Cybercrime at 10,000 feet and above

As we were updating this article FBI today (29.04.2015) sent a warning to airlines to check for any suspicious activities where passengers are connecting unknown cables or wires to the inflight entertainment, or they have been advised to check inflight system logs frequently for any suspicious behavioural access.

All this action from world top investigative agency stemmed out of an recent event when a security researcher was offloaded a plane on 19^th April 2015 from an United Airlines flight because the airlines thought he could probably hack into the aviation systems and disturb its inflight systems including EICAS (Engine-Indicating and Crew Alerting System), he tweeted something like this, “find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone?  ”

FBI had already seen his tweet and by the time his plane landed after he tweeted the above message he was escorted away and was questioned for few hours, now the point is whether or not he tweeting something as sensitive as aircraft information and claiming to hack is dumb/or was totally unnecessary but, it all points back to one key element here, that is anything and everything with an IP address connected to the all-knowing internet is vulnerable for cybercrime attack.

Airplanes are increasingly fitted with state of the art gadgetry so that passengers wouldn’t be deprived of the earthly connectivity options when they are above 10,000 ft and more. Most American airlines today provide Wi-Fi at a nominal cost and passengers have an option and wide array of choice to stream media, or to connect to internet to update their status on social media like Facebook or Twitter in real time. This combination of entertainment on the usual computer networks and an ever growing ambition to make everything connected might have just put the aircrafts flying above the ground susceptible to attacks by organizations which may have completely sinister motives which would also include threats to a national security and safety of passengers. Though the experts say this is theoretically possible might be difficult to achieve technically as of now.

The security experts also warn that there are weak encryption algorithms or insecure protocols in SATCOM technologies manufactured by some of the world’s largest manufacturers of these equipments who supply the same to airlines to be fitted in those aircrafts.

Technically though inflight systems and aircraft navigation is usually separated there usually will be a network communication which could be potentially breached by would be cyber criminals with advance knowledge of avionics systems and most modern aircrafts today have this combination of passenger systems and in aircraft controls on the same network.

In January 2008, Boeing responded to reports about FAA concerns regarding the protection of the 787’s computer networks from possible intentional or unintentional passenger access by stating that various hardware and software solutions are employed to protect the airplane systems. These included air gaps for the physical separation of the networks, and firewalls for their software separation. These measures prevent data transfer from the passenger internet system to the maintenance or navigation systems.

Aircrafts usually have a device called NED or Network Extension Device, though the way this device handles information is unique in nature, there is a slight possibility that in the future cyber criminals might come up with techniques which could probably bypass security boundaries between passenger network and the in aircraft systems.

As an example the geo position that you see on the entertainment screens comes from this devices where inflight systems transmit position frequently to the screens in front but this is usually one way communication and it has been stated that communication back to aircraft systems may be very difficult to achieve though new techniques might emerge.

This recent incident has only shown that new age technology not only affects the way you would do business on the ground but it could also affect the personal safety of people in today’s modern transport systems or endanger national safety if it falls into wrong hands.

Though the recent findings or warnings have been largely based on theoretical possibilities, Airlines and Aircraft manufacturers now have an increased pressure not only to ensure the in flight systems are safe and time tested but also they would need to imbibe state of the art cyber security controls to keep the Pilot/air traffic control systems safe from falling prey to criminals or terrorist groups.

Walking the distance

Infrastructure management began life as a manually provided support service, with direct access to the equipment, hardware and software. It was critical in the early days of enterprise technology when the entire setup would be delicate to say the least, and any disruptions meant hard work to get the systems up and going.

With development in technology, came remote access to the various components of a technology infrastructure, so much so that almost all issues could be taken care of, with minimum downtime or outage, from a distance.

More recently, this remote management has given away to remote diagnosis, much like medical diagnosis to prevent any issues from coming up. Every piece of software and hardware needed a defined health level, so technical personnel could monitor it according to the base requirements and then if any issues are foreseen, the concerned monitoring engineers are alerted and problems can be prevented in time. 

This proactive monitoring can prevent much larger issues from developing and causing major disruptions.

The natural progression of this path is now proactive monitoring, self-diagnosis as well as auto healing.  The systems have been successfully programmed to do a self diagnosis at specified intervals against specified parameters of health, and then run healing activities. This will help reduce workloads on human resources, while cutting down costs. The basic premise for this auto-healing is that almost all the issues diagnosed in systems are repetitive in nature, so developing tools to take care of these problems can save a lot of resources and cost. Diagnosis, prognosis and treatment- all can be done faster and more cost effectively by the machine itself.

Today we have developed sophisticated tools that self-diagnosis issues and proactively run commands to detect early stages of infrastructure issues, as well as set them right. In fact the market is moving not just towards proactive monitoring, but also towards workload automation, making it a clear differentiator. Self healing tools are fast catching up with the market requirements, and we are reaching a point where almost no human intervention will be required. The speed of recovery recorded for infrastructure bugs is faster than ever before, especially for repetitive faults.

Infrastructure management is no more manpower centric. The path ahead is about integrating this self healing with other devices- mobile devices, security centres and all other applications that will define an efficient auto-healing integrated infrastructure management system.