Tag Archives: Security

Top 5 Aircraft eEnablement Gotcha’s

Thinking of buying an A380 or Boeing Dreamliner, here’s 5 gotcha’s to consider before you’ll be ready to fly:

(1) IT Security
eEnabled aircraft IT security must be the first priority for any airline as newer eEnabled aircraft introduce a new level of security that could easily impact an aircraft’s or possibly a fleets operation if not implemented correctly.

Air-framer’s are working together within various industry groups and with Regulatory bodies to provide guidance to airlines, but guidance is all they can give as every airline has different infrastructures and systems for operations and it is accepted that eEnablement security is the sole responsibility of any operating airline.

 All airline’s experience daily attempts to breach their security infrastructure’s, eEnabled aircraft will be targets too, unfortunately a successful attack would have a disastrous impact on an airlines brand.

New processes and procedures for new eEnabled aircraft have to run  side by side with existing that serve legacy fleets. Take LSAP software updates for example, this is carried out by a mandatory process implementing PKI security. If an airline is new to PKI (CA, certificates etc), this could take a considerable time to implement, in particular the processes for supporting PKI (administration), if these processes are not secure and effective, this will interfere with the aircrafts successful operation and possibly become an air worthiness issue.

It’s important to understand that eEnabled aircraft are nodes on an airlines ground based IT network and should be considered as a potential security risk to the airlines overall IT operations.

Consider this possible scenario of how an IT security incident could impact the airlines operation:

A virus has been detected on-board an eEnabled aircraft computer (say the IFE server), an airline will have to mitigate this risk and this will not be easy …. the following must be addressed to successfully rectify the incident:

(a) Determine how long the computer been infected

(b) Determine where the virus was introduced

(c) Determine if any ground based hardware systems have been infected.

(d) Determine if the virus has infected other eEnabled aircraft fleet(s).

(e) Have any customer devices been infected.

(g) What will be the impact to the airlines brand!!

Dealing with this type of scenario as you can see could be extremely difficult, especially if the airline has a large eEnabled fleet.

Security is the No1 priority and should be at the forefront of any airlines eEnabled strategy.

(2) Integration
Integration of aircraft with back office systems has been carried out for many years, via ‘SneakerNet’, an affectionate name for walking up to the aircraft with a USB stick or CD.

However eEnabled aircraft are a totally new challenge, they produce considerably more data than any previous aircraft fleet and this data is intended to help airlines diagnosis and become more proactive in detecting problems.

eEnabled aircraft need to integrate with an airlines back office system(s) and integration is an area that airframers have chosen to approach independently, creating a complicated support infrastructure for airlines who operate different eEnabled aircraft fleets (eg A380, B787,A350), couple this with airframers having different approaches to the uploading or downloading of aircraft data, inevitably the overall eEnablement operation will be more complicated/costly to maintain and support.

WiFi (Gatelink) can be adopted to integrate aircraft to an airlines wider network. However this could be a major headache as its impossible to guarantee signal strength at an airport, there is far too much noise in what is a busy environment, movement of aircraft etc. At best an airline can expect 2-3 Mb per min and the reality is there could be a number of large files to upload and download, from an operation perspective eating into the aircrafts turn around time.

WiMax is a more appropriate robust industry solution, however this has not been taken up widely by airports and would take considerable investment to introduce.

Airlines need to consider how they implement an Integration strategy to get a maximum return on their eenabled aircraft investment.

(3) Collaboration

Introducing an eEnabled fleet into any airline will impact how individual internal departments collaborate.

Collaboration is a required to operate these aircraft successful. Engineering, Flight Ops, IT, Security etc. all have independent interests in aircraft eEnablement. Within some airlines this may be difficult to overcome, combining departmental processes for eEnabled fleet(s) and maintaining existing legacy aircraft operations may require a leap of faith for departments who may lose a level of control.

One of the dangers of poor collaboration is that problems are resolved independently, adding overall cost and complication to an airlines operation. For different departments, it would very easily become too problematic, to the extent that only processes required to satisfy their regulatory and mandatory processes for operation are implemented.

Airlines must collaborate within their own departments to maximise their return on investment.

(4) Skills
Investment in employee skills is absolutely critical, eEnablement is new and its important to understand that a new type of hybrid employee is required. An employee that is experienced with an airlines maintenance, operation and has IT administration skills. This hybrid employee would need to support a 24/7, 365 day operation, producing what could be a significant skill gap to fill. For larger airlines possibly dual roles may be required to support the operation.
Flight crews also need to be trained on the use of new on-board applications such as EFB, techlog, moving maps, electronic documents etc. If an airline has chosen to purchase different eEnabled aircraft fleets, this will lead to independent training requirements and make the maintenance, recording and operation even more complicated.

New skills are required and airlines must invest in training.

(5) Operation
To reach true eEnablement new processes are required that manage an airline’s eEnablement strategy. When considering an IT infrastructure, there’s a strong argument to start small and grow as the eEnabled fleet grows, walk before running is an approach to consider.

Business continuity must be a considered as there are many possible ways for an eEnablement operation to be impacted (see virus scenario above), without good backup processes it might not be possible for the aircraft to operate efficiently and if mandatory processes are not robust this may impact an aircraft’s air worthiness.

Operation of an airlines legacy fleet(s) have to be maintained so old robust processes need to sit side by side with the new eEnabled operation adding more complexity to the overall airline operation.

Having good robust processes are the only way an airline will realise a true eEnablement operation.

Related Links

Advertisements

1 Comment

Filed under Airbus, Aircraft, Aviation, Boeing

eEnabled Aircraft So Whats the Difference

An eEnabled aircraft is an aircraft that has one or more IT networks on board and requires a connection to a ground based network for its operation.

Both the A380 and B787 are classed as eEnabled aircraft and their respective airframers have heralded that eEnabled aircraft will provide opportunities for airlines to operate aircraft more effectively.

For this to become a reality, the main airline challenge is the successful uploading/downloading of aircraft information. This has to be carried out securely and with the confidence that information will be delivered without any external interference.

Consider the diagram’s below, traditionally aircraft security was contained physically on board with no major external interfaces. With the introduction of eEnabled aircraft, you can see this has opened up multiple channel’s of communications with several external IT networks, each having their own independent IT security.

This slideshow requires JavaScript.

IT Security and infrastructure are key to the successful operation of these new aircraft and for the first time, the regulatory meaning of  ‘Airworthiness’ now includes the IT networks involved in the servicing of the aircraft.

Assume one of these eEnabled channels had been proven to be weak. Potentially, because IT Security is only as strong as its weakest link, we could assume all communication channels had been compromised.

Airframers have put a lot of effort considering these types of scenarios and provde tools to protect the aircraft.  Airlines however have to consider not just the successful operation of new eEnabled aircraft but the wider protection of their existing IT network operations.

Related Links

Leave a comment

Filed under Aviation

Did A Software Virus Contribute To Fatal Air Crash

Preliminary investigation into the 2008 crash of Spanair Flight 5022, released in August 2009 by the U.S. National Transportation Safety Board, states that the probable cause of the crash was the flight crew’s failure to ensure that the plane’s flaps and slats were extended for takeoff.

Its early days to be sure but from what is leaking out in the media ( Spanish newspaper El Pais) it being reported that malware may have been a contributed to the accident.

An internal Spanair report indicated that a central computer system used to monitor aircraft problems had been infected with malware, according to El Pais. The infected computer system, located at the airline’s HQ in Palma de Mallorca, failed to detect several technical problems with the airplane.

In a previous article ‘A Case For Aircraft Security’ I emphasised the importance of IT Security in the operation of modern aircraft. If the final investigation due later this year in December confirms that a trojan was a contributor to the accident it will draw attention to the more advanced software systems being used in the operation of the Boeing 787 and Airbus A380.

When it comes to ‘IT/Aircraft Security’ airlines are ultimately responsible and this event will have airlines around the world re-evaluating their operational processes. For those airlines flying or have orders for the B787 or A380 they must focus on this tragic event, even if malware took little or no part in the accident the fact that it is being considered, highlights what is possible as aircraft evolve into mobile ‘IT networks’.

Leave a comment

Filed under Aviation

A Case For Aircraft Security

Comments on Connectivity crossover and the case for cockpit security’ do highlight an interesting debate on the subject of security for the new generation of eEnabled aircraft.

This is not the first discussion on the subject, as since the FAA Special Conditions No. 25-356-SC and 25-357-SC were published in Jan 08 a number of interesting debates have been triggered.

I have observed the many issues in this area for a number of years and here are some of my personal opinions.

With major airlines worldwide investing in a variety of IFE and connectivity solutions, keeping an ever-increasing techno aware passenger informed and entertained, is an important requirement for operators.

Retro- fitting of new IFE systems has been carried out successfully for many years … but todays newer IFE systems are introducing for the first time TCP/IP connectivity as an integral part of the aircraft and for airlines this introduced a new set of security risks and challenges.

Since the successful first flight of the 787 Dec 2009 and previous entry into service of the A380, Airline operational focus switched to the challenge of the new safe operation of eEnabled aircraft fleets, in particular Connectivity, Integration and Security. Airlines needed to understand the wider operational challenges of eEnablement.

One of the most obvious new challenges of eEnablement is the exposure of an airlines existing (in some cases substantial) ground based back office IT systems to what is essentially a hostile Aircraft environment.

Protecting both aircraft and ground based networks, became a operational requirement and airline operators of eEnabled Aircraft needed to be satisfied they had an appropriate IT architecture in place.

Companies with global business interests issue employees with network ready devices for connecting to back office systems from any worldwide location. They consider each other as hostile until successful authentication has been achieved.

Today’s eEnabled aircraft have the same requirement, but with one major exception, connected passenger devices could not be successfully authenticated and could never be trusted. Yet they will be connected to the operators onboard networks via WiFi, USB, RJ-45 etc. which in turn will have connections to the Airlines operational systems.

Airframer’s such as Airbus and Boeing are aware of the connectivity issues and have solutions to help control the different connectivity options. However given the potential complexity of an Airlines back office systems and operational processes, they do point out that integration and security are the operators responsibility and that any weakness may impact on an aircrafts airworthiness.

It is accepted by the aviation industry individuals and groups exist who have subversive agendas. These individuals (see diag) could be onboard the aircraft, at the airport, in fact, practically any location globally.

Q – Will the aircraft become a target for attack
A – Absolutely, the challenge exists. Airline security solutions will be tested.

Q – What if an attack succeeded.
A – Without doubt the impact to an Airlines safety and security would be brought into question and could subsequently impact the airlines Brand.

Q – Should IT networks be physically isolated onboard eEnabled aircraft.
A – Yes, this would help Airlines manage Connectivity, Integration and minimise the overall risk to the aircraft Security.

1 Comment

Filed under Aviation