corrupted maliciously (hacked), particularly when these devices are connected to external networks to receive updates.

Conclusion & Recommendation

recognize the risks in the current situation and the potential for future problems

create a Cyber Security Task Force (CSTF) to evaluate the extent of the problem and draw up a global cyber security architecture, which includes contributions from industry

Cont..encourage states to provide the Aeronautical

Communications Panel (ACP) with the resources to complete its work in developing a robust, secure aeronautical telecommunication network (ATN) using IPV6 as a foundational part of the next generation air traffic management systems

encourage States and industry to contribute to the work of the CSTF to ensure aircraft can interoperate with air navigation service providers (ANSPs) around the globe.

Thank You !!!