Friday, October 4, 2013

BYOD in the Aviation Field and the Problems that Ensue

In today’s world, technology is developing faster than businesses could have expected. Having the “latest” and “greatest” is a norm and because of that it seems everyone has their own “smart” device. Today we have the opportunity to do even more on these devices. For example, we can email, pay our bills, locate a restaurant, Google search, or BING, and connect with people halfway across the world all in the comfort of our PJ’s sipping on coffee while reading the morning paper (on a tablet) at the kitchen table. It only makes sense that the BYOD (Bring Your Own Device) trend is becoming commonplace in the work environment. The technology is already there so why not use it to your company’s advantage?
In order to keep up with competitors you have to keep up with technology, and the aviation field is no different. Electronic Flight Bags (EFBs) are being utilized more and more these days by pilots in order to achieve a “paperless” cockpit. A pilot’s flight bag holds a variety of papers for flight management, e.g., operating manuals, navigational charts and much more. So it’s no surprise that technology would make the pilot’s job easier and more efficient, and the ROI of tablet EFB adoption will accelerate exponentially when/if an airline converges airworthy systems and sensors with corporate enterprise systems via inexpensive COTS table technologies. This is where EFBs in the form of tablets are introduced. Pilots now have every possible piece of information they need stored on a personal tablet and no longer do they need to lug around a bulky flight bag. Everything the pilots need to know or check is at their fingertips or is just a swipe away.
However, like any technology, these magical devices can be applied properly or improperly, and when operational safety is on the line ensuring the proper application is a moral imperative. Security and safety is the number one challenge concerning the BYOD trend, especially in the aviation field. Since airlines don’t directly control the personal devices used by pilots and passengers, many problems can occur involving personal electronic devices (PEDs). For example, pilots could be using their personal tablet for an EFB. However, if this tablet hasn’t been Rapid Decompression (RD) or EMI tested it could be a safety risk for the pilot and the entire aircraft as well. Or if a rogue passenger wanted to passively or actively attack aircraft subsystems they could do so by hacking the low security computer systems within the tablet! Potentially, they could be as harmless as eavesdropping secure data or as dangerous as message jamming and data changing. Theory suggests actively crashing a plane is possible by hacking into avionic data buses. Hugo Teso, a security consultant from “n.runs” in Germany recently presented Aircraft Hacking: Practical Aero Series at a security conference in Amsterdam. In his presentation he was actually able to hack a Boeing Jet while it was in “autopilot” and was able to change the course of the flight. The only reaction a pilot could take, if he knew the airplane was hacked at all, was to take it out of “autopilot”. Teso simply used his Samsung Galaxy and a specifically created app called PlaneSploit to accomplish this and other hacks. While not a real-world event, this demonstration underscores the risks and reasons for solid mitigation strategies when deploying tablet EFB devices.
So as technology broadens the capabilities of commercial-off-the-shelf (COTS) devices being used in the aviation field either by pilots or passengers, it also adds some security and safety challenges along the way as well. The BYOD trend is not likely to fade from the work environment because it’s just too cost effective to avoid for some. In fact, the trend will probably grow as personal electronic devices become more enterprise friendly. Here are a few suggestions our editors, software engineers and consultant DERs within the industry agree are necessary to lessen any real or perceived adverse consequences, while maximizing deployment efficacy and ROI of and COTS tablet EFBs.

1.   Ensure the host operating system of the COTS device take full advantage of hardware and software encryption.

2.   Maximize the use of “closed system” architectures when selecting COTS tablet EFB platforms.

3.   Avoid the implementation of any GNU or other open source software and DataCom standards like 802.11 (Wi-Fi) or Bluetooth.

4.   Ensure all newly introduced installed equipment is adequately rated for the system architecture. (This includes software design assurance levels and TSO ratings which are consistent with existing systems and sensors.)

5.   Keep It Simple and Smart (K.I.S.S.) and don’t try to reinvent the airframe. Allow existing aircraft data concentrators and aggregators to “serve” data to the EFB system with minimal encoding and data merging.

These are just a few key points the team at ASIG suggest in order to keep airline pilots, flight crews and passengers safe and secure.
Until next time, stay 5x5, mission ready, and Wired!

No comments: