Safety protocols in all aspects of aviation are essential, but as onboard systems become increasingly networked, there is now the additional threat of malicious cyber-attacks that needs to be considered. Time to take a closer look at the crucial connection between safety and (IT) security.
For a very good reason, safety is entrenched in aviation. The operation of the aircraft, air traffic procedures, as well as the development of aircraft and subsystems all need to be adhered to the highest of safety standards to ensure that risks are kept to an absolute minimum.
Because of this, the industry is globally regulated with established standards in place that must be strictly adhered to. This ensures that all organisations, companies and agencies involved in the design, manufacture and operation of aircraft are doing so in the safest possible way.
The importance of safety is true across all aspects of the development chain, and different standardisations apply to each. Take an avionics system that is in charge of the aircraft turbines – among other things – as an example. The equipment must behave in a safe way and control the turbines as required so that it operates as it should and that nobody is harmed. If the avionics equipment fails, then the turbines fail, and safety is then compromised.
If from a development perspective you rule out all of the ways in which a system could fail during its lifetime – for example a bird entering the engine or a part breaking during flight – you can identify and define functional hazards. Once these are determined, behaviours can be implemented into the system that guarantee a safe operating mode. These development processes apply from design analysis through to implementation and testing, and are governed by industry standards.
In the case of flight control systems that is the DO-178C standard, developed by the Radio Technical Commission for Aeronautics (RTCA) and implemented by the respective aviation authorities for each country. A well-established standard in aviation, DO-178C ensures safety within the development process. But while safety continues to be deep-rooted in aviation, there are now additional challenges that need to be addressed as the industry evolves and becomes more digitally networked.
In an age when everything is becoming increasingly networked, this digitisation adds a new challenge, that of cyber security.
Security adds a new aspect to systems development and is an extension of the safety standard that is now established in aviation. “Ultimately, both safety and security standards want to verify that the system is operated in a proper way” says Sascha Kegreiß, CTO of HENSOLDT Cyber.
“From a safety point of view, you are determining what might happen in the system that could influence the safety of people, for example an aircraft crashing because the material was not suitable. From a security point of view, you want to be sure that even if an attacker or a hacker has access to a system, the overall system still operates in a safe way and can be operated in more or less a normal mode.”
CTO HENSOLDT Cyber
In the case of the flight control system that instructs the aircraft turbines, if that fails it could impact the operation of the turbines, which is a safety concern. If the flight control system is implemented and operated in a proper way, however, it will communicate to the turbines correctly, and the turbine will receive that instruction and act appropriately. With no peripheral interference, if the system is implemented correctly, it is safe.
On the other hand, if an attacker gains access to the system and hacks the flight control system, it can override these protocols, and the communication between the avionics and the turbine that was otherwise deemed to be safe is now compromised.
The standard that covers the security aspect of systems development is known as the ED-202, or DO-326 in RTCA terms. ED-202 is standardised, and alongside DO-178C it will be a critical factor in flight system development in the future. So, DO-178C standardises the functional hazard analyses that should be performed for system development, and ED-202 standardises the threat analyses that could arise from people or external interfaces that want the system to perform in an unsecure and unsafe way.
Every aircraft system needs to adhere to standards because they all contribute to both the safety and security of the aircraft. There are system level hazards and threats that are then broken down into component level hazards and threats, and requirements for addressing these will be the responsibility of the specific companies involved in developing each one.
As a leading avionics equipment developer, HENSOLDT has identified that designing, testing and manufacturing systems to both the highest safety and security standards is essential, and has implemented a ground up approach that now incorporates cyber security at all stages across the development process.
“What we do now is that we extend our development process to include this other perspective in systems development, and we address those security means as well,” Kegreiß added. This will prepare HENSOLDT for when security standards are mandated, he notes, which is inevitable as devices and systems become more connected.
“This standard verifies that safety can be ensured even if there is a potential security risk. Otherwise, you may implement a safe system, but from a security point of view an external risk can turn it into an unsafe system.”
CTO HENSOLDT Cyber
For HENSOLDT, safety critical systems are at the core of its business and safety is of the utmost importance, but security is now also vital as developers work to ensure that safety is not compromised by third party manipulation. “And that's the time we are living in,” noted Kegreiß. “We all want to experience the benefits of connected systems, but with those connections, malicious attacks need to be considered.”
In these current times when connectivity is at the forefront of all systems design, there can be no safety without security.