As aerospace engineers continue to introduce new, advanced technology to aviation, cyber threats become more prevalent than ever. Historically, the sector of aerospace has been slow to adopt mainstream cybersecurity measures; however, with the recent surge of and 530% rise in cybersecurity attacks between 2019 and 2020 [1], it has become increasingly important for aerospace engineers to work with cybersecurity experts when implementing novel technology into sectors like aviation. This blog post highlights the importance of cybersecurity in aerospace engineering, drawing from insights from the Aerospace Corporation and the American Institute of Aeronautics and Astronautics (AIAA). Just like how we need to protect our precious devices and digital accounts from viruses, the misuse of personal information, and the potential loss of money from hackers, it is imperative that aerospace engineers start to incorporate cybersecurity into planes, rockets, and other crafts to ensure safety.
The Complex Landscape of Aerospace Cybersecurity
The aviation and aerospace industries are complex with numerous stakeholders, including airlines, and airports; therefore aerospace engineers must collaborate with cybersecurity specialists to reduce the risks of cyber threats as digital interconnectivity increases with the aerospace sector. Moreover, unlike other sectors where financial losses are the primary concern, cyber incidents in aerospace can disrupt operations, compromise safety, and damage many important reputations.
With these realizations in mind, The need for robust cybersecurity measures in aerospace is more urgent than ever before. To put the dangers of potential cyber attacks on spacecraft and aircraft into perspective, satellite constellations, for example, are vulnerable to hacking attempts that could shut them down, deny user access, or jam their signals. Such disruptions could severely impact critical infrastructure dependent on these satellites, such as electric grids, water systems, and transportation networks.
Strengthening Cyber Regulation
Luckily, in response to the growing threats, the International Civil Aviation Organization (ICAO) adopted Assembly Resolution A40-10, emphasizing the urgent need to protect civil aviation infrastructure and data. Additionally, in Europe, the European Union Aviation Safety Agency (EASA) introduced a new cyber regulation, Part-IS, which EASA aims to integrate into nearly all existing aviation safety regulations by 2025. These regulations mandate aviation stakeholders to manage cyber risks through certified information security management systems. Furthermore, many national aviation organizations must comply with their respective cybersecurity standards, particularly for critical systems.
Continuous Innovation in Cybersecurity
Aerospace is continually evolving its research to address the complex threat environment, leveraging its extensive knowledge of space and ground systems. Moreover, The Aerospace Corporation and AIAA are at the forefront of cybersecurity innovation as they focus on a multitude of factors when it comes to protecting elements in the aerospace industry. Key areas of focus include:
- Static and Dynamic Analysis: Analyzing mission customer software using both static and dynamic analysis.
- Industrial Control Systems (ICS) and Operational Technology (OT): Assessing their impact on missions.
- Threat-Informed Assessments: Ensuring assessments include real attacker tactics, techniques, and procedures in simulations.
Aerospace’s Cybersecurity Subdivision (CSS) adopts a comprehensive approach to assess and test the cyber resiliency of ground systems and networks. Specifically, CSS focuses on all segments of the space architecture, using threat-informed tactics and technical analysis techniques to identify weaknesses and vulnerabilities. Key areas of focus include:
- Intrusion Detection and Prevention Systems: Deployed both on the ground and on space vehicles.
- Supply Chain Risk Management: Managing risks throughout the supply chain.
- Code Analysis: Conducting binary and source code analysis, root of trust, and trusted boot.
CSS operates various cyber research labs across Aerospace, equipped to emulate all segments of space architecture, including spacecraft telemetry simulators and flat sats for realistic test scenarios. The full cyber range can simulate various attack scenarios, demonstrating both offensive and defensive space cyber capabilities.
Space Cyber Software, Tools, and Continuous Integration
Aerospace employs both static and dynamic analysis techniques against custom mission software, utilizing a variety of tools (commercial, open-source, and internally developed). Indeed, this comprehensive approach helps uncover non-compliances, exploitable product versions, and complex vulnerabilities. The technical disciplines covered include:
- Static Code Analysis
- Binary Analysis
- Origin Analysis/Software Component Analysis
- Vulnerability Analysis
- Dynamic Analysis/Fuzzing
Aerospace promotes the DevSecOps culture, which has proven effective in rapidly iterating capabilities and adapting to changing environments. Furthermore, aerospace’s framework helps organizations implement DevSecOps effectively while adhering to compliance standards.
Prototypes and Cyber Assessments
The Cyber Assessments and Research Department (CARD) develops forward-thinking cyber assessment strategies and capabilities for critical space missions. Notable prototypes and proof of concepts include the Atomic Automated Red-Team Operations Workbench (AROW), which automates assessments using a library of known Tactics, Techniques, and Procedures (TTPs) as well as custom, mission-specific TTPs.
Case Study: Hack-A-Sat
In spring 2020, over 6,000 competitors from around the world participated in a Hack-A-Sat event, competing to hack satellites in a series of challenges. Eight teams reached the final phase at DEF CON 28, where they worked through five challenges with a $100,000 prize purse at stake[3]. The Aerospace Corporation played a significant role in this event, advancing cybersecurity research for space systems. In addition to the Hack-A-Sat challenge, Aerospace presented research on countering command link intrusion cyberattacks and denial-of-service attacks against spacecraft using high-fidelity space system simulators.
Community Engagement and Education
The AIAA has taken significant steps to address cybersecurity needs, including hosting events, technical talks, and commissioning a Cybersecurity Market Study. This study has guided AIAA’s efforts and highlighted the community’s strong interest in cybersecurity measures. AIAA’s focus on cybersecurity is driven by its members and the broader aerospace community. In 2020, AIAA members who comprise the Aerospace Cybersecurity Steering Committee have been the driving force behind AIAA’s increased focus on this topic.
Conclusion
As the aerospace sector continues to evolve, so must its approach to cybersecurity. By leveraging cutting-edge research, fostering innovation, and engaging with the community, organizations like the Aerospace Corporation and AIAA are leading the charge to ensure robust cybersecurity measures are in place. This commitment ensures that the industry can protect its momentum and innovations while meeting new cybersecurity requirements and addressing emerging threats. The aerospace community must continue to prioritize cybersecurity, integrating it into every aspect of aerospace engineering, from design and development to manufacturing and operations.
About AIAA
The American Institute of Aeronautics and Astronautics (AIAA) is the world’s largest aerospace technical society, bringing together industry, academia, and government to advance engineering and science in aviation, space, and defense.
Credits:
[1]“Cybersecurity in Aerospace.” Thales Group, www.thalesgroup.com/en/markets/aerospace/air-traffic-management/cybersecurity-aerospace.
[2]“Software Cybersecurity | the Aerospace Corporation.” Aerospace.org, aerospace.org/software-cybersecurity. Accessed 15 July 2024.
[3]AEROSPACE CYBERSECURITY: ENDURING CHALLENGES ENDURING SOLUTIONS BRINGING CYBER PROTECTION to the HEART of the AEROSPACE INDUSTRY.
.ೃ࿐