For most corporate flight departments, cybersecurity likely is something only to be worried about back at the office when checking email. Once the airplane is airborne, so the thinking goes, there's no way a malevolent hacker can reach it, much less attack its automated systems or its passengers' devices. Nothing could be further from the truth, according to Satcom Direct chief commercial officer Chris Moore.
“We are alarmed at how many companies we speak with have not addressed the potential threat of a cybersecurity attack on their aircraft network,” Moore said, pointing out that such attacks can damage a company's reputation and financial stability. “That's why we've developed a set of services that provide practical solutions, supported by accessible training options.” And, according to Moore, the real-world threats a corporate flight department faces extend well beyond in-flight internet connectivity.
It's important to distinguish between an aircraft's communications, navigation and surveillance systems, he told AIN, and its in-flight entertainment (IFE) or cabin management system (CMS). The former are “extremely difficult” to affect, Moore said, and are physically separated—air-gapped—from the IFE and CMS components. They also employ proprietary operating systems, making them relatively immune to threats designed for consumer-grade equipment.
The IFE/CMS hardware, on the other hand, can be susceptible to hacking attempts. Threats can enter them via Wi-Fi, on the ground and in the air, not to mention USB thumb drives and devices brought aboard by passengers.
In fact, Moore said, Satcom Direct was recently able to identify a corrupted laptop brought aboard a customer's aircraft because it was “not behaving correctly.” The operator's flight department was contacted and the aircraft reached via FMS messaging. The specific device was identified and disabled during the flight. Moore said SD was able to monitor the laptop's behavior and identify it in real-time thanks to its proprietary network infrastructure and direct monitoring capability.
To meet the wide range of cyber threats SD has identified, the company is introducing at this year's NBAA convention what it calls a comprehensive suite of security services and products. For example, SD's free Cyber Smart Kit includes a set of quick tips and recommended actions, plus suggested protocols for implementation. Also free is a white paper, “Cyber Security and Business Aviation: What flight departments need to know about the biggest threat facing business aircraft today.” Attendees at NBAA 2017 can visit SD's booth (C11420) for more information.