But despite the opportunities it presents, such technology proliferation and success is not without its challenges, and as more devices ‘get connected’, chief among these concerns is the advancements in cybercrime.
“An aerospace system is typically in the field for 15-20 years,” begins Wind River’s Director of Market Development, Alex Wilson. “The kind of technology trying to hack into your system gets better every year, so you have to figure out not only how you’re going to develop a system that is protected against the current types of attacks out there, but also how you’re going to update your system over its lifecycle to keep it protected.”
Wilson points to three main system concerns. The first: products made up from a patchwork of technologies from various suppliers, evaluated at a late stage of development. “When you consider the overall security of a system, you need to perform the risk assessment at the highest system level. For example, if you design the aircraft security without considering the Electronic Flight Bag (EFB), an information management device that can perform basic flight planning calculations and display digital documents such as navigational charts and aircraft checklists, then a pilot could plug in an unauthorised EFB, or an EFB with unauthorised software into the avionics system.”
The second concern he points to, is lifetime cost. Despite the lower-cost of new generation technologies, Wilson says support and maintenance expense is often overlooked. Maintaining a constant level of security throughout the system lifecycle requires suppliers to be able to modify and adapt systems as new threats are exposed. This means that companies have to budget for lifecycle support and refresh of systems from a security perspective.
Lastly, with the combination of long development cycles and distributed teams, Wilson says that it’s common for bugs to be discovered late in the testing process. “Often systems and components of systems are designed in isolation and only brought together late in the systems integration phase.” He suggests following a disciplined systems engineering approach that ‘thinks’ ahead about the systems engineering phase and the interface between components.
Wilson recommends three strategies that can be implemented during development to make it easier to update products at a later date, as and when cyberattacks become more sophisticated. These include: hardware refresh; using hardware and software based on open standards; and the use of commercial off-the-shelf components (COTS) to avoid replacing an entire system. “Using COTS components offers a better selection of suppliers, especially if they adhere to open standards, providing more choice and flexibility in who and what you purchase,” he explains.
But half the battle, according to Wilson, is being aware about security in the first place. These cyber-based challenges have arisen as the world has become ‘connected’, he explains. “Many of these aerospace systems weren’t designed to be connected to the Internet.”
The question is: how do you ensure a system is secure? Wilson points to an adaptive security approach. “As part of your system design, you can make the assumption that the system is not to be trusted. Rather than trying to prove the system is secure, you look at ways to protect the application and data.”
This security protection could be achieved by expanding the security framework which should have mechanisms to identify, protect, detect, respond, and recover, with the capability to predict security attacks. This allows the security framework to adjust its response and prevent threats based on these predictions.
Wilson also encourages the use of embedded and simulation software, describing it as an essential cog in the development and lifecycle process that can help companies identify bugs much earlier in the cycle.
“Wind River Simics is a simulation tool that allows users to build a digital twin of their system from a hardware perspective. In other words, it mimics the processor and all the peripherals you have in your system and allows you to run your software binaries directly on top of a simulated platform.
“This enables engineers to dive deeply into the hardware and low-level software systems to see how they might be attacked,” he continues. “You can freeze the whole model and step through particular attacks to see how they’re exploiting certain flaws in the silicon or software elements. One can also inject faults to understand how systems will respond.”
Wind River also offers VxWorks – a real-time operating system that currently powers over 2billion devices, including the Mars rover and NASA Insight Mission. The figure below highlights how it supports security.
Design | Boot | Data in Use | Data in Transit | Data at Rest |
Secure Development Processes Signed binary delivery IEC 62443 IEC 27034 | Secure boot/load Measured boot/load Signed binary application authentication Digital certificates/PKI Remote attestation | Secure Partitioning Cryptography User authentication /management Auditing/logging | Network security SSL/SSH IPSEC/IKE Firewall | Encrypted storage Sanitization |
A particular thriving market within the aerospace segment are unmanned aircraft systems (UAS), which have shown potential in a range of markets, such as search and rescue; package delivery; and railway maintenance.
According to a report from PwC, over 1million drones are now registered with the Federal Aviation Administration (FAA), but despite the possibilities, FAA admits UAS have “created unique operational challenges”. Wilson agrees, suggesting it as an area “particularly open to cyberattacks”.
“Cost has always been a chief consideration when it comes to UAS,” Wilson says, “because the goal is always the commercial market, where costs must be kept low to achieve success. Added to that is the expense of lifetime costs.” In order to reduce these costs, Wilson points to resolving the security challenges that the ‘distributed’ architecture opens up.
A UAS consists of the ground station, the data link, and the aircraft itself, with each part exposed to a different set of security threats, meaning each component must address its parts in the overall system security. “In a manned aircraft, these are typically contained within the aircraft perimeter and so are more easily protected,” explains Wilson. “In an UAS, where connectivity is required, they are exposed and distributed.
“A lot of these UAS were built on experimental technology that was just proof-of-concept work,” he adds. “These were suddenly accelerated into production and brought into the field without thinking through all of the safety and security implications.
“There is now a global effort to review these deployed systems and architectures to ensure that safety and security is more formally addressed. This review process consists of a security risk assessment at the highest level, breaking down the requirements to each component within the UAS system.”
In order to move forwards, Wilson believes that the industry needs to stop building bespoke monolithic systems and start thinking about open architecture systems based on virtualisation. “Our VxWorks 653 product did this for the aviation market by adhering to the open ARINC 653 standard and enabling our customers to support software defined applications,” he says.
“Modern multi-core processors are excellent at supporting these virtualised environments. When combined with COTS software, the full potential of multi-core processors can be realised in avionics systems. Using partitioning capabilities built into VxWorks 653, applications and operating systems can be isolated from both each other and from the underlying hardware allowing for future upgrades and greater safety, security, and affordability.”
As for the future, forecasts point to further growth, which Wilson believes will be driven by artificial intelligence (AI). Despite positive application expectations from industry, Wilson warns that with all the benefits, AI may also hand cybercriminals the ultimate hacking tool.