What really concerns those who work on the hardware that keeps business jet cockpits and cabins connected to satellite streams of information in flight? Hackers. Some might be simply curious as to what kind of information is making the round-trip between the airplane and its ground-based information servers. Others may have more nefarious intent, however.
“You need more than just firewalls, anti-virus and data encryption when you are dealing with airborne data streams,” explained Chad Cundiff, president of Astronautics Corporation of America (Booth C13547). The company brought its Nexis connectivity hardware to NBAA 2015 and is ready to demonstrate its security architecture, which is designed with three D’s in mind.
“We want to deter attacks by hackers, defend against them and–very important–we want to detect if an attack is happening,” he added.
The Nexis system takes a multilayered approach to keep airborne systems protected. “We run two different, hardened avionics-grade operating systems on our Nexis server and our Patio router, which makes it more difficult to hack the system. We then restrict access to the Patio router to only those devices with known MAC addresses that are properly credentialed. Finally, we demand the portable device users log in with those credentials, and if they log in with the wrong credentials three times, the system will refuse the device and send a message to the pilots that there is a problem device trying to get on the network,” Cundiff explained.
Most important, though, the system also watches the data stream both inbound to the airplane and outbound to the satellite, looking for anomalies that could be an attack in progress. It logs the anomalies and presents alerts to the pilots that help them make threat-assessment decisions.
“Today there are security best practices, and we follow those, but there is no rulemaking pertaining to airborne connectivity security,” Cundiff told AIN. “We are positioning to be at the forefront in both the military and commercial airborne technologies surrounding connectivity and security by participating in the ongoing Aircraft Systems Information Security Protection (ASISP) working group,” he explained. The working group expects to issue security recommendations in the third quarter of 2016 after a series of seven face-to-face meetings of its 21 voting members.
In the meantime, Cundiff is confident that his company’s Nexis system is ready for the security challenges of a tough, new connected world.
