How Secure Are In-Flight Connectivity Systems?
The aviation world has come a long way from the days when the extent of connectivity in the cabin revolved around self-contained in-flight entertainment and connectivity (IFEC) systems comprising a server, distribution system and seatback displays. Being connected was limited to watching a movie offered by the airline or scanning pre-recorded news broadcasts.
Then came SwiftBroadband service followed by more powerful high-bandwidth satellites and Wi-Fi in the cabin, and with it, a proliferation of passenger smartphones and other devices. It’s not surprising that 81 airlines today offer a full range of IFEC services with the ability for travelers to connect their personal electronic devices (PEDs) to the aircraft’s wireless network.
Airplanes today are no longer “isolated aluminum tubes,” says Frederick Schreiner, CTO of Thales InFlyt Experience, but nodes in the Internet of Things. “We’re talking to it; people are able to connect, stream, text and browse.”
Airlines, he added, are increasingly investing in data analytics, not only to differentiate the customer experience with personalized services, but also to create operational efficiencies on the plane.
Considering these advancements and news about cyberattacks on the ground, the question is whether the aviation sector can stay ahead of resourceful adversaries who have successfully exploited network weaknesses in multiple industries.
Thales’ CTO said collaborative cybersecurity agreements with Airbus and Boeing ensure “the cabin and cockpit domains are properly protected.”
“On the cabin side, we have a number of layered protections within the IFE system to protect from potential attackers who connect to access points on the aircraft,” added Samuel Miller, Thales’ product security officer. “We are continuously testing and updating and patching those controls to make sure that they can protect the IFE system appropriately.”
Though both Miller and Schreiner agreed that “no one is immune” from threats, they argued that the aviation sector is more process-driven to address security vulnerabilities quickly. That mindset wasn’t in place at Equifax, which was hit by a massive data breach early 2017 that comprised personal data on more than 145 million Americans. The cause: an earlier vulnerability that hadn’t been mediated quickly.
“We’re gearing our processes to quickly identify and contain root causes and take the necessary action to mitigate the impact of these things, so that’s key,” said Schreiner. “You have to have internal processes that are well aligned to respond quickly. If you can get that institutionalized and the appropriate triggers in place, you can act quickly.”