Securing the E-Enabled Aircraft

Securing the E-Enabled Aircraft

Alex Wilson

Aviation Electronics Europe has just finished in Munich. The show continues to grow and this year was no exception, with some interesting keynotes from EASA and Airline for Europe, A4E. I noticed the UK standing out in Europe (no surprise there) for being having the highest Passenger Tax across all the European countries!

I was presented a couple of papers for Wind River, on FACE™ and Cybersecurity. Wind River VxWorks 653 has now achieved conformance certification to the FACE Technical Standard (see the Blog by Chip Downing), but what does that mean to our customers in the rest of the world? I will post a blog on this subject later in the month.

My presentation on Cybersecurity was part of the track “Data Comms & Cyber Security Perspectives” hosted by Willie Cecil, Aircraft Data and Connectivity Systems Specialist, Uptake, USA. This was led by a great presentation from Marc Mautref, Pilots and Aircraft Connectivity Manager, Air France. Marc covered operational aspects of Cybersecurity, including how they use a Risk Assessment framework to manage the ongoing security aspects of operating aircraft safely.

One example Marc presented is that of electronic flight bags which are now using portable electronic devices in the cockpit, adding a new attack vector to the risk analysis. The risk-management framework can cope with this dynamic environment and changing security perimeter, and in this case results in Air France expecting its suppliers to security certify their EFBs.

This fed well into my presentation, which dived a little deeper into aspects of RTCA DO-326A, DO-355, and DO-356. RTCA DO-356 does cover risk assessment in some detail, and I summarised this as part of the presentation, the diagram I pulled from DO-356 matched very well with Marc Mautref’s presentation for ongoing security:

diagram 1

You can get a copy of my white paper  on our website. One concern for OEMs having to meet these standards is the harmonization between EUROCAE and RTCA documents, mainly in DO-356 and ED-203, which take alternative approaches. Work is ongoing between RTCA and EUROCAE to resolve these differences, but until that completes we may need to look at different approaches depending on the end user.

Philippe Lievin, Rockwell Collins then closed the session with an update on ACARS over IP, and the complexity and challenges that involves. This is especially interesting as in order to benefit from data within the aircraft, we have to consider how we get that data out to our analytics services on the ground, which is the trend we see in the marketplace of moving towards an Industrial Internet of Things.

As we consider the Industrial Internet of Things, we see more and more systems being connected to extract valuable data, and this is no exception with aircraft.  However, as I pointed out in my presentation, these standards exist so that we can maintain the excellent safety record we have in the airline industry, and whilst some aspect of cybersecurity may be business-related, it is imperative that we do not overlook the fact that safety of the aircraft, crew and passengers is the most important factor.