The Federal Aviation Administration (FAA) introduced changes to its cybersecurity standards for new aircraft and equipment in a Notice of Proposed Rulemaking (NPRM) issued Wednesday.
If there is that level of integration of flight controls to incoming data, sending it bad ADS-B data will direct the aircraft. Even without integration, I know that I have changed course based on targets that I get from ADS-B and displayed in ForeFlight.
Just because there isn’t an obvious pathway there doesn’t mean it can’t be done. Some surprising security holes and connections have been found in automobiles, no reason to think those would not exist in aircraft as well.
The whole point of doing a security analysis of these devices is to make sure there is no way to send a corrupted ADS-B packet to an aircraft that somehow back doors into a critical system…
I think you’re right. There is one other thing to consider. ADS-B relies on GPS/GNSS. These signals are easily spoofed and even more easily jammed with simple cheap devices that can disrupt hundreds of square miles. A redundant system would be helpful, I think.
Oh my gosh, you guys. No, that’s not how these things work. You’ve seen too much science fiction. Yes, it happens “all the time” on TV and in movies, but it doesn’t happen ever in the real world because it can’t.
Just because I might know where you keep your lawn mower doesn’t mean I could use that knowledge to hack into your car. Those are totally separate entities. The ADS-B transponder doesn’t send “data packets” to the autopilot. They are separate entities. No amount of ADS-B hacking could ever give a bad actor access to a flight control system or instrumentation data for primary flight display. The best a criminal could ever possibly do is screw up the transponder. There’s no networking of the systems beyond that device. These aren’t office computers and they aren’t on the internet.
The best a hacker could do would be to send a nonsense METAR or TAF to the airplane. The inputs and outputs between the avionics are defined parameters. The hacker can’t turn a METAR into a game of PAC-MAN. The display wouldn’t know what to do with PAC-MAN.
Yes, the GPS signal is easy to jam. No, it isn’t easy to spoof. Yes, there are some cases of spoofing in the world but they are not sophisticated. Mostly they spoof a single (frozen) position. They aren’t good for leading a vehicle (either air or ground) astray at your whim.
Consider first the GPS signal. A bad actor can take them off line, quickly and without warning. Recovery would take time. With the increasing abandonment of ground based nav, this is increasingly a problem. At one of my business destinations, the on field VOR was decommissioned. It served approaches for 2 airports. The replacement RNAV/GPS was great because it bought an extra 400’ MDA/DH. Same at my base airport. VOR is gone. If GPS fails this airport is in good shape. It has two ILS. The other destination has nothing for 100 nm beyond the two local airports. Jamming is sufficient. Moving an airport with a false set of GPS signals or WAAS signal will accomplish its purpose too and that does have the potential to command autopilot changes.
The ADS-B and GPS messages are limited length and standardized. I agree with you that it would be impossible to cause a false sentence to be sent to the flight controls as the raw signal data is translated by the on board receivers.
The heart of the problem is the raw signal data is translated into these messages (or sentences in the NEMA description) and the raw signal can be blocked and spoofed/altered as we have seen. There are detection methods (RAIM) but the weak link remains the signal which communicates 3D position, and without redundancy, that signal is the key to everything. As you say, the spoofing cases were not sophisticated, but they were effective enough to be noticed worldwide.