As our world becomes increasingly and irreversibly connected, Cyber Security is a rising concern in every industry. Modernity has a price: cyberattacks. Everybody has heard about the exploits of criminal hackers against online banking or websites - stealing money or data (Cybercrime/Cyber-activism) - but new sectors are now actively targeted, even sometimes by the so-called ‘state-sponsored attackers’.
For example the US-American gas pipelines, the Irish national health system, national power grids, connected retail, or even uranium enrichment plant centrifuges. In such scenarios, the goal is less to steal than to destroy and to harm. This is Cyberwar or Cyberterrorism.
In modern aviation, everything is also connected: planes, air control towers, radars, radios, servers… and they are more and more connected by digital networks and infrastructures which are therefore vulnerable to cyberattacks.
While there have not been any reports of cyberattacks against aviation so far, this sector is a high-potential target, as it represents a major part of international infrastructure. The knowledge needed to “hack” network systems and digital infrastructures is becoming more and more common, especially because of the development of the darknet and therefore relatively low skilled people in I.T are able to freely download and utilize sophisticated cyber weapons developed by specialists.
On the other side, there are more and more of these (in)famous “state-backed” attackers. They usually benefit from an important budget and a strong logistic support. Their goals can be hybrid: harming an enemy country while also making a profit.
The terrorist threats against aviation are well-known. Since ‘9/11’, security has been drastically enforced everywhere in the world to prevent dangerous and hostile people from boarding planes.
A cyber attacker could take control of machines in an Air traffic Control infrastructure and deploy several attacks that could have various effects ranging from a partial disruption of the information available to the ATC controllers … to an aerial catastrophe.
In what follows, we will see several concrete scenarios where an attacker with relatively modest means could enter an ATC infrastructure and create threats.
We will also see what techniques can be done to prevent these attacks from happening.
Identification of threats
Cybersecurity is a very important industry and mature enough. Threats, in this domain, are usually well-known:
- Attacks against operating systems;
- Attacks against software, especially used in data transfer;
- Attacks using network protocol flaws;
- Social Engineering;
- etc. ...
Cybersecurity vendors often propose good and efficient solutions. In general, an ATC infrastructure is expected to follow the same path than any other organizations equipped with computers.
Here are several points which are generally required in order to maintain a secure infrastructure:
- Having a good understanding of all possible attacks and intruder profiles;
- Having a dedicated cybersecurity team (Chief Information Security Officer…) or subcontract the cybersecurity to an established company;
- Be equipped with operating systems having robust security (latest patches), access controls, administration, strong password policy, etc ….
- Running regular network scans, antivirus scans;
- Having a secure network topology;
- Preventing the ATC personal to plug personal electronic devices via USB or other access point.
These are very ‘basic’ requirements. In general they are hardly rigorously implemented, especially the point 5).
Anyway, even strongly implemented, these requirements may not really prevent sophisticated cyber-attacks. Additionally, a secure infrastructure may need the following:
- “Strong” cryptography;
- Secure electronic devices equipped with secure storage, secure cryptographic computations and anti-tampering (e.g., HSMs, electronic IDs for users and machines, see #4 and #5 in the 2021 cybersecurity trend report)
- A PKI infrastructure;
- Multi-factor authentication, especially additional biometric identification.
There are extremely few ATC infrastructures equipped with such components but in the near future, this may change.
A few scenarios…
In the next articles, we will explain and detail which techniques an attacker could use to enter and disrupt the operations of an ATC infrastructure. What this will result in and how to prevent this from happening.
For this we offer a fictive but very realistic infrastructure with radar data (coming from SkyRadar's NextGen 8 GHz Training radar), a flight data processing system (training system), data servers, visualization and ATC working positions. If desired, it can be embedded in a real ATM system with simulated inputs. We simulate the attacks and present their various effects:
- An attacker enters the ATC infrastructure by using a password cracker;
- The attacker opens a shell on a cloud-server used by ATC infrastructure, thanks to available hacking tools;
- The attacker manipulates the data from the cloud-server and gives the ATC controller the illusion of many fake planes in the radars, resulting in panic and clear disruption of the operation;
- The attacker starts a Denial-of-service. This prevents the whole infrastructure to work;
- The attacker flows the DHCP server, preventing the ATC controllers from connecting to the data source.
Breach, Attack & Defense Simulator + Electronic Counter Counter Measures
A complete attack scenario would combine attacks using both radio (fake signals etc. …) and cyber components (software attacks). In the Breach, Attack and Defense Simulator described above, we focus on cyber attacks. Defense mechanisms against malicious Electronic Counter Measures (ECM) of radar and radio systems are called Electronic Counter Counter Measures (ECCM). For those ECCM, please use SkyRadar's Radar Training System. The radar training system and the BA&S Simulator can be combined and enriched with a full-fledged Radar & Tower Simulator.
Stay tuned! with the forthcoming articles on cyber-defense in ATC, or sign up for a free two-week testing of our Breach, Attack & Defense Simulator:
About the Authors
Martin Rupp is a cryptographer, mathematician and cyber-scientist. He has been developing and implementing cybersecurity solutions for banks and security relevant organizations for 20 years. Currently he is researching attack scenarios and the role of AI in ATC cyber-security.
Peter Smirnoff has a long experience in Cryptography, both in industry and research. Peter has worked on the Windows Crypto API, OpenSSL, digital signatures, X 509 Certificates etc. He has profound implementation experience with PKCS-11 smart-cards as well on Linux and Windows platforms.
Ulrich Scholten is a founder of SkyRadar. As a research associate at the Karlsruhe Service Research Institute, he researched network effects, emergence and control mechanisms in platforms and distributed cloud scenarios. He holds several patents in radar technology and the Internet of Things. Ulrich has a PhD in Cloud computing.
- Gartner Top Security and Risk Trends for 2021 (April 2021)
- Read more about Cybersecurity for ATSEP and AVSEC (2019-today), by Dawn Turner, Martin Rupp, Peter Smirnoff, Ulrich Scholten and Dennis Vasilev.
- More articles on Cryptography, Key Blocks and Key Management (2018 - today), by Martin Rupp
- Articles on the protection of critical platforms and strategic response (2017 - today), by Ulrich Scholten and Stefan Hansen
- Articles on Key Management and HSMs (2017 - today), by Peter Smirnoff