During the first day of the Global Connected Aircraft Summit's second "Cabin Chats" web series, cybersecurity experts from the European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) came together to discuss risk management and upcoming policy changes for stakeholders across the connected aircraft ecosystem.
Peter Skaves, Advanced Avionics Chief Scientific and Technical Advisor (CSTA) at FAA, said the biggest threat from the standpoint of the FAA is access points via public networks. The FAA’s assessment is that the cybersecurity risks for the e-enabled architecture and infrastructure of the aircraft cannot physically be hacked while flying.
“Every part in the airplane, every software part, has a unique electronic identifier and the only time we can load up these software parts is on a maintenance action when the planes are parked at the gate,” Skaves said. “Once the maintenance action is done, the hardware interlocks are not available for any additional software updates. There is no room for you to come over here and go rogue on these displays or anywhere in the airplane. There is no physical way you can do that.”
In recent years, professional hackers from firms such as IOACTIVE have demonstrated their ability to hack into a commercial airplane's satellite internet modem, although the only such hacking that has been demonstrated impacted passenger mobile devices connected to the in-flight Internet with no ability to affect safety critical avionics systems. During the web-based version of Black Hat 2020 last month, Oxford PhD candidate and cybersecurity researcher James Pavur, demonstrated how his team was able to use about $300 in home television equipment and specialized software to enable "satellite eavesdropping" on in-flight passenger Internet data.
Read More: https://www.aviationtoday.com/2020/09/23/easa-faa-officials-talk-cybersecurity-policy-updates-connected-aircraft-systems/