TECH TALK
systems. A comprehensive network architecture risk assessment of all internal and external system connections and all other trusted and untrusted interconnecting systems should be performed. This sounds overwhelming, but, security professionals have a good understanding of how to do this.
This list could go on, but let’s start with these three identified major sets of tasks.
WRAP-UP The aviation industry has historically required high quality and safety in all aviation systems and components. Current business drivers are forcing avionics vendors, airlines and airframe manufacturers to integrate new technology solutions which include commercial off-the-shelf products, into the aircraft without a true understanding of the inherent risks involved. According to Alan Gallagher, “Onboard
devices or applications must be held to a higher level of cyber security assurance than a standard commercial product, much higher. We are currently courting with disaster.” Gallagher recommends a very detailed and comprehensive risk assessment and analysis by non-aviation industry independent cyber security subject matter experts for existing products and applications. Perhaps the FAA can incorporate such an approach into the certification process in the future. It’s all about software in the end. The ultimate long-term solution is to reduce the vulnerabilities in the original code of all software-based products by developing secure coding languages, standards, methodologies and automated security testing applications. The problem is that this is all expensive and at this point in time the aviation industry does not appear to be prepared to handle the issue of cyber security threats properly. We might be fairly secure from an attack launched via an IFE system, but there are many more entry points in aircraft and support systems for those with ill intent and the knowledge to apply it.
John Pawlicki is CEO and principal of OPM Research. He also works with Information Tool Designers (ITD), where he consults to the DOT’s Volpe Center, handling various technology and cyber security projects for the FAA and DHS. He managed and deployed various
products over the years, including the launch of CertiPath (with world’s first commercial PKI bridge). John has also been part of industry efforts at the ATA/A4A, AIA and other industry groups, and was involved in the effort to define and allow the use of electronic FAA 8130-3 forms, as well as in defining digital identities with PKI. His recent publication, ‘Aerospace Marketplaces Report’ which analyzed third-party sites that support the trading of aircraft parts is available on
OPMResearch.com as a PDF download, or a printed book version is available on
Amazon.com.
10 2014 See us at NBAA | Booth 1420 51
DOMmagazine.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84