The Rising Cyber-Challenges of Aerospace Industry
After 23 years as a professor at the University of Liverpool, Dr Mike Hennell has founded LDRA, and was the principal architect of the LDRA tool suite. As technical director, he continues to guide the development of LDRA technology. He actively participates in both the MISRA C and C++ committees, as well as the international committee developing and promoting the new avionics software standard, DO-178C. Dr Mike Hennell has committed more than 40 years to developing and promoting cutting edge software testing and development processes to enhance software quality and reliability.
Cybersecurity currently represents the biggest challenge in modern aerospace system development and certification. Retrospective software upgrade to enhance the security of existing systems tends to be costly, ineffective, or both. The net result is that security compromise carries a very real threat to the exemplary safety record established by the aviation industry. Organizations should devise appropriate plans, procedures and approaches to manage these multiple layers of security. In addressing security considerations in the lowest “embedded” layer, my recommendation would be to adopt security-driven development in parallel with existing safety focused processes. It is much easier to integrate security focused architectures early in the development lifecycle than it is to retrospectively add security measures after a system is developed, says Dr Mike Henell, Founder, Liverpool Data Research Associates (LDRA). Dr Hennell speaks to Aeromag Asia about the cybersecurity challenges in aerospace and aviation industry.
Could you talk about the challenges in aerospace safety certification processes in modern times?
Let us first understand the lineage of the aerospace certification process, which was derived from MIL standards and so is heavily influenced by the DOD/MIL system and software development practices. The core objective of the certification process is therefore to achieve safety assurance in design, operation, and maintenance. Aerospace certification processes focus on rigorous verification to ensure that the safety-critical functions meet appropriate design assurance levels.
Given this background, it is unsurprising that the regulatory authorities, and hence the industry as a whole have been cautious in adopting new technologies such as object-oriented technology, model-based system development, formal methods, and multi-core hardware. Tool qualification processes reflect the same cautious approach and involve considerable deliberation between the various stakeholders, which is clearly justified but can be a source of frustration.
However, in my opinion, cybersecurity currently represents the biggest challenge in modern aerospace system development and certification. The aviation industry has long been well known for its safety focus, and that takes on a new complexion now that the aviation network and even aircraft are increasingly being connected to private networks, the internet, or both. Services offered vary from customer services exemplified by high-speed broadband and in-flight entertainment (IFE), to flight support functions including weather data, maintenance, ACARS over IP, and database upload.
The aviation world is consequently now starting to face the same challenges as providers of connected services elsewhere, for example in the automotive sector and the IIoT. However, the risks associated with connectivity are arguably even higher in the case of the aviation network.
The biggest part of this challenge is rooted in the fact that isolation has been a sufficient guarantee of security for many years, and practices and processes have relied on that status. Retrospective software upgrade to enhance the security of existing systems tends to be costly, ineffective, or both. The net result is that security compromise carries a very real threat to the exemplary safety record established by the aviation industry.
Are the aerospace industry and other stakeholders, including regulators, ready for the security-based challenges?
I have observed the growth of the aerospace industry and careful acceptance of newer technologies by regulators for many decades. While stakeholders (OEMs and suppliers) push for innovative technologies, regulators try to measure the impact of technology on their safety specific mission and values. Connectivity represents the latest of these technological changes, and managing security while ensuring safety is an overwhelming task for all the stakeholders.
The challenge is to find a common security framework with ground rules encompassing various guidelines to form a synergetic and symbiotic ecosystem. For example, in LRU and aircraft system software, DO-326 based guidelines from RTCA are most appropriate, whereas ISO 27000 based guidelines and NIST based standards could be applied to supporting IT infrastructure.
The overlapping security boundaries between OEMs, airlines, data link service providers and other data centre providers need to be defined precisely, with clearly formulated individual and joint responsibilities. Security duties and common practices must be shared between the various stakeholders to avoid ill-defined “gaps”.
Given that the need for these practices is so new to so many, it will not be feasible to create such a security mindset overnight.
What is expected of stakeholders to address the challenges?
In my opinion, there are three layers of security to consider - namely embedded application security, system security and network security. Let me expand further.
Embedded Application Security represents the lowest level security layer. For example, measures to ensure embedded application security include the checking of code level implementation against security vulnerabilities like CWE, CVE, and others. This is necessary because many high-level languages such as C and C++ were not developed with safety and security as a priority. Many code constructs and library functions are open to misuse, potentially introducing vulnerabilities which could be exploited as part of a fully-fledged attack. Secure coding guidelines such as CERT and MISRA help to identify these potentially unsafe and insecure code constructs during the code review phase, and Static Application Security Testing (SAST) tools can help by verifying that source code meets the chosen guidelines and standards.
Dynamic Application Security Testing (DAST) tools are also available to help expose susceptibility to such as cross-site scripting, SQL injection, command injection, path traversal and insecure server configuration.
System Security represents the middle of the three layers. Within the aircraft system, a multitude of LRUs and other devices communicate by means of various buses (RS232, RS485, MIL, ARINC) and network connections (LAN, WLAN,4G LTE). Enhanced connectivity brings multiple security issues and vulnerabilities, particularly where secure domains share network infrastructure with less critical, connected domains. The analysis of access vectors, threat vectors, threat scenarios, and of threat impact on assets is required. Security measures, security-based architecture and designs must also be implemented.
Network Security represents the uppermost security layer. Company intranet networks have the potential to be compromized from inside or outside. Organization wide networks need to be defended against cyberattack. Switches, gateways, firewalls, intrusion detection systems and routers need to be configured and managed correctly in accordance with a clearly defined organizational security policy.
Organizations should devise appropriate plans, procedures and approaches to manage these multiple layers of security. In addressing security considerations in the lowest “embedded” layer, my recommendation would be to adopt security-driven development in parallel with existing safety focused processes. It is much easier to integrate security focused architectures early in the development lifecycle than it is to retrospectively add security measures after a system is developed.
Nevertheless, a potential challenge lies in the implicit need to blend existing safety processes with upcoming security processes, and yet maintain a coherent development framework.
What are LDRA’s offering for safety and security embedded market?
We are a leader in software safety & security solutions. For over 42 years, we have been working with leading companies across the world to create safe and secure products in sectors such as aerospace & defence, automotive, medical, industrial and rail transportation.
LDRA offers software tools, services, and skills development programmes for both industry and academia.
The key features of the LDRA tool suite are the automation of requirements tracing, unit testing, programming standards checking, complexity metrics analysis, data flow anomaly detection, code coverage, regression testing, and host/target testing. These solutions help developers to overcome the challenges of showing real-time software to be as reliable, rugged and as error-free as possible, perhaps to adhere to functional safety and/or security standards such as ISO 26262, DO178B/C, IEC 62304, IEC 61508, IEEE 12207, or EN 50128.
The LDRA Certification Services (LCS) team provides unique tailor-made consulting services to OEMs and suppliers to help them to achieve compliance to domain-specific standards (aerospace, automotive and others), and to efficiently clear certification and compliance hurdles.
The LDRA Academia Alliance Program (LAAP) aims to providing expertise for a safe and secure tomorrow. Under this program, LDRA collaborates with leading academic institutes around the world to provide tomorrow’s software safety & security professionals with the right skill sets.
The LDRA Competency Centre (LCC) is a world-class training facility for the development of safety and security skills. It offers a one-stop solution for the assembly and maintenance of a competent workforce for safety-critical and security-critical industries. LCC offerings for the aerospace sector includes training in the DO-178C, DO-254, ARP 4754A, ARP 4761, and MIL-STD-882E standards. These courses are created and delivered by DERs, functional safety experts and Subject Matter Experts (SMEs).