E-enabled aircraft are more digital, software-intensive, and connected than ever before, creating new opportunities for operators to improve their services. A major benefit of this advanced connectivity is several technological advances such as internet protocol (IP) connectivity: the ability to move data to and from the aircraft without the use of standard storage media. The types of data transmitted can range from customer profiles, in-flight entertainment (IFE) content, navigation, and aircraft health monitoring details.
Before IP connectivity—which Bobby Anderson, vice president and general manager of aviation product at Rosslyn, Virginia-based Shift5, says significantly transformed the landscape of avionics—aircraft designs primarily used ARINC 429, ARINC 629, or Military Standard (MIL-STD) data buses to connect flight-critical avionics systems.
“However, IP connectivity offers clear advantages like speed and weight savings,” Anderson says. “This technological shift is evident in both new aircraft designs and post-delivery modifications.”
Advanced connectivity has also created new cybersecurity vulnerabilities that may open access to onboard aircraft systems, which may put aircraft safety at risk.
“The use of advanced connectivity can expose aircraft systems to various threats, intentional or otherwise, leading to detrimental effects on system performance,” Anderson says. “These threats could result in reduced performance, denial of service, or even criminal activity.”
Preserving the security of critical data affecting aircraft airworthiness, the FAA and EASA require aircraft network security programs (ANSP). A comprehensive ANSP mitigates risk to onboard network security, off-airport supporting infrastructure like corporate offices, and everything in between, to include wired and wireless connectivity.
John Schramm, managing partner at SeaTec Consulting in Atlanta, says governing bodies, standards, bodies, aircraft manufacturers and operators including RTCA, EUROCAA, FAA, EASA, A4A (as ATA), Boeing, Airbus, SAE, ARINC and airlines are all involved in defining aviation cybersecurity standards.
ANSPs are informed by multiple sets of industry guidance. Anderson explains that on the regulatory side, the U.S. Federal Aviation Administration’s Advisory Circular 119-1 requires airlines and operators to manage aircraft logs. “Original equipment manufacturers (OEMs) like Boeing have their own set of documentation, the ANSOG, while international standards such as the DO-326A/ED-202A provide frameworks for operators to achieve compliance,” Anderson says.
Kent Horton, senior consultant at SeaTec also cites these two key international standards—the DO-326A/ED-202A Airworthiness Security Process Specification and DO-355A/ED-204A Information Security Guidance for Continued Airworthiness—saying together they form a much-needed framework for how operators ensure compliance with the security aspects of continuing airworthiness. With the introduction of DO-355A, which is what the Boeing ANSOG Rev A heavily references, Aircraft Network Security Program (ANSP) is now Aircraft Information Security Program, or AISP.
“It’s a subtle naming distinction, but the ramifications are substantial for operators who now have a requirement to have operations specifications approval related to their Aircraft Information Security Program,” Horton adds. “The scope of AISP extends beyond the aircraft to the ground support information system (GSIS), traditional ground support equipment (GSE), training, qualifications of personnel, risk assessment capability, policies and procedures, procedural and technical controls, etc.”
Aircraft systems and technologies are proprietary to OEMs. Schramm says many of the traditional tools and methods such as encryption, public key infrastructure, and digital signature authentication are used. “COTS [commercial off the shelf] software, such as SeaTec’s ANC application, are used by aircraft operators to comply with their obligations for security log collection, monitoring, and cyber threat analysis.”
While Anderson claims there are solutions capable of supporting parts of ANSP compliance by gaining access to aircraft data logs for IT components, he cautions operators still lack the ability to efficiently ingest, visualize, and make decisions based on the security logs being generated by certain avionics.
“As a result, we’ve seen some major air carriers working to build their own ANSP solutions in-house,” Anderson says. “This, however, is a significant resource demand. Building an ANSP solution to ingest and analyze all related aircraft security logs is expensive, time-consuming, and requires a large staff of talented aviation-specific cyber engineers that are incredibly difficult to find today.”
Shift5’s compliance module is the only OEM-agnostic platform that ingests, analyzes, and reports anomalies in core network security log files automatically. It can apply operator- and OEM-provided rulesets for analysis of aircraft log files, identify and assess anomalies caused by human errors or malicious intent, and prioritize events using its proprietary machine learning models based on the MITRE ATT&CK Framework.
Even legacy aircraft can be retrofitted with ANSP and AISP. Horton explains that modern systems and equipment can be retrofitted on older aircraft, even those built without e-enabling in mind.
“There are two workstreams,” Horton says. “One is to design cybersecurity features into the equipment to be installed and networked. It is virtually impossible to retrofit cybersecurity after a system has been installed because of how tightly the software, hardware, and aircraft infrastructure are integrated. [The second] is to establish the policy, processes, and tools. These will be designed by each operator in parallel with the equipment design/installation and establish the mechanisms for managing, analyzing, reporting, and escalating/acting on cybersecurity data findings.”
But Anderson explains an aircraft can’t be retrofitted with an ANSP, since the program refers to a set of steps and practices to gain observability and decision-making power based on access to onboard security logs. Rather, retrofitted, e-enabled aircraft must meet ANSP guidelines. If a legacy aircraft is retrofitted with certain connectivity hardware, it is considered e-enabled and must be included in an airline’s ANSP program.
Current fleets are a blend of legacy, retrofitted, and new aircraft. Over the next decade, Anderson predicts we will see airlines continuing to fly legacy aircraft that must stay in service longer, all while airlines keep up with the pace of technology innovation and demand. “Those legacy aircraft will be retrofitted, and over the next ten years, we’ll see a wave of need for increased ANSP compliance by the airlines.”
