Rockwell Collins is warning that there are considerable risks that operators run when hooking up various web-based systems, Wi-Fi, satcoms–in fact anything where they are opening up ways for would-be cyber-attackers.
According to Steve Timm, v-p and general manager of Flight Information Solutions at the U.S. company (Booth 423), the main risk arises not when the aircraft is en route, but on the ground. He added that since acquiring Air Routing in 2010 and CTA FOS in 2011, Rockwell Collins has paid a great deal of attention to security in integrating the products into what are now marketed as Ascend and FOS, respectively.
Timm said that operators using online services are “essentially outsourcing to systems located outside their firewall.” He added, “With our Ascend system you are logging in to one supplier rather than two or three.” Meanwhile the amount of data going to and from aircraft systems is increasing exponentially, and the number of servers and routers is also increasing with interfaces to avionics, IFE and comms boxes.
Timm believes that press reports of things “as serious as flight management systems being hacked into” are not just scare stories, and that the threat is real. In fact he recognizes that many customers already require Rockwell Collins to demonstrate security capabilities, but the company has turned that around by creating a checklist for potential clients, which can then be used by auditors if necessary. “We have customers that require independent audits of our security methodologies such as with mobile tethering,” he said. “We’ve even had some that have tried to hack into our system…sometimes they don’t even tell us they are doing it. We didn’t see [that sort of thing] five years ago.” He added that nobody has yet successfully breached Rockwell Collins’s cyber-defenses.
Rockwell Collins can also draw on experience in air transport developing the core network for aircraft such as the Boeing 787 and Airbus A350. “These are cutting edge in terms of security,” Timm told AIN. “We scaled this for business aircraft to create ‘confident security,’ and we extended it into ground systems for flight planning, maintenance, weather, etc.” Of course, as Timm pointed out, business aviation clientele are particularly sensitive to their privacy–as the aircraft registration number blocking issue in the U.S. has demonstrated. “There is a lot of concern about aircraft and passport information,” he said. “You’re only as strong as your weakest link and people need to ensure that once they plug in there is intrusion protection, a firewall, and also data protection, backups and a disaster recovery plan.” Timm said that Rockwell Collins can only give absolute assurances about its own Ascend system. For other connections, Rockwell Collins advises that clients need to take these steps in the rest of their operation, and there are companies that can help with that.
“We will see security become a discriminator [between services] as people realize the vulnerabilities. It’s the moat around the castle,” concluded Timm.