Aviation industry seeks to strengthen cybersecurity defenses
LE BOURGET, France (WSJ) – Escalating concerns about cyberthreats are prompting the aviation industry to devise an unlikely new safeguard: Realtime warnings to pilots about potential hacking attempts.
Work to develop such systems, which have prompted disagreements between some in the industry, are part of separate efforts by France’s Thales SA, Raytheon Co. and other companies to expand cyber protections for aircraft. Airbus SE and Boeing Co. support the pilot-alerting goal, reflecting a desire to try new things as global threats intensify and evolve.
But interviews at the Paris Air Show showed there isn’t an industry-wide consensus on the concept, a version of which is under development and could start to be tested on some commercial aircraft by late 2018. Large suppliers such as Honeywell International, Inc. and Rockwell Collins, Inc. – which provide cockpit equipment for many airliners-are skeptical about the need for such proposed capabilities.
The debate isn’t likely to affect cybersecurity systems on today’s airliners or even those built in the next few years, though it could impact how the digital cores of future models will be protected.
Proponents of alerting see advanced systems on aircraft as being able to identify attempted or successful cyberintrusions, with the data feeding into artificial intelligence features powerful and adaptable enough to automatically respond to the hazard.
“The conventional ways by which we’ve protected ourselves in cyber may need to change” as threats evolve, said Greg Hyslop, Boeing’s chief technology officer. Allan McArtor, chairman of the Airbus unit that operates in the US, Canada and Latin America, also sees a need for greater industry sophistication in battling potential cyberthreats. “We haven’t been able to make a very convincing argument” to the public about why aircraft are safe from outside intrusion, he said. What is missing, he added, is “a convincing cyberthreat architecture that allows us to be aware of attacks” when they take place, including warnings going directly to the cockpit.
The push for new approaches generally tracks recommendations from an earlier US government-backed study group. The group of experts also concluded that airline vulnerabilities extend to maintenance operations that can allow outsiders to gain unauthorized access to aircraft systems.
In September, the Federal Aviation Administration’s top technical advisory group adopted language seeking to ensure that cybersecurity protections would be incorporated into all future industry standards – affecting everything from aircraft design to flight operations to maintenance practices.
Thales decided years ago that it wasn’t sufficient to merely devise elaborate protections. “We must have some real-time capabilities to detect and respond” if an intrusion is under way, said Thomas Hutin, one of the company’s top cybersecurity officials. He wouldn’t reveal which airline signed up to participate in the testing phase, but the goal is to send a real-time alert and have crew members react based on “a very detailed set of procedures” that they were trained to use.