Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
of l<strong>in</strong>k<strong>in</strong>g aircraft-resident systems over a common data bus needs to be considered with<strong>in</strong> the<br />
larger context of the network-centric evolution of air-to-air, air-to-ground, and ground-to-ground<br />
communications with<strong>in</strong> the airspace as a whole.<br />
However, with these advantages come risks associated with <strong>in</strong>creased exposure of previously<br />
isolated components. <strong>Aircraft</strong> vendors, operators, and regulators need to understand the impact<br />
that <strong>in</strong>terconnected systems may have upon flight safety. Design, test, validation, and<br />
verification techniques should consider the impact of unanticipated <strong>in</strong>teractions between<br />
previously isolated systems. In addition, the effects of <strong>in</strong>tentional failures caused by malicious<br />
software or persons need to be considered. Exist<strong>in</strong>g evaluation techniques, where <strong>in</strong>dividual<br />
systems have been evaluated <strong>in</strong> isolation, should be updated to address safety concerns<br />
<strong>in</strong>troduced by future <strong>in</strong>terconnected systems.<br />
<strong>FAA</strong> Order 1370.82 “Information Systems Security Program” requires “the <strong>FAA</strong> must ensure<br />
that all <strong>in</strong>formation systems are protected from threats to <strong>in</strong>tegrity, availability, and<br />
confidentiality” [13]. Section 4.1 of this report expla<strong>in</strong>s that networks potentially expose<br />
software to larger populations of attack threats. As John Knight expla<strong>in</strong>s, “unless a system is<br />
entirely self conta<strong>in</strong>ed, any external digital <strong>in</strong>terface represents an opportunity for an adversary<br />
to attack the system” [7]. Section 4.4 expla<strong>in</strong>s that COTS comput<strong>in</strong>g devices, when deployed<br />
with<strong>in</strong> networked environments, have an <strong>in</strong>determ<strong>in</strong>ate number of latent security vulnerabilities<br />
that can be attacked and potentially exploited. COTS systems, therefore, have very questionable<br />
assurance characteristics <strong>in</strong> networked environments. Even though aircraft may not deploy<br />
COTS software with<strong>in</strong> their airborne <strong>LANs</strong>, they nevertheless can benefit from the extensive<br />
experience ga<strong>in</strong>ed to date from deploy<strong>in</strong>g COTS systems with<strong>in</strong> networks and they may<br />
communicate with ground-based networks that widely deploy COTS systems. Airborne<br />
software and devices, unless they have been specifically assured for use <strong>in</strong> networked<br />
environments, may or may not manifest similar problems, depend<strong>in</strong>g on the number and type of<br />
bugs present <strong>in</strong> networked airborne software. This is because latent security vulnerabilities,<br />
when comb<strong>in</strong>ed with the <strong>in</strong>creased exposure of networked systems, can result <strong>in</strong> security<br />
problems that have direct safety implications. Vulnerabilities <strong>in</strong>clude:<br />
• Modification or replacement of authentic aviation software by an alternative variant<br />
<strong>in</strong>troduced by an attacker. For example, if an attacker could thwart onboard security<br />
procedures to download corrupted software of their own choos<strong>in</strong>g, then a safety hazard<br />
can arise if that corrupted software, for example, causes the pilots—and the navigation<br />
systems they rely upon—to believe that their current altitude is 2000 feet higher than it<br />
actually is.<br />
• Attacks to network system elements that either h<strong>in</strong>der correct software operation or else<br />
modify the reported results of correct software operation. For example, if an attacker<br />
takes control of an onboard device and uses it to cont<strong>in</strong>uously flood the onboard network<br />
with spurious transmissions, a safety hazard may arise should that denial of service attack<br />
on the network actually succeed <strong>in</strong> disrupt<strong>in</strong>g latency-sensitive real-time transmissions<br />
between distributed avionics components and, by so do<strong>in</strong>g, <strong>in</strong>duce <strong>in</strong>correct computation<br />
results that affect critical onboard systems.<br />
5