When a hacker last year claimed to have tapped into an airliner’s entertainment system and then wormed his way into the flight control system, the major avionics companies were quick to internally debunk the claim, but they were less outspoken in public. That’s because the bourgeoning number of federated boxes that are increasingly common in connected cockpits are outside their direct control.
“No one wants to comment,” says Scott Zogg, Rockwell Collins’ newly appointed chief security officer. “We can say the probability is very low but can’t say it’s impossible. We could test a particular configuration of an aircraft with our equipment, and it could never happen. But with a different configuration?”
The seeds of doubt have governments and the aviation industry scrambling to find and fix any cybersecurity holes and hacking vulnerabilities within the ever more digital fleets of commercial and business aircraft.

Credit: Danil Melekhin/istockphoto


While digital safety guidance has been built into new aircraft through “special conditions,” the industry is developing more comprehensive safety nets to more broadly protect the increasing number of data transactions taking place on aircraft in flight and on the ground. These interactions include database updates and maintenance downloads.
A key junction for data — and hence a prime focus for cybersecurity — is the routers, or system servers, that connect various data buses and enable wireless communications with tablets.
“The ‘special conditions’ worry about any security threat that affects flight safety,” says Dan Johnson, an engineering fellow and cybersecurity expert at Honeywell Aerospace. “We within Honeywell are also worried about business considerations, dispatch, maintenance, economic and privacy concerns.” Companies are also integrating what previously tended to be dispersed pockets of cyber expertise into enterprise-wide operations.
Johnson and representatives from government and other avionics companies over the past few years have developed, largely through the Radio Technical Commission for Aeronautics (RTCA), standards and information security processes and certification guidance for airframers, operators and maintainers. Honeywell is now “making sure we integrate that guidance into all of our own integral processes,” says Johnson. “Pretty much all of our new avionics products are going to include security considerations that come from that guidance.”
The FAA by next year will likely codify the special conditions and cybersecurity best practices in a new rule, based in part on recommendations from an aviation rule-making committee, called Aircraft Systems Information Security and Protection (ASISP), that it launched last year. The ASISP is expected to issue a final report later this year, identifying needed cybersecurity measures.
Honeywell set up a cybersecurity lab about three years ago, says Johnson, staffed by approximately a dozen engineers who “borrow resources” from “a few hundred” engineers working in the company’s industrial side where cyber threats exist on a much larger scale. “These are guys who are looking at how people are trying to hack, for example, into thermostat systems,” he says. “They have a lot more incident reporting than we do, as they’re currently exposed to a level that we are not. We’re using them to sort of prepare ourselves.”
Meanwhile, Thales Avionics has significant cyber experience through its financial arm, which manages 80% of financial transactions worldwide. The company says it has more than 1,500 cyber experts working in 50 countries in both the civil and military markets.
“We’re already a key partner of aircraft manufacturers and regulatory authorities, helping them to assure that system safety and security requirements are being implemented,” says Bruno Nouzille, the company’s technical director. “Cybersecurity protections are already built into our critical systems.” Along with an information technology (IT) security evaluation lab, the company has its own computer emergency response team.
Late 2015 marked a seismic change in how Rockwell Collins views cyber. That was when it launched a Cybersecurity Council with Zogg as the chairman. His role is to create “common governance” that pulls together technologies and best practices across the company’s physical and IT security sectors.
Zogg says the council, which began meeting in January, will first define the “state of cybersecurity” within Rockwell Collins, and determine “the most critical things to take on.” The company has an analysis and testing lab staffed with a team of 18 engineers, split between cybersecurity and IT expertise. The group is studying potential vulnerabilities across the Rockwell Collins’ networks and government systems enterprises and products.

The basic elements of a layered, partitioned, cyber-secure connectivity system. Credit: Astronautics Corp. of America


To assess vulnerability, cyber experts explore “attack surfaces” — any connections, or interfaces, to an aircraft where an intruder could enter and corrupt data. In testing, Wi-Fi-enabled routers are blasted with “negative” or bogus data to see if any “lock up,” signaling a programming flaw that hackers might be able to exploit to gain entry. “They may not end up going where they first thought, but they may get somewhere else,” explains Don Kearney, senior security engineering manager running Rockwell Collins’ cyber lab.
Astronautics Corporation of America is considering setting up what officials say would be a first of its kind facility: a combined flight simulation and cybersecurity research lab at its Milwaukee headquarters. “We’re starting to look at scenarios, architectures and the ability to hack,” says Chad Cundiff, Astronautics president. “Hackathon-type stuff.”
Cybersecure design has three key principles, called the three Ds: Deter, Defend and Detect.
“Deter” can mean making a system architecturally difficult to hack. Cundiff says typical avionics data buses are somewhat protected because there is no physical port to plug into. However, there are federated boxes built by various companies typically tied to a bus that might provide a way into the system.
“Defend” can mean restricting access to “trusted people” or requiring a certain proximity to the operation.
Rockwell Collins last year was testing a method of wirelessly connecting an iPad to a cockpit avionics suite. In it, the pilot first connected the iPad to a secure wireless network in the cockpit. A personal identification number (PIN) code popped up in a dialogue box on a cockpit display. The pilot entered the PIN, touched a “join” button on the iPad and once “authenticated,” could then upload a flight plan or download cockpit data for applications on the iPad. “Unless you’re physically on the flight deck, you won’t know what that code is,” explained Geoffrey Shapiro, senior human factors engineer at the Advanced Technology Center.
Astronautics is in the process of certifying a new device called Patio (Personal electronic device and tablet input/out), positioned between portable electronics and Astronautics’ newest server, the Nexis flight intelligence system. “A tablet almost by definition is a corrupted device,” says Cundiff. “If you want to authenticate it, then you want an extra layer of security to make sure that tablet can’t get through and access the aircraft systems.” Patio is a secondary processor (the server is the primary) that validates the device trying to gain entry
The last of the three Ds, “Detect,” is key since hackers believe that with enough time and money, there’s nothing that can’t be hacked. Cundiff says one tool for detection is to monitor data going across the bus. “It’s like watching a river,” he explains. “You can see when a river changes course and then you say — that’s unusual, maybe I’ve been hacked. If you can detect it, then maybe you can alert and shut things down, but you can also find the vulnerability to intercept.”
As such, a critical element of cybersecure avionics is data logging of potential intrusions. The action is called for in FAA special conditions and will ultimately be included in the cyber rule expected next year. Johnson says Honeywell, along with others, is researching ways to improve intrusion monitors.
So, certain defenses against digital system intrusion are already in place, and reinforcements are on the way to strengthen aircraft against hackers.
“Architecturally it’s hard to hack” today’s aircraft, says Astronautics’ Cundiff. But he quickly adds, “Is it impossible? Heck no.”