As our world becomes increasingly and irreversibly connected, Cyber Security is a rising concern in every industry. Modernity has a price: cyberattacks. Everybody has heard about the exploits of criminal hackers against online banking or websites - stealing money or data (Cybercrime/Cyber-activism) - but new sectors are now actively targeted, even sometimes by the so-called ‘state-sponsored attackers’.
For example the US-American gas pipelines, the Irish national health system, national power grids, connected retail, or even uranium enrichment plant centrifuges. In such scenarios, the goal is less to steal than to destroy and to harm. This is Cyberwar or Cyberterrorism.
In modern aviation, everything is also connected: planes, air control towers, radars, radios, servers… and they are more and more connected by digital networks and infrastructures which are therefore vulnerable to cyberattacks.
While there have not been any reports of cyberattacks against aviation so far, this sector is a high-potential target, as it represents a major part of international infrastructure. The knowledge needed to “hack” network systems and digital infrastructures is becoming more and more common, especially because of the development of the darknet and therefore relatively low skilled people in I.T are able to freely download and utilize sophisticated cyber weapons developed by specialists.
On the other side, there are more and more of these (in)famous “state-backed” attackers. They usually benefit from an important budget and a strong logistic support. Their goals can be hybrid: harming an enemy country while also making a profit.
The terrorist threats against aviation are well-known. Since ‘9/11’, security has been drastically enforced everywhere in the world to prevent dangerous and hostile people from boarding planes.
A cyber attacker could take control of machines in an Air traffic Control infrastructure and deploy several attacks that could have various effects ranging from a partial disruption of the information available to the ATC controllers … to an aerial catastrophe.
In what follows, we will see several concrete scenarios where an attacker with relatively modest means could enter an ATC infrastructure and create threats.
We will also see what techniques can be done to prevent these attacks from happening.
Cybersecurity is a very important industry and mature enough. Threats, in this domain, are usually well-known:
Cybersecurity vendors often propose good and efficient solutions. In general, an ATC infrastructure is expected to follow the same path than any other organizations equipped with computers.
Here are several points which are generally required in order to maintain a secure infrastructure:
These are very ‘basic’ requirements. In general they are hardly rigorously implemented, especially the point 5).
Anyway, even strongly implemented, these requirements may not really prevent sophisticated cyber-attacks. Additionally, a secure infrastructure may need the following:
There are extremely few ATC infrastructures equipped with such components but in the near future, this may change.
In the next articles, we will explain and detail which techniques an attacker could use to enter and disrupt the operations of an ATC infrastructure. What this will result in and how to prevent this from happening.
For this we offer a fictive but very realistic infrastructure with radar data (coming from SkyRadar's NextGen 8 GHz Training radar), a flight data processing system (training system), data servers, visualization and ATC working positions. If desired, it can be embedded in a real ATM system with simulated inputs. We simulate the attacks and present their various effects:
A complete attack scenario would combine attacks using both radio (fake signals etc. …) and cyber components (software attacks). In the Breach, Attack and Defense Simulator described above, we focus on cyber attacks. Defense mechanisms against malicious Electronic Counter Measures (ECM) of radar and radio systems are called Electronic Counter Counter Measures (ECCM). For those ECCM, please use SkyRadar's Radar Training System. The radar training system and the BA&S Simulator can be combined and enriched with a full-fledged Radar & Tower Simulator.
Stay tuned! with the forthcoming articles on cyber-defense in ATC, or sign up for a free two-week testing of our Breach, Attack & Defense Simulator:
Martin Rupp is a cryptographer, mathematician and cyber-scientist. He has been developing and implementing cybersecurity solutions for banks and security relevant organizations for 20 years. Currently he is researching attack scenarios and the role of AI in ATC cyber-security.
Peter Smirnoff has a long experience in Cryptography, both in industry and research. Peter has worked on the Windows Crypto API, OpenSSL, digital signatures, X 509 Certificates etc. He has profound implementation experience with PKCS-11 smart-cards as well on Linux and Windows platforms.
Ulrich Scholten is a founder of SkyRadar. As a research associate at the Karlsruhe Service Research Institute, he researched network effects, emergence and control mechanisms in platforms and distributed cloud scenarios. He holds several patents in radar technology and the Internet of Things. Ulrich has a PhD in Cloud computing.