A Personal View Expressed by Nico Voorbach

In January 2016 I went from being an active airline pilot to becoming the Civil Air Navigation Services Organisation (CANSO) representative of ICAO for the Air Navigation Service Providers (ANSPs). This led me to consider aspects of aviation security that had not, as a pilot, previously been at the forefront of my concerns. In particular, one of the fastest growing threats facing the industry is that of cybersecurity. As the technology we implement becomes more sophisticated, so too does the threat from people with malicious intent. Using our own systems against us, these people are capable of disrupting airports, airline operations and even aircraft mid-flight. Although this threat is not only against aviation, the aviation industry has to make it a higher priority.

Air Traffic Management (ATM) is changing rapidly. The industry already makes great use of information and communication technology, but continuing innovation and greater cost-efficiencies are required while initiatives like SESAR and NextGen promote the spread of network-based technologies and integrated approaches. The planned introduction of System-Wide Information Management (SWIM) will see even greater exchanges of data, with the various systems becoming more closely integrated. There are clear operational benefits to these developments but also risks in the form of greater security vulnerabilities. Cybersecurity threats range from simple acts of digital vandalism to major cyberattacks. ATM must tackle cybersecurity by assessing the vulnerability of processes, assets and, particularly, IT infrastructure to criminal activities and attacks, whether these involve staff or outside parties. The wide range of potential cyber-threats and the integrated nature of modern ATM demand a holistic approach and the involvement of all ATM stakeholders.

What concerns ANSPs the most is the vulnerability of the IT systems that control the ever-growing traffic around the world. We rely on technology to safely manage flights and keep aircraft separated from each other. Around the world institutions and government agencies are looking into the problem, but a viable global solution is still distant. Upgrades in technologies over the last 20 to 30 years were introduced when cyber-threats were not a major issue, resulting in open and non-encrypted data transfers.

SWIM will be based on Service Oriented Architecture and open and standard mainstream technologies meaning it will be vulnerable to all kind of interferences. Prior to full implementation, we need to ensure it is secure enough to maintain the integrity of the system.

ADS-B (Automatic Dependent Surveillance – Broadcast), is a surveillance technology in which an aircraft determines its position via satellite navigation and periodically broadcasts it, enabling it to be tracked. Information can be received by ATC ground stations as a replacement for secondary radar. It can also be received by other aircraft to provide situational awareness and allow self-separation via TCAS (Traffic Collision Avoidance System). However, ADS-B is also a non-encrypted data link. It has been shown that it is possible to project virtual aircrafts via ‘spoofing’. Although one extra target on a radar screen might not be a problem, multiple false targets might create a safety hazard. How does an air traffic controller react when his radar screen is filled with virtual targets? How do pilots react when their TCAS system reacts to virtual aircraft?

Another security risk of ADS-B is that anyone who has an ADS-B receiver can see the current position of any ADS-B equipped aircraft. Internet sites like Flightradar24 and FlightAware are already making this information public. For terrorists this makes it easier to attack a specific aircraft or airline by use of MANPADS (Man Portable Air Defense Systems), RPG’s (Rocket Propelled Grenades), lasers or other weapons.

CPDLC (Controller–Pilot Data Link Communications) is a method by which air traffic controllers can communicate with pilots over a datalink system. This system is also not encrypted. Air traffic controllers and pilots must have a way to ensure the information they receive is legitimate. When this was introduced within the Maastricht Upper Area Control Centre, it was decided that the pilot had to acknowledge any changes in the flight path by voice communication before taking action. This takes away one of the benefits of the system: less voice communication.

In the last ICAO 39th Triennial Assembly, a resolution was adopted regarding cyber-threats. ‘WP/17, Addressing Cyber Security in Civil Aviation’ stated: ‘International civil aviation is highly reliant on the availability of information and communication technology (ICT) systems, as well as on the accuracy and confidentiality of data, in order to operate efficiently, safely and securely. The protection and resilience of aviation systems against cyber-attacks can only be progressed through a collaborative, harmonised and global approach involving the collective expertise of aviation security, air navigation, ICT security and other relevant communities.’ This is fully aligned with the proposal of the Industry High Action Group (IHLG) comprised of ICAO, ACI, CANSO, IATA and the International Coordinating Council of Aerospace Industry Associations (established in 2013). The IHLG determined that cybersecurity in civil aviation was a high priority horizontal issue requiring aligned and coordinated actions by all relevant stakeholders. The resolution aims to address cybersecurity in civil aviation through a horizontal, cross cutting and functional approach. The objectives are to reaffirm the importance and urgency of protecting civil aviation’s critical infrastructure systems and data against cyber-attacks and obtain global commitment to action by ICAO, its member states and industry stakeholders, with a view to collaboratively and systemically addressing cybersecurity in civil aviation and mitigating the associated threats and risks.

The ICAO secretariat, in cooperation with member states, industry stakeholders and experts, is preparing a way forward to be presented during the next ICAO AVSECP (Aviation Security Panel) meeting to be held in Montreal (30 May-2 June 2017). But what can we do until solutions are found? One of the most important things is to be able to recognise interferences with the system. So awareness training for all users, pilots, air traffic controllers, and airline operators is essential. Training should focus on mitigation, recognition and understanding of the threat. We can’t expect a solution to all vulnerabilities within the coming years but we have to know what the threat is and how to respond.

Cybersecurity is not only an aviation problem. It is part of daily life, from the hacking of home computers and phones to attacks on global banking systems. The difference with aviation is that a hacker can jeopardise the physical, as well as the virtual, security of the aviation system.

Nico Voorbach
Nico Voorbach