This page contains a Flash digital edition of a book.
TECH TALK


will replace voice as the primary means to route commercial aircraft. Legacy aircraft are being retrofitted with updated avionics and communications capabilities which also increase risks in general since no two aircraft configurations are ever exactly alike, as well as due to the enlarged complexity of the aviation ecosystem. The research that uncovered some of the security flaws


was based upon performing analysis in a laboratory setting, and in fact, they did not actually have access to many of the named systems at all. They created simulations based upon downloaded firmware, information found in documentation and press releases, and other available data. This is quite impressive in itself and also quite repeatable by those with ill intent. The results of these simulations are what is found in the


published paper and follow-on presentations, neither of which can be considered conclusive and comprehensive security testing results. With that said, it is inexcusable that a cyber-security


researcher with no specific experience with aircraft (or the other transportation modes identified in his paper) is able to find significant flaws with critical communications systems. The vendors identified in his report should be holding their engineering teams responsible for not


performing more invasive and comprehensive security testing on their products, as well as for not identifying more stringent security requirements in the requirements/design phases of the product development cycle in the first place. No complex product is ever without flaws, but flaws of omission are still flaws. Most on-board systems use embedded software to


provide functionality, and thus differ from desktop PCs in how security solutions can be implemented. “Mission- critical systems, such as an aircraft onboard communication, navigation and surveillance (CNS) systems, cannot rely on standard cyber security commercial products such as anti- virus or signature based intrusion detection systems (IDS), due to the nature of their embedded operating systems and application code. They are simply not up to the challenge of defending against many of today’s cyber-attacks,” according to Alan Gallagher, president of Virtual Security International. Other avionics and aircraft on-board systems have similar issues, in that purpose-built software for specific functionality is unlike general-purpose operating systems such as Windows-based computers, which can host security applications with continuous updates to virus definitions, malware protection or firewall applications. Since embedded systems need to have the same level,


www.tronair.com 1-800-426-6301


USA: sales@tronair.com | Europe: saleseurope@tronair.com | Asia/Australia: tronairasia@tronair.com 10 2014 49


DOMmagazine.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84