What are the best-practices for securing your aircraft cabin connectivity? Are you doing all you can to deter potential hackers? Dave Higdon seeks out advice from Gogo Business Aviation's Brian Wilson on how to minimize the risks…
What are the best-practices for securing your aircraft cabin connectivity? Are you doing all you can to deter hackers? Dave Higdon seeks out advice from the industry…
A fence provides a measure of security against casual encroachments of a property. An alarm system dissuades the more active intruder. In the world of digital software and hardware, digital firewalls provide protection from potential usurpers.
As aviation grows ever deeper into the realm of computers, aircraft need protections that are common in the computer; walls that are created to protect sensitive hardware and software from digital invasion. Hardware firewalls, software firewalls, and other protective measures exist to wall-off the sensitive areas from the dangers of uninvited incursions.
Yet in today's wireless age Business Aviation operators sometimes fail to fully tend to their walls, making their on-board internet systems open to encroachment.
Some once held the belief that flying at high speeds with miles of separation from the ground somehow insulated their digital systems from the threat of digital invasion. But, as proven on multiple occasions recently, neither near-Mach flying speeds or 10 miles of altitude provide reliable protection from a dedicated hacker.
The best defenses against external threats to aircraft in-flight connectivity comes in the form of a strong offense; utilization of the best-practices for self-protection measures in and around your aircraft’s in-flight internet and entertainment systems. Following is some industry advice…
Security: Only as Good as Your Use Habits
In reality, no system guarantees complete protection against the creative hacker, noted Brian Wilson, Director, Key Accounts, with Gogo Business Aviation, a leading provider of in-flight connectivity solutions and services. “We receive many inquiries about data security. Corporations want assurance that their data is safe,” Wilson qualifies.
As an Internet Service Provider (ISP) in its own right, Gogo takes the importance of network security very seriously. “Our data is encrypted and supported by two redundant data centers on the ground. The data (from the ground networks) is then encrypted to and from the aircraft,” he details.
But beyond the ground- and satellite-based systems and the security measures ISPs take on their end, responsibility for system security ultimately falls to the owner, operator and crews maintaining and flying the aircraft.
Consistent protection requires consistent use of the available tools and technologies, along with some best practices.
Together these tools and steps offer protection from the majority of incursions.
Internet Security ‘On-The-Go’
One significant challenge for business aircraft operators with in-flight internet systems, however, stems from the very thing that appeals to operators: The aircraft’s mobility, in flight and (especially) when back on the ground.
As vexing as it sounds, however, information technology professionals employ many tools and tricks to protect airborne systems from the unwanted intrusions and active assaults. Most will sound familiar to anyone who worked through the same issues that challenge office systems.
One potential source of an incursion into aircraft systems appears when maintenance or flight crew update their avionics software using wireless gateways available at their home base and many FBOs.
This potential opening arises as avionics OEMs seek to improve their users' ability to update the avionics software anywhere a connection is available.
For some packages the wireless gateways on-board and at FBOs provides the ideal solution – eliminating the potential for a traveling pilot to miss a database update that could be waiting in the office mailbox.
Many avionics systems allow the person performing the update to download the latest software to an Electronic Flight Bag (EFB), other tablet or smartphone before using another wireless transfer in the cockpit to upload the update directly into the avionics stack. In both cases the security of passwords and IDs provide the main protection against errant hackers or accidental incursions into the supposedly secure avionics.
These types of threats also plague the in-flight internet system used for cabin connectivity, and those supplying in-flight entertainment (IFE) to that cabin.
Prevention as a Cure
Gogo's Brian Wilson offered a number of suggestions to help secure the aircraft’s in-flight networks. One user-choice option for an extra layer of security is commonly used by ground networks: the Virtual Private Network (VPN).
“We urge the usage of VPNs,” offers Wilson. “That extra layer of protection can be the difference between a successful hack and a failed attempt. But VPNs are not without their own issues. They do absorb additional bandwidth – but they also offer an enhanced layer of security.”
Indeed, as networks become more robust and their throughput speeds increase the downsides of VPNs are reduced.
Aircraft users can help their cause by avoiding the use of open networks. “The internet is part of our daily lives and free Wi-Fi is available at coffee shops, restaurants, airports and hotels,” Wilson observes. “Any time someone uses an ‘open’ Wi-Fi connection, they (and their device) are subject to infiltration and hacking of their data.
“Aircraft that have Wi-Fi on board should absolutely use a password for a log-in,” Wilson stresses. “Many do not!”
The lack of a password to access a network is comparable to leaving a bank vault or retail store open. It is, according to a variety of internet security experts, “an invitation to steal data”.
“It's like leaving a sign proclaiming ‘we’re open, take whatever you want’,” according to one avionics technician whose job it is to update aircraft avionics and in-flight internet systems. “We change passwords no less than with every chart update, and as often as weekly.”
The Risks are Everywhere
The threat when on the ground seems obvious, Wilson notes. “In the case of an aircraft sitting at an FBO and parked next to the terminal it is possible that someone sitting in the lobby can connect to the system - particularly a system lacking suitable firewall or password protections.
“One option is for the crew to have a Wi-Fi on/off switch in the cockpit to control such activities.” If power is cut, there's no running system to hack.
But hacks can also occur in-flight. The smartest hackers may know how to crack satellite-based systems to connect to aircraft in-flight. Alternatively, an aircraft flying within a few hundred feet of an unprotected aircraft could theoretically hack into the unprotected system.
The surest solutions to protecting system integrity remain the complex password systems, VPNs, and the powering-off of the airborne network at the terminal.
Best practices touted by aircraft electronics users include aligning updates of EFB software and navigation software (both generally every 28 days) with updating operating software for the in-flight internet systems. As for changing passwords for access, the challenge for some operations will grow out of the necessity of secure distribution of the password update to the crews who need to know.
Of course, if you’re uncomfortable with waiting four weeks to change passwords, weekly changes seem a common step that can keep airborne systems secure for years on end.