ADS-B CYBER SECURITY RISK

ADS-B CYBER SECURITY RISK

The International Civil Aviation Organization (ICAO) last year highlighted long-known vulnerabilities in a new aircraft positioning communication system, ADS-B, and called for a working group to be set up to tackle them. Researchers like Haines have shown that ADS-B, a replacement for radar and other air traffic control systems, could allow a hacker to remotely give wrong or misleading information to pilots and air traffic controllers. And that's just the start. Aviation security consultant Butts said his company, QED Secure Solutions, had identified vulnerabilities in ADS-B components that could give an attacker access to critical parts of a plane. But since presenting his findings to vendors,

manufacturers and the industry's security community six months ago he's had little or no response. "This is just the tip of the iceberg," he says.

"The traditional Communications, Navigation, and Surveillance (CNS) and Air

Traffic Management (ATM) systems were not designed to counter the threat of cyber-attacks," said Poole. "For example, Automatic Dependent Surveillance-

Broadcast (ADS-B) is an open, unencrypted technology whereby data, including aircraft ID, altitude, position, bearing, and speed, can be received by any airborne or ground-based receiver. This makes it vulnerable to spoofing and jamming. As it is unencrypted and lacks authentication, a cyber-attacker could inject false position data into the system, causing problems for air traffic control."

Extracts by: Robert Jere Omusonga, Director -International Institute of Aviation Safety & Technology. Profile: www.iiast.com/romusonga