Securing the NextGen Aviation Network
July 20, 2016
  • Share
  • The main job of the head of the Federal Aviation Administration is safety, according to Administrator Michael Huerta. As technology becomes a more integral and interconnect part of air travel, securing aviation infrastructure from cyberattack has become one of Huerta’s prime concerns, as he explained during an interview with Federal Times Associate Editor Aaron Boyd. 

    What are the unique challenges to securing aviation infrastructure from cyberattacks?

    Cybersecurity is a very big issue in aviation for a very important reason. Aviation throughout its entire history has been all about how do we leverage technology and how do we leverage innovation and really develop a highly sophisticated system. In recent years — like all of technology-based industries — we’ve been gradually evolving toward much more interconnected systems. Systems where we share data with the industry that we operate and regulate — the airline industry, the aircraft manufacturing industry, so on down the line — and as we are sharing information across technological systems, we’re opening up certainly more gateways into those systems and so we need to be very, very vigilant and thoughtful about who we provide access to the technology systems that support aviation, aerospace and air traffic control and how we ensure that we’re maintaining the highest levels of security.

    Fundamentally, aviation is a huge part of the national economy. It accounts for about 12 million American jobs and something like 5 percent of our gross domestic product. And so aviation/aerospace is more than just an industry, it’s really an engine for the entire economy. If you think about how it manifests itself in everything that we do each and every day. What the public expects is a system that safe, they expect a system that is reliable and free of disruption, everyone understands that sometimes the weather’s going to get in the way but they want to system that works.

    Why does DHS consider aviation and transportation a critical infrastructure?

    Critical infrastructure is infrastructure that really serves an important role in underpinning our economy and our national security. When you think about it, how many of us depend on the aviation system? Sure we depend on it for personal travel: We might go on vacation or we might take a business trip. But aviation is also responsible for moving a huge amount of air commerce and a lot of that is very critical air commerce — things like pharmaceuticals technology small parts and so forth — that really depend on a reliable system for quick transport so that things can be delivered where they need to be delivered in very, very little time.

    So if you are disrupting the air transportation system, you’re significantly disrupting the American economy. Just think of what happens if we have a major snow event and we’re required to just for reasons of safety close down a major airport in one part of the country. A lot of meetings get canceled, a lot of family time gets disrupted and there are a lot of shipments to get delayed. In an economy that is increasingly interconnected, we want to minimize those events and we certainly don’t want them to be widespread as a result of challenges that we have to deal with in the technology systems.

    Could a cyberattack have the same disruptive effect as a major snow event?

    That is certainly something we want to prevent and what we’ve put in place is a very aggressive and multilayered approach to ensure that we do not have cyber disruptions in our national airspace system. Recently we put together at the FAA a cybersecurity steering committee where we’re really looking very, very broadly across the whole industry.

    I think that anyone who says they have the cyber threat covered is really kidding themselves because we all know that cyber is an area that continues to evolve and change. That really puts a premium on the professionals that are maintaining this system. We’ve got to be nimble, we’ve got to be flexible and we have to ensure that we’re sharing information broadly across the industry.

    Years ago air traffic was very much a closed system. It was a system that the FAA had complete control over and we were responsible for maintaining and carefully controlling who had access to it. We use that system exclusively for our controllers and our technicians to safely move air traffic through the systems. But through the deployment of our NextGen system we’ve been creating a lot of linkages with the industry that uses our system.

    Let me give you a couple of examples. One of our most successful deployments that we’re working on is a program called data communications — Data Comm — you can think of it as kind of a text-based message exchange program between controllers and pilots. It eliminates the need for controllers to talk to a pilot, for the pilot to write down everything the controller says to them and then manually input that into the flight management system of the airplane. That’s the old way of doing it but what that sets up is many opportunities for error. A controller could misstate something, a pilot could mishear it, they could fat-finger when they put it into the flight management system and all that means delay. So what we’ve created is a system called Data Comm where the controller is able to broadcast instructions to a pilot, the pilot can acknowledge it with the push of a button and at the same time automatically input it into the flight management system. It’s a huge saver of time. It creates a lot of efficiency and an added measure of safety.

    But now our system is linked to the systems in the airline operations center, to the systems in the aircraft itself. We need to ensure that all of those systems working together are not introducing additional vulnerability into the overall network of technology systems that we use to move air traffic.

    Part of the NextGen program is moving from an air traffic control system based on radio frequencies to a satellite-based mapping system. How does that change the security scope?

    NextGen is a very complex system but at its core what we are doing is supplementing and replacing a radar-based system that has served us very, very well for many years with a satellite-based system.

    Radar is giving you a picture of what’s happening in the air space system, which is a series of points in time. A radar will identify where an aircraft is and then it’ll sweep and you will see where they are next. You assume that they’re just following a straight trajectory. But from a safety standpoint, what we need to assume is when you see that aircraft at one point, and before you see them at the next point, we have to assume not only where we think they’re going but every other place they could conceivably go in those intervening seconds. That’s how we build separation standards. We have to anticipate not only where we think the aircraft is but where it might also be.


    You can think of radar as giving you kind of an impressionist painting: A little bit blurry but nonetheless you can see everything there. What satellite navigation gets us is a transition from that impressionist painting to HDTV. We are seeing the aircraft, not only where it is it any point in time but we are seeing it in real time moving through the system. That means that we can tighten separation standards and that gets us a whole lot more efficiency in the system.

    Now how do we do that? We have to replace — and we’re largely done with replacing — the foundational technology for NextGen. A couple years ago we completed the build out of a new broadcast network that is giving us better surveillance using satellite technology. We’re buying that as a service from a third-party company. We contract with that company not only to provide us the service but also to ensure that it is reliable and is protected from cyberattacks. At the same time, we need to not only ensure that we have the appropriate contract mechanisms in place but that we also understand how they are providing cybersecurity to support these systems.

    The other thing that’s happening is, like industry many of our systems are transitioning from single-purpose systems that we own all of the hardware that ties everything together, to IP-based systems where we’re relying on public networks. That means that we need to be vigilant in guarding against all the same threats that private industry — the banking industry, the retail industry — are continually looking after and ensuring that there aren’t cyber vulnerabilities through the IP gateways or through the public internet.

    How are you doing that?

    We’re doing a lot in that area but a lot of it is through constant surveillance and data sharing but also penetration testing. Your system is really only as good as its weakest link and it is extremely important for an organization to actually test yourself.

    There is a lot of concern sometimes in government, “Well we don’t necessarily want to conduct this very public test and then everyone will see where there are vulnerabilities.” I think if you adopt that mindset you’re kind of burying your head in the sand because a forward thinking organization wants to know where there are problems. If you identify problems then you can solve them; if you don’t know they’re there, you’re really creating an opportunity for hackers and others to get into systems in ways that you might not anticipate.

    Does a satellite system introduce any new cyber vulnerabilities?

    There is a question as we move more to a satellite-based system versus a radar system, are we introducing an additional level of vulnerability? I think the answer to that is it’s not that we’re introducing more vulnerability but we have to recognize that there may be different things that we have to be very focused on.

    The satellite signal for GPS, for example, is a weaker signal and so it might be subject to jamming. What that means is you have to have additional levels of redundancy that is built into the system.

    I don’t see a day where we would ever completely get away from radar. We’re always going to have both. What we’re in fact incorporating into our system is what we call fusion technology, where we’re fusing satellite inputs for surveillance with traditional radar inputs. The two together give us a very robust picture of what’s happening in the air space system.

    What it also gives us is not only redundancy within the systems but across those systems. We have different technological platforms that give us a great deal of redundancy and a great deal of security in ensuring that we’re always able to operate the air traffic control system.

    FAA does a lot with the private sector — from operational vendors to the airlines — how do you manage all those moving parts securely?

    We’re working with industry, with our vendors, with the users of the system very broadly and we put together a number of forums where we really want to bring together all of the users — and we are bringing together all of the users — to share information. That is casting a much broader net than we’ve done in the past.

    In the past, we were very, very focused. We had a very simple model, which was we would look at how our system is secured and if somebody else was having a technological problem on their side the way we would protect the integrity and the safety of the system was we simply wouldn’t allow them in. That would result if airline A is having technology problems, we’re not going to dispatch their flights. To a certain extent we still do some of that but now that all of our systems are interlinked, if an airline is experiencing a problem it’s very important that we understand what is the potential that that could bleed over into our systems through the interconnections and gateways that we have connecting our system to theirs.

    Likewise, it’s not just the companies and their operating systems. It’s also the avionics systems in the aircraft themselves. We want to make sure that we have a very clear understanding of how those systems operate and what gateways into them are. We do certify avionics systems to ensure that they’re durable, that they’re hardened against attack and that they have the appropriate levels of redundancy. But we have to constantly stay in communication with all of the stakeholders in the industry in order to understand how those systems are evolving.

    How likely is it that someone will eventually hack an airplane’s systems in-flight? What are you doing to make sure that never happens?

    There have been reports and concerns expressed about how vulnerable are airliners to hacking. There are multiple and redundant layers of protection and redundancy in the systems themselves.

    The other thing is, as part of the certification process, we really want to see separation between the core avionics systems that power the aircraft versus the more public-facing system such as Wi-Fi, consumer entertainment and all of those sorts of things. We haven’t seen any documented cases of an individual being able to hack into the core avionics systems that we have been able to replicate. You can think of this as these systems in the sense of being a door with a lot of locks on them. As part of penetration testing and white hat type activities you might be able to get past one level — and we learn from that and we secure those — but it is something that is very much at the forefront of our thinking because we really want to ensure that not only are we in a good place today but that we continue to be in a good place going forward.

    This is a very, very challenging area for us.

    The other major area is the air traffic control system. How are you preventing those systems from being hacked?

    The same basic principles apply all across cyber. What you want to have is multiple layers of protection across all of the systems but you want to be constantly monitoring, as we do through our cybersecurity monitoring facilities across the country. We want to monitor what’s happening in our system, what are we detected in the way of activity — anything that looks unusual — and then we want to make sure that we have appropriate protocols in place to isolate problems, to analyze them, to really understand what the signatures are and to make sure that we are continuing to build protections and support there.

    It wasn’t that long ago that your whole objective in cyber was to keep the bad guys out. I think we across industry generally have evolved to a different framework of thinking, which is, “Let’s assume they may get in.” So it’s really a question of how do we respond to that, how do we isolate a penetration if it happens and how do we ensure that it doesn’t bleed over into other systems? That’s based on a lot of information sharing across all the agencies and across all of the equities both in the public and private sector that are using our systems.


    What are you doing to stay ahead of the adversary÷

    In order to stay ahead of the adversary that’s really trying to get into systems with the intent of doing harm, there’s no single silver bullet. We have to do a lot of different things.

    What we’re doing is, first of all, a lot of coordination and information sharing with our government and industry partners. Second, we’re doing a lot of testing of our system constantly, really to understand what its capabilities are, how it’s evolving, where there might be vulnerabilities and gateways into the system and ensuring that we are closing those up. Third thing that we’re doing is, really in a very proactive way interacting broadly across industry and with our government partners — DHS, Defense, FBI and others — to understand what our adversaries are thinking, what are they identifying as targets and what are other agencies experiencing when they’re looking at critical infrastructure such as we have in aviation.

    Then finally, we’re doing a lot of awareness building among people in the front line. We’ve all heard stories of an employee in a company that might click on an attachment to a phishing email and it has widespread implications. Making sure that everyone is very vigilant about the cyber threat and doing everything that they can to prevent it happening is extremely important.

    Fundamentally, your cyber defenses are only as strong as their weakest link. We constantly have to be looking for where there might be weak links in the system and doing everything we can to strengthen them.

    What lessons have you learned securing aviation infrastructure that could translate to other transportation sectors?

    Aviation has always been about how we leverage technology and it’s a system that is fundamentally dependent on a lot of technology. We’ve had for a very long time technology-based systems that we use to separate air traffic, to control airplanes. Our colleagues in other modes of transportation as they implement systems like automated vehicles and positive train control — highly sophisticated technology-based systems — we’re sharing a lot of information about what our experience has been in aviation and some of the things that we all want to make sure that we are collectively thinking about.

    Fundamentally, what the FAA does is about one thing: safety. How do we ensure the highest levels of safety? And our record really speaks for itself: This is the safest mode of transportation. So when we are introducing technology into our system — new technology — we want to ensure that we are not introducing risk that could in any way compromise safety.

    One of the things that they’re looking at for other modes of transportation is how can they take those technological lessons and use it to enhance safety. Particularly on our highways where tens of thousands of people die every year, is there a way that we can use technology to approach that vision that we all have of zero fatalities? I think there’s a lot of potential but at the same time, we have to recognize that there could be risk that comes with it of a cyber nature if we’re not doing everything that we can to mitigate those risks.

    How important is cyber among your daily security concerns?

    Every day thousands and thousands of people get on airplanes and they’re thinking about a lot of things. They’re thinking about, “How do I get that middle seat; why did I pay that bag fee?” They’re wondering what the lines going to be like at TSA; they’re wondering if that kid sitting next to them is ever going to shut up. But interestingly, for the most part, people are not thinking about whether it is safe. That is because that is our job to really focus on ensuring a safe system.

    And safety encompasses a lot of things: It encompasses training, it encompasses building great airplanes and it encompasses having great operating practices. But the technology systems that underpin it must be safe and secure and cyber is a really, really big part of ensuring these incredibly high levels of safety we have in aviation.