Pilots Ill-equipped for Cockpit Cyberattacks, Says Oxford Team

 - March 3, 2020, 9:17 AM

Flight crew should be trained to respond to cyber threats in the modern cockpit, according to a new research paper exploring pilot reaction to attacks on their avionics systems' safety equipment. A team of Oxford University-led cyber experts found that despite professional pilots’ extensive training in fault handling, such expertise often does not fully equip them to help recognize and manage these attacks.

The team invited 30 Airbus A320 type-rated professional pilots to fly simulator scenarios that subjected them to wireless attacks on three safety-related systems: traffic collision avoidance system (TCAS), ground proximity warning system (GPWS), and the instrument landing system (ILS) using software-defined radio technology. All three attack scenarios caused disruption through missed approaches, avoidance maneuvers, and diversions. Increased workload and distrust in the system led to at least a third of the pilots switching off each of the safety systems.

The most important issue revealed by this study is that some of the attacks the team attempted would require only a basic software-defined radio costing around $3,000 plus $1,200 for an amplifier and omnidirectional antenna, which is less expensive than the directional antenna used in the tests.

The research team found that an attack of the TCAS system most concerning for the pilots.

Under that scenario, the team mounted a powerful attack using $10,000 worth of equipment, including a directional antenna to simulate 10 false intruder aircraft alerts when the aircraft flew above 2,000 feet. The alerts triggered multiple traffic advisories (TA) and resolution advisories (RA), which significantly affected situational awareness. The majority of pilots felt forced to reduce the sensitivity of the TCAS and, in some cases, switch it off completely.

“Many participants stated that this response was a tradeoff between the additional workload of responding to TAs and RAs if the system is left on against the loss of full use of TCAS if it is switched off. They also felt that the additional workload was too great,” the team reported.

In follow-up interviews, the majority of the pilots reckoned they would benefit from simulator training to develop cyber-attack readiness. “The fact that the scenarios lie in procedural grey areas and do not have a series of steps to resolve them provides an ideal opportunity for training,” said the researchers, who agreed with the pilots when they cautioned against negative training that would recommend ignoring or distrusting systems alerts.

“Finding a balance between awareness and negative training is important to fully prepare pilots for attack scenarios,” said Matt Smith, a system security research associate at Oxford University’s department of computer science. “Ultimately, there should be little difference in how a fault and an attack is handled on the flight deck as both impinge on the function of the aircraft. As our results show, existing fault-handling procedure often gets pilots part-way to managing attacks, so additional training can extend these procedures to cover cases where attack effects deviate from failures.”