THE GROWING DEBATE ON THE CYBER SAFETY OF NEXTGEN
The past decade has seen an eruption of hacking, spoofing and various types of cyber incidents via the Internet, and has caused governments, companies and individuals to take cybersecurity countermeasures much more seriously. In recent years, many security experts have been raising concerns about the lack of cybersecurity with the two key communications cornerstones upon which NextGen and other similar systems in other countries depend: global positioning system (GPS) and automatic dependent surveillance broadcast (ADS-B).
NextGen promises to use modern technology to allow for the safer and more streamlined use of precious U.S. airspace, combined with better handling of the continued growth in the number of flights. But can GPS and ADS-B be considered safe when they seemingly have cyber security-related issues? Let’s explore the hype here, and see if this is an actual issue. Before we look at ADS-B and GPS, let’s look at the Internet and how it has dealt with related issues.
Internet Cybersecurity: An Evolution in Securing Data
The news is full of reports from various types of cyber events, from malware being installed from e-mails and Facebook-hosted apps on unsuspecting computers, to banks and retailers having their customers’ credit card data pilfered. More recently, there have been reports that foreign governments have stolen most of America’s defense plans and military aircraft designs, and also invading the Internet-enabled control systems of our power plants, electrical grid and water utilities. In fact, the frequency of these attacks seems to be increasing. We are essentially in an arms race with other countries, well-funded criminal organizations and individual hackers who simply enjoy wreaking havoc. (We need to get a new Star Trek franchise on air, don’t we? That may solve a few problems for the entire world by creating a distraction.)
Despite the use of high-end network and software security solutions, we have not been able to stop the tide of cyber events completely. But, in recent years, companies and individuals have become better educated on dealing with these type of concerns, such as updating their antivirus/malware software (a good first step), using strong passwords (another good practice and one of the best countermeasures you can take), and also using encrypted sessions (the HTTPS capability supported by all web browsers today), or virtual private network use to access intranets for financial or sensitive sessions. In fact, such measures mitigate many hacking attempts. Governments and businesses have begun using strong authentication and digital identities based on public key infrastructure (PKI) to better substantiate the identity of an individual or machine with which they are interfacing. Hackers depend upon individual users to ‘invite’ them in, either by opening infected emails/files/applications, or, by using simple passwords that can be cracked easily.
Finally, Wi-Fi use has slowly become more secure with newer standards which depend upon strong encryption and authentication, although this has a way to go for public hotspots. (Help is on the way with updated industry standards coming soon.) This area has a ways to go, but the public is getting smarter about properly using that free wireless access connection point at Starbucks. (For those of you who are not sure about this, simply do NOT log on to any sensitive Web sites with your financial or sensitive information from a public Wi-Fi hotspot unless you are using an encryption solution to protect your login credentials and data.)
Basically, the Internet still remains the Wild West with very few sheriffs around to take down the bad guys. If you take some basic steps to better authenticate who you are interfacing with, and use encryption for all sensitive transactions, you will avoid most problems. In fact, cellular phone and service providers have been offering such services to corporate and government clients for some time to mitigate cyber issues, and now individuals can buy such services as well. One example of this is AT&T encrypted mobile voice. So, two of the widest uses of wireless spectrum today (WiFi connectivity to Internet devices, and cellular phone networks) are both increasingly using forms of tracking and authentication to some degree. None of these efforts go far enough, but they are a start.
ADS-B: The Backbone of NextGen
This brings us to NextGen, which (very) loosely follows the grand design of the Internet, by having many nodes of information communicating to other nodes, including some which exert a degree of control. Air traffic control serves the role of Internet service providers (ISPs) in this example, directing the routing of aircraft to their destination, much as your e-mail provider does.
First of all, we need to examine the key enabler of the NextGen system, namely ADS-B. The FAA calls this the future of air traffic control (ATC), and it depends upon GPS to convey to ATC (and other aircraft) the current position and heading of the flying machine transmitting such data, among other information. ADS-B supplants traditional radar-based surveillance of aircraft and represents a revolutionary change in that instead of using ground-based radar to identify aircraft and determine their position, each aircraft will use GPS to find its own position and then automatically report it. This has many similarities to how the Internet is structured today from a perspective that routing messages and data within a hyperconnected network of disparate computers/devices, networks, Web sites/databases and endpoints is remarkably similar to the environment in which aircraft, airline operation centers, airports and ATCs need to navigate.
ADS-B also provides pilots with the same ability as ground-based controllers to view real-time air traffic. The benefits of this are many, especially in enhancing safety due to increased situational awareness. If aircraft utilize the ADS-B “in” option, they will receive position reports directly from nearby aircraft, not having to acquire this from air traffic control and have access to more timely data.
All of this is a major step forward for aviation, and should accommodate safer flight in general for many years to come. However, history has a way of repeating itself for those who are ignorant of it (as well as those who do not study Internet issues when trying to copy Internet principles.) It seems that security of this system has not been a major factor in its design and implementation.
Demonstrated Issues with ADS-B
As many industry and security pundits have been pointing out, cyber security seems to have not been addressed when ADS-B was being thought of — at least not visibly. We have ‘professional’ hackers and researchers running tests simulating disheartening scenarios. Brad “RenderMan” Haines was able to spoof the signals used in the NextGen system and create ‘fake’ aircraft in the sky. Andrei Costin, a Romanian grad student, built a little software-defined radio hooked to a computer that created fake ADS-B signals in a lab. These scenarios demonstrate how a novice with a small investment in equipment can cause issues with minimal effort.
Other reports include the USAF having concerns with ADS-B back in 2009, when Air Force Maj. Donald L. McCallie, studying cyberwarfare at the Air Force Institute of Technology, wrote about the same kinds of attacks, and concluded that this system may put us “on a collision course with history.” Understandably, the FAA has not released details on how it is mitigating these identified issues, other than stating that steps have been taken to handle such risks.
Due to the lack of publicly available data, many skeptics may disagree with the FAA’s position.
Jamming of ADS-B signals is also another risk, and GPS suffers from this issue as well. While this cannot be understated, physical security tactics can be used to mitigate threats to ground stations. Obviously, this may not be possible easily for mobile or airborne threats.
GPS Has Its Own Issues
To further muddy the waters, we have seen many documented issues with GPS. The best example of this is the overt jamming by the North Koreans of U.S. military aircraft during a training exercise in 2011, and the August 2012 situation where North Korea began interfering with GPS signals near South Korea’s two largest airports outside its capital city and across the center of the Korean peninsula. No accidents were attributed to this jamming, but North Korea has demonstrated its credentials as an international pariah. There are plenty of other such instances, but the North Korean situation demonstrates how enemies of the West can disrupt our transportation and communications systems rather easily.
At home, truckers who used cheap GPS-jamming equipment (which is available on eBay for a few bucks) to block the trucking companies tracking their exact routes. This equipment inadvertently interfered with aircraft navigation at Newark airport.
The recent issue with LightSquared’s planned use of frequencies adjacent to those of GPS to set up a nationwide 4G mobile broadband network causing interference with GPS receivers caused quite a stir. Recent testing may indicate problems with not only the Lightsquared system, but with the GPS receivers they supposedly affected. Only time will tell where this leads, and how it affects the future designs of GPS equipment.
All of this indicates that GPS, the core system upon which ADS-B depends, has its own problems as well.
While there are a few proposed solutions to these problems such as GPS jammer detection and location (JLOC) system run by the National Geospatial Intelligence Agency and the SENTINEL effort in the U.K., none of these solve the issue of spoofing the identity of an aircraft via an ADS-B message. In fact, there are several efforts underway to provide a backup to GPS and other GNSS systems (such eLoran possibly), so at least this part of the issue may be solved sooner rather
ADS-B Needs to Match the Security of a Modern Encrypted Smartphone (at the least)
This brings us back to ADS-B. We can sum up the two main cybersecurity issues with it as follows:
1. No encryption of data sent:
Anyone can see it, which creates opportunities for those with malicious intent to do something with this data. The simple answer is to use some level of encryption, which is easier said than done for technical and economic reasons. Encryption creates a communications and processing lag, since messages need to be processed. This creates logistical issues in managing encryption keys which are used to lock and unlock messages. This is an issue which needs further study.
2. No authentication of the sender of a message.
This is a problem with the Internet. (Hello, spam… since it is child’s play to spoof the sender’s e-mail address to send malicious emails to those who may know the spoofed person) Now it is a problem with ADS-B. In fact, this is arguably the key security hole that needs to be filled. As many researchers have demonstrated, it is rather easy to inject non-existent aircraft into a theater of operation, creating loss of trust in data received, and forcing major delays, cancellations and related costs, not to mention potential safety concerns. The reverse of this is someone spoofing the signals of a real aircraft and providing incorrect data on an aircraft’s heading, speed, etc., thus injecting chaos into an operational area since no one would be sure of the actual information to use from an air traffic control standpoint.
The only way to address these issues is further study, and pressuring those with vested interests (the FAA, avionics manufacturers, aircraft OEMs, and equipment and service providers of ADS-B and GPS systems) to provide information on how they are working to mitigate known security threats. Economic pressure from end customers should never be underestimated. As users of NextGen/ADS-B/GPS, you need to let all of the vested interests know that you expect to have identified security threats handled. Nothing less is acceptable and nothing less should be expected. Consider this your call to action.
John Pawlicki is CEO and principal of OPM Research. He also works with Virtual Security International (VSI), where he consults to the DOT’s Volpe Center, handling various technology and cyber security projects. He managed and deployed various products over the years, including the launch of CertiPath (with world’s first commercial PKI bridge). Pawlicki has also been part of industry efforts at the ATA and other related groups, and was involved in the effort to define and allow the use of electronic FAA 8130-3 forms. He recently completed his writing of the ‘Aerospace Marketplaces Report’ which analyzed third-party sites that support the trading of aircraft parts. For more information, visit OPMResearch.com.