Satellite communications systems have security vulnerabilities that may allow hackers to gain access to aircraft systems, according to cyber security expert Ruben Santamarta, principal security consultant at IOActive Security Services, speaking at the Black Hat USA conference early last month. Santamarta and IOActive published a white paper that discusses security vulnerabilities in air, sea and land satcom systems, including systems made by Cobham (formerly Thrane & Thrane) and Iridium.
At last week’s Black Hat USA 2014 conference, Ruben Santamarta, the principal security consultant at IOActive Security Services, raised the issue of whether satellite communications systems have security vulnerabilities that might allow hackers to gain access to aircraft systems. Santamarta and IOActive published a white paper that discusses security vulnerabilities in air, sea and land satcom systems. “Today we are disclosing details to help people verify those findings,” Santamarta explained.
While the DOT has made some progress in its information security program, some systems remain vulnerable to significant security threats stemming from deficiencies in policies and procedures, enterprise-level controls, system controls and management of known security weaknesses, according to a recent audit report from the department’s office of the inspector general (IG). The IG made a number of recommendations.
The Flight Safety Foundation (FSF) signed a memorandum of understanding with Mitre on October 31 to collaborate on developing database solutions to emerging aviation safety issues at both the local and regional level around the world.
The American Institute for Aeronautics and Astronautics (AIAA) has expressed concern about the lack of an international agreement on tackling the cybersecurity threat to commercial aviation around the world. The group gave the warning in a new white paper published on August 13 called A Framework for Aviation Cybersecurity.
Rockwell Collins is warning that there are considerable risks that operators run when hooking up various web-based systems, Wi-Fi, satcoms–in fact anything where they are opening up ways for would-be cyber-attackers.
Rockwell Collins is warning that there are considerable risks that operators run when hooking up various web-based systems, Wi-Fi, satcoms–in fact anything where they are opening up ways for would-be cyber-attackers. Steve Timm, the company’s v-p and general manager of Flight Information Solutions, told AIN at EBACE that the main risk arises not when the aircraft is en route, but on the ground.
During World War II, “Loose Lips Sink Ships” was a familiar slogan on both sides of the Atlantic at a time when German U-boats (U for unterwasserboot, submarine) were wreaking a deadly toll on cargo vessels transporting Allied supplies from North America to the beleaguered British Isles.
The U.S. Department of Transportation’s Office of Inspector General (IG) issued a self-initiated report on Dec. 19, 2012, about the FAA’s en route automation modernization (Eram) program’s (flight) information security controls. Unfortunately, the IG did not make the report public online due to security requirements to protect the information crews might care about.
The House of Representatives passed the “Aviation Security Stakeholder Participation Act of 2013” last month, requiring the Transportation Security Administration (TSA) to permanently establish an Aviation Security Advisory Committee (Asac), a government/industry group that collaborates on security policies.
- Page 1