Why are aerospace and defence companies talking about cybersecurity at aviation industry exhibitions, such as the Dubai Airshow? For the same reason that in August, Def Con, one of the world’s largest hacker conventions, discussed aviation: The very nature of aviation makes it vulnerable to hackers.
Every flight checkpoint − from pre-flight preparations, to take-off, to landing − now takes place on an interconnected web of systems. For commercial air travel, this digital network is even bigger, encompassing baggage security, passenger ticketing and in-flight entertainment. As we’ve learnt, when everything is connected, everything is vulnerable.
This means cybersecurity needs to be part of the conversation any time aerospace leaders come together, whether they’re discussing a business deal or attending an international air show. For example, both military and commercial aircraft depend on GPS data and radio signals to know where they are in relation to other planes in the air.
This could be particularly vulnerable when military and commercial airfields share infrastructure and airspace. At Def Con this year, attendees, acting with permission from the US Air Force, were able to successfully hack into a military jet, identifying a number of cybersecurity vulnerabilities in the process.
Need to be a part
By compromising a system, adversaries could interfere with aircraft operations, or tamper with performance data, which could throw off maintenance schedules and even cause long-term damage to costly aircraft. With a topic as broad as cybersecurity, it can be hard knowing where to start the conversation. Here are three topics aerospace leaders should discuss:
Cyber Standards: The industry currently lacks a universal set of baseline cyber standards across the world’s tens of thousands of unique airlines and airfields. For example, planes fly into different locations with different sets of cyber standards, and crews vary from airfield to airfield.
Regulatory agencies such as the Federal Aviation Administration and International Civil Aviation Organization have formed working groups to address this gap, but in the meantime, industry leaders should prioritise discussions about how best to coordinate.
Funding: Making older planes and airports more resistant to cyberattacks comes at a cost that can compete with other maintenance needs. Investing in cybersecurity solutions, such as systems that can tell crews if its plane has been hacked, needs to be part of the funding discussion on par with upgraded engines, radar systems and terminals.
Systems Engineering: Because of the growing attack surface, cyber needs to be part of any discussion involving the military or commercial aviation ecosystem. Cybersecurity should be automatically baked into the systems engineering for every product. This ensures cybersecurity and an analysis of the benefits versus the risks are taken into consideration early and are not an afterthought.
The bottom-line is that increased connectivity will benefit the entire aviation ecosystem. But as other industries have learnt, those connections also introduce risk. Cybersecurity needs to be a priority — and there’s no better place to discuss it than at an air show.
Thomas A. Kennedy is Chairman and CEO at Raytheon.