Is it Possible to Protect Digitised Avionics Systems from Cyber Attacks?
IFA Comment – IFA says building resilience into aircraft systems isn’t a nice to have it’s an absolute essential feature of any safety related function.
by Kelsey Reichmann, Aviation Today March 15 2021
Newly created cyber vulnerabilities that focus on digitally interconnected systems are becoming increasingly difficult to prevent, Michael Mehlberg, director of Sales for Star Lab at Wind River, said during a March 11 webinar hosted by Avionics International.
“Everyone is starting to see how cyberattacks could affect the resiliency of their system,” Mehlberg said. “They’re also starting to see that it’s impossible to keep the bad guys out, and I do mean impossible, which is not really a word that I use, often in cybersecurity, but in the case of a system attack, it’s true.”
Mehlberg said it is impossible to prevent attacks on the system because there are too many constantly evolving vulnerabilities to protect all of them.
“Today, attackers are always coming up with new ways of attacking and new attack tools,” Mehlberg said. “In fact, I looked up this morning as of December 18, 2020. There were 17,447 new vulnerabilities discovered last year, and 4,177 of those were considered high severity attacks. These tools have only gotten better today, and many of them are actually free, which means anyone with an internet connection can download these tools and use them for nefarious purposes.”
The key to protecting systems from attackers is to assume they are already in the system, Mehlberg said.
“What do we do, we have to assume that they’re already in the system,” Mehlberg said. “Many of those attacks try to get root administrative access to the box. They try to exploit some line of code or some bug. They try and pivot through the system until they have administrative privileges, at which point they can do anything that they want. And because of the way we currently deploy software once the adversary is in once they have root access, they can do whatever they want.”
Because cybersecurity experts can predict that attackers are already in the system, they can focus on protecting fundamental embedded elements of the system to protect those actors from accessing critical data or information.
“What it does mean is that we adhere to some fundamental embedded system security principles that will protect the system from attack, even if the attacker gains access,” Mehlberg said.
Mehlberg said these principles include data at rest, secure boot, attack surface reduction, hardware resource partition, secure comms, least privilege and mac, data input validation, secure build configurations, container and isolation, and integrity monitor and auditing. These principles can be broken up into categories according to states: data at rest, data through boot, data during operation, and data in motion.
“We want to continue after the data at rest, after the secure boot, to guarantee that the applications we’re running and the data we’re using are authentic,” Mehlberg said. “To do that, we need to make sure that the attacker can’t only get in but if they do, they still don’t have the means or the privileges to modify the system or system to their liking. If we’ve properly hardened the system from these types of attacks, then we can look to securing our applications and data as they move around, which is the last stage of our system and its operational states.”