GAO Warns FAA of Hacking Threat To Airliners 78
chicksdaddy writes: A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing to address cyber security vulnerabilities that could allow remote attacks on avionics systems needed to keep the plane airborne. In a report issued Tuesday (PDF), the GAO said, "significant security-control weaknesses remain that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems.
The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.
Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that "unauthorized individuals might access and compromise aircraft avionics systems," in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin.
Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called "air gapping" the networks. At last year's Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Re: (Score:2)
Hey I can't wait for the giant "McAfee certified" stickers on the sides of planes. Watch out for the "My Clean 747" ones though...
Re: (Score:3)
Hey I can't wait for the giant "McAfee certified" stickers on the sides of planes. Watch out for the "My Clean 747" ones though...
Well, it wouldn't be the first time McAfee crashed something.
Of Course It Is (Score:5, Insightful)
Re: (Score:2)
Re:Of Course It Is (Score:5, Informative)
Look, don't be so jaded about the aircraft industry... They are not the ones the GAO is going after...
This is about the FAA and the regulations they enforce when certifying aircraft are safe to fly, not about Boeing's CEO making more money or shareholders getting their profits by cutting safety corners. Where it MIGHT be a political issue, where Boeing hires lobbyists to try and get the rules the FAA enforces changed, it's not directly related to cutting corners for profits.
Of course the GAO is right, sort of.. The possibility exists for someone to hack the flight controls from the entertainment systems if they are connected in some way. However, if the systems are properly designed and firewalled and the software properly vetted, I believe that you can eliminate the chances of having a successful attack vector. The problem though is how to write regulations that can assure something doesn't get overlooked and how you could prove that to the GAO so they will get off the FAA's back...
Re:Of Course It Is (Score:5, Interesting)
However, if the systems are properly designed and firewalled and the software properly vetted, I believe that you can eliminate the chances of having a successful attack vector. The problem though is how to write regulations that can assure something doesn't get overlooked and how you could prove that to the GAO so they will get off the FAA's back...
Lots of companies have gotten hacked through their properly designed and firewalled network -- every software product (even firewalls) has security holes. The only sure way to isolate the avionics from the passenger network is to air gap it. Don't rely on a firewall - I really can't believe that an airgapped network is not standard practice.
Re:Of Course It Is (Score:5, Insightful)
However, if the systems are properly designed and firewalled and the software properly vetted, I believe that you can eliminate the chances of having a successful attack vector. The problem though is how to write regulations that can assure something doesn't get overlooked and how you could prove that to the GAO so they will get off the FAA's back...
Lots of companies have gotten hacked through their properly designed and firewalled network -- every software product (even firewalls) has security holes. The only sure way to isolate the avionics from the passenger network is to air gap it. Don't rely on a firewall - I really can't believe that an airgapped network is not standard practice.
Not exactly true. IF you have fully defined all the possible traffic that goes though your firewall, down to the exact bytes you allow though and what you don't, you can write effective filters and verify that nothing else gets though, then you can have confidence that your firewall will work as expected. But this implies that your firewall does full packet inspection all the way up though the application layer. You CAN do that, it's just a lot of work to specify and verify everything to that much detail.
The problem for most commercial firewalls that are used in corporate networks is that you simply cannot fully define what you allow though and what you don't. Even if you could define that well enough, no firewall could do the necessary processing to dive deep into the packet content and filter out all possible exploits as it would take too much processing power and time. It's just not practical do it at this level.
However, if you have tight controls on your avionics interfaces (and they do) and can construct a safe way to supply the information needed, there are very safe ways to avoid hacking yet have connections. It's a pain to do, and even a bigger pain to verify you actually did it, but it's possible.
Re: (Score:2)
There are ways to do formal proofs of correctness, but nobody outside of NASA does it, and it leads to a cost per LOC that's at least 100x what COTS software costs so there's no way that airlines would go for it, it's cheaper to require that the systems be airgapped.
Re: (Score:2)
Um, excuse me but the systems are not air gapped at this time and are currently flying.
The cost to validate avionics packages already has a lot of effort built into the NRE. There is a LOT of stuff to validate and prove to the FAA you did right or you don't get your type certification for the aircraft. No type certification, no flying it commercially, no airline will buy the aircraft and you go broke, so manufacturers don't skimp on this part.
So, obviously it's not cheaper or they'd have done it already
Re: (Score:2)
Don't rely on a firewall - I really can't believe that an airgapped network is not standard practice.
Where have you seen anything that says it isn't? The GAO is warning about something that might happen if ... The "demonstrated hack" of the 'satellite communications' wasn't the avionics, it was the satellite system used for WiFi and inflight video.
It's not like Die Hard and Scorpion show you. Really.
Re: (Score:3)
This is about the FAA and the regulations they enforce when certifying aircraft are safe to fly, not about
Um, no.
As is the case libertarians make, regulations should be a measure of last resort, when corporations have proven to be too incompetent to address a problem themselves, and require the gentle guiding hand of government to urge them to get their shit together.
If anything, regulations set a standard of a bare minimum, which isn't exactly what you want in this age of TSA gropings, omnibus metadata collection, and meddling government at 40,000 feet in the air.
If libertarian arguments are to be believed, th
Re: (Score:2)
This is about the FAA and the regulations they enforce when certifying aircraft are safe to fly, not about
Um, no,.
Garbage clipped...
From the fine article you didn't read....
A report from the Government Accountability Office (GAO) warns that the U.S. Federal Aviation Administration may be failing...
So what was this about again? The GAO going after the FAA....
Re: (Score:3)
A bit slow on the uptake, ain't 'cha?
In the grand scheme of things, who is responsible for passenger safety? Is it the GAO? Is it the FAA? Is it aircraft manufacturers who design inflight entertainment systems? Is it the airlines that purchase said systems?
Yes.
Re: (Score:2)
A bit slow on the uptake, ain't 'cha?
In the grand scheme of things, who is responsible for passenger safety? Is it the GAO? Is it the FAA? Is it aircraft manufacturers who design inflight entertainment systems? Is it the airlines that purchase said systems?
Yes.
GAO? They have no mandate that says they are responsible for aircraft safety, their mandate is about accountability (if you believe their name).
But the point I'm trying to make (and you seem to be missing) is that this report is about the FAA's regulations and the GAO's opinions that say they don't do enough for safety in aviation, specifically as the regulations address the connections between passenger accessible systems and the flight controls.
IMHO the GAO's position is crap and is based on network se
Re: (Score:2)
" They are not the ones the GAO is going after...
This is about the FAA and the regulations they enforce when certifying aircraft are safe to fly, not about Boeing's CEO making more money or shareholders getting their profits by cutting safety corners. "
The GAO is not going after the aircraft industry merely because their charter does not permit them to directly go after the aircraft industry.
Nothing is preventing the aircraft industry from meeting these safety concerns ahead of any regulation... except the
Re: (Score:2)
IMHO the GAO is patently wrong about this. Where I share the concern that the FAA's regulations may be lacking, I don't believe that any type certifications the FAA has issued for any aircraft include any significant risk like the ones the GAO is concerned about.
This was discussed in great detail with the certification of the 787 which has extensive and intermingled networks that includes the in-flight entertainment systems which are passenger accessible as well as the flight controls (fly by wire) networ
Re: Of Course It Is (Score:5, Interesting)
There are reasons they get connected. Many times the in-flight entertainment systems need to know things like the position, speed, altitude and heading to perform their assigned tasks. You want the entertainment system to be turned off below 10,000 feet AGL, or if you want the system to supply your customers a graphic that gives the position, speed, heading and accurate ETA then you need to get that information from the flight management system. I can imagine that it might be important to change how the data systems connect to the internet based on where the aircraft is (choosing the cheaper data path when it is in range) or use that data connection to report maintenance information to the airline's mechanics.
There are plenty of reasons the flight controls might not be totally air gapped from the in-flight entertainment systems.
Re: (Score:3)
You can do that one-way though. The old 'data diode' approach. IIRC, the FAA was annoyed at Boeing precisely because the 787 really did not separate the essential flight control bus from the non essential parts. Boeing engineers disagreed and it was more of a philosophical difference than anything else.
The plane manufacturers aren't stupid. They understand the risks and tradeoffs. Whether or not the FCC really needs to get involved in that is, again, philosophical.
And to the trolls that want to bring o
Re: (Score:3)
There are reasons they get connected. Many times the in-flight entertainment systems need to know things like the position, speed, altitude and heading to perform their assigned tasks. You want the entertainment system to be turned off below 10,000 feet AGL, or if you want the system to supply your customers a graphic that gives the position, speed, heading and accurate ETA then you need to get that information from the flight management system. I can imagine that it might be important to change how the data systems connect to the internet based on where the aircraft is (choosing the cheaper data path when it is in range) or use that data connection to report maintenance information to the airline's mechanics.
There are plenty of reasons the flight controls might not be totally air gapped from the in-flight entertainment systems.
RS-232 with the the RX wire clipped on the avionics side would be a good way to pass that information in a one-way direction. Or just use a dedicated GPS receiver for the entertainment system.
Re: (Score:2)
Yes, and you can bet they do stuff like this. I've seen situations where a single fiber connection just sends Ethernet packets in the blind to do stuff like this over a one way network connection (where the RX fiber is never connected and the firmware just ignores the link status).
These are not "air gapped" but entirely safe from hacking attempts...
Re: (Score:1)
That seems like a reasonable assumption, but that's exactly what it is: an assumption.
What you don't know you don't know can disappear an entire Malaysian airlines flight.
Re: (Score:2)
Because every example you just posted could be completed with a 4 ounces and $20 of electronics or less.
Re: (Score:2)
Because every example you just posted could be completed with a 4 ounces and $20 of electronics or less.
This is aircraft parts we are talking about you know, they are hugely expensive. There isn't ANYTHING that draws electrical power and costs $20 on an airplane. Not to mention that the wiring, connectors, and lacing alone would be more than 4 ounces.
I once knew an FBO where I flew private aircraft that got caught using automobile parts (a voltage regulator I believe) on one of their aircraft. It was exactly the same in every way to the aircraft part, likely they came from the same assembly line, but the ai
Re: (Score:2)
Wouldn't you rather play a nice game of chess?
Re: (Score:2)
You don't understand the new libertarian ethos in Congress. Rules and regs stifle creativity. Oversight can be safely left in industry hands. Rand Paul and his fellow travelers are honored to be associated with lax oversight.
Re: (Score:3)
it wouldn't even be on their top 100 list of things to be worried about. Probably not even on their top 100 list of things to be worried about while flying.
100. How many martinis can I drink on this flight?
99. Gin or Vodka?
98. Will Sheila in St. Petersburg still talk to after that incident with the plushie?
97. Why am I waiting so long for my snacks!?!?
96. Will Monsanto quit fucking around and donate to my campaign, I voted down that amendment just like they said!
95. Is that hot new staffer single?
94. Why does my wife still insist on vacationing in Cancun?
Re: (Score:2)
Pilots will always be needed (Score:5, Interesting)
This is why the idea of remote overrides of pilot controls is a particularly BAD idea.
A trained, qualified pilot must always have last resort authority, over any automated system and preferably even over any "assisted" system, whether it be fly by wire, hydraulic, etc. If control can be taken out of his or her hands remotely, because someone (or something) on the ground doesn't agree with the pilot's judgement, I guarantee we'll see more disasters, not fewer.
The instances where intentional pilot misconduct or hijacking occur are few, but notorious. But the instances where human pilots in the cockpit handle minor emergencies that could easily have turned into deadly ones occur regularly and we seldom hear about most of them.
Case in point: Do you think an autopilot on the ground could have heard a stowaway baggage handler?
Re: (Score:2)
But self-driving cars? Those are just fine! Maybe if Google made self-flying planes for taking aerial photos on Earth first, all the mindless geeks would be all for it?
old news (Score:1)
Avoincs design is already robust. (Score:2, Informative)
TLDR: The current systems are already very good, but it wouldn't be bad to look at it also from a malicious perspective.
TFS is misleading. The airworthiness criteria currently do not address "hacking" or "malicious data." However, airworthiness criteria do require input validation on all inputs to all flight safety avionics systems. They also require continuous internal consistency checks, to protect from code changes, and strict segregation between all software on a processos and continuous validation of t
Wisdom follows, pay attention! (Score:5, Informative)
Hello,
Here is some crushed FUD for thought:
- As long as pilots are in the cockpit, they can pull circuit breakers and then it's game over for Stuxnet worm or whatever e-threat. For example in the Airbus A-320 there are 3 or 4 (3 digital +1 analogue) flight control computers, depending on how old or new make the plane is. Their juice can be denied by breakers on the cockpit overhead panel, one-by-one. This is how the logic works:
- When all 3 digital flight computers run and agree about the situation, it is "normal law": pilot moves joystick, computers decide if it is both absolutely safe and comfortable to do so and when affirmative, execute the manouver.
- When only 2 computers run or 1 cpu has been voted out by the majority, it is "alternate law": pilot moves joystick, computers decide if it is reasonably safe to do so and if yes, execute the manouver (maximum pax comfort be damned and alpha floor stall protection is partially lost).
- When only 1 computer runs, it is "direct law": pilot moves joystick and the computer forwards the instruction to electro-hydraulic actuators, to execute the manouver in a brain-dead manner.
(Passanger comfort be damned and for safety, hope that the pilots are skilled and talented aviators who will keep the plane flying. That is not always a given for the younger generation, e.g. the button-pushers who crashed the AF flight 447. On the other hand, computer circuit breaker pulling, until reaching "direct law" was the very method which Lufthansa pilots followed for rescue when the speedometer of their A-320 froze up and confused computers wanted to send the plane into a never-ending descent under "normal law".)
- When 0 digital computers remain running (e.g. giant EMP from a nuke or nearby supernova) pilots would have somewhat limited tools remaining on the newer model year Airbus-320 planes, such as:
The foot pedals (rudder) are still mechanically connected with steel rope and pulley to the rudder sail in the tail, allowing turn to the left and right.
The trim-wheel is also mechanicall connected to the little adjustment tabs on the horizontal flying tail, allowing limited control of descent and climb.
Jet engines' power can also be controlled manually to allow for descend/climb and near-idle before landing (but without FADEC computerized help the pilots must be careful not to wreck the turbines with sudden moves on the thrust levers)
All this is a very tricky situation, therefore much drilled in flight simulator training!
- Unlike the Airbus A-320, the Boeing's B-737 is not fly-by-wire, as it is derived from an early 1960s design and big fleet customers, like Ryanair are outright banning Boeing from any innovation, not willing to spend a penny on pilot re-training!
This legacy-mania is how Helios airlines' B737 crashed: the pressurization to give breathable air at high altitude is completely under manual control on B-737 and activation is often forgotten. By the time the warning siren sounds at over 3000 meters altitude, pilots can be too mountain-sick to react properly in time and faint. A hungarian Malev airlines B-737 almost crashed under eerily similar circumstances a few years ago, so Helios was not a unique occurance. The landing gear is similarly full manual operation, that's how the polish wrecked a B-767 last year. Yet large fleet customers ban Boeing from improving ergonomy and foolproof-ness, not wanting to spend on any pilot re-training.
If it weren't for Airbus, Boeing would still be making airplanes with "swiss watch filled cockpit dashboards" because they carry a lot of legacy and the existing customer base / operators are very resistant to any change that would mandate personnel re-training. Glass cockpit (LCD screen) displays, electronic flight controls are all thanks to Airbus in the world of civilian aviation and Boeing is slowly following, due to the fuel economy benefits fly-by-wire and FADEC provide.
- The big problem is airlines no longer allow their pilots to fly general aviation (soa
Ryanair banning Boeing innovation? (Score:1)
Do please expand, how exactly are Ryanair preventing Boeing innovating, provide references and citations
Re: (Score:1)
You still haven't provided any reliable sources for your previous posts.
Sounds like one of Schneier's (Score:2)
Movie-Plot Threat Contest [schneier.com] entries.
Air Gapping won't work and they know it (Score:1)
In point of fact, some internal GovSec articles specifically point out that even an air gapped system can't prevent induction wires that run through an airframe within range of seats from being impacted.
Nice try, guys.
That said, paranoia won't help you. Nor will profiling African American citizens. Your real threats are Saudis, Bahrainis, Pakistani and Yemeni citizens and their British relatives you radicalized.
As your own internal NSA data tells you, but you keep ignoring it so that Americans will all live
ATC vulnerable too (Score:2)
Nothing to do with the subject, but...overreach? (Score:2)
AFAIK, the GAO was originally supposed to "investigate, at the seat of government or elsewhere, all matters relating to the receipt, disbursement, and application of public funds". In this, they usually do a pretty decent job, and even remain reasonably apolitical. Of course, you can't build an empire while restricted to your original task.
Clearly, it's a logical extension: from accounting expertise to the evaluation of cyber-security in avionics computers. /sarc
Seriously, there really needs to be a mechani
Re: (Score:2)
The GAO is Congress's research arm, they were asked to analyze the effectiveness of the FAA's role in assessing cybersecurity risks and they did as requested. This is a role the GAO has played for at least my entire lifetime (born in 1978). In fact this [gao.gov] articles says that the research function started to expand in 1967 when Congress asked the GAO to research the effectiveness of the newly enacted anti-poverty programs.
MH370, for instance? (Score:2, Interesting)
(Or, why that missing Malaysian Airlines MH370 is a really, really big deal --- besides the murder of 239 souls aboard.) Onboard flight MH370 were twenty employees of Freescale Semiconductor, a major microchip producer, owner of major fabrication facilities (referred to as foundries in the industry).
Back in 2012, some researchers at an institute connected with Cambridge University discovered a backdoor, at the hardware level, in the Actel/Microsemi chip used for military purposes, d
Re: MH370, for instance? (Score:2)
The U2 shot down over the Soviet Union had "chipped" communications gear? Now your in fantasy land. The U2 at that time barely had a radio! What it did have contained 0 chips.
Also see DefCon's avionics preso from 2014 (Score:2)
Also see DefCon 22's avionics preso from 2014:
https://www.defcon.org/images/... [defcon.org]
Be scared! (Score:2)
For a chilling documentary of airline hacking you need look no further than the first episode of this [imdb.com].* Watch, and be scared!**
* Hey, if they're going to claim "based on a true story" in the title credits, I'm going to call it a documentary!
** Oh, you'll be scared all right. Not to mention revolted and sickened. Just not necessarily at anything having to do with airline safety.
Remote cyber attacks on avionics systems? (Score:1)
Have they tried not connecting their avionics systems to the Internet?
Simple Solution, Separate Networks (Score:1)
How hard can it be to have the Wifi network completely separated everything else? The only thing it shares, is electricity. How can anyone go form the WiFi to the plane's network in that case?