Technology is advancing aviation safety and performance in various ways. The Federal Aviation Administration (FAA), International Air Transport Association (IATA), the International Civil Aviation Organization (ICAO) and commercial airlines continuously put efforts into the modernization of aviation systems and process through the adoption and implementation of innovative technologies including electronic flight bags (EFB) and Automatic Dependent Surveillance–Broadcast (ADS-B). While technologies such as EFBs improves performance, they also induce cyber threats, which may be disastrous. Consistence with the FAA’s guidelines prescribed in Advisory Circulars (ACs) and Orders, there is a growing need to for extra vigilance. This project analyzed the cyber security challenges facing commercial aviation, specifically within the context of EFB adoption.
This research project is about electronic flight bags (EFBs) used by pilots and other flight crew as a navigational aid, as well as a tool for situation awareness during flight operations. Historically, civil aircraft was connected through government-regulated service providers (Johnson, 2013). With time, leading manufacturers such as Airbus and Boeing begun providing Wi-Fi for maintenance. The wireless maintenance entailed digital loading of software parts and navigational databases. In the same line, vendors begun adding flight-planning apps on portable devices (electronic flight bags). Security concerns emerged when EFBs started interfacing with other avionics (Hiltunen, Chase, Kendra, & Jo, 2015; Johnson, 2013). EFBs targeted aircrafts with advanced cockpit information systems. The aviation industry is crucial to the prosperity of the global economy. Compared to other modes of transport, air transport is arguably the most advanced mode in terms of adoption and implementation of cyber security standards (Kaiser, 2012). As entities in the aviation sector continue to migrate their processes and systems to the digital landscape, they face numerous security threats from various sources. Electronic flight bags (EFBs) are an apt example of promising technological advancements presenting solemn concerns to the cyber security of the aviation industry. It is in this line that the Department of Homeland Security (DHS), ICAO, the Civil Air Navigation Services Organization (CANSO) and IATA arrived at a consensus on the development of a common roadmap to orient their respective action toward cyber security (ICAO, 2014).
As aviators continued to acknowledge the benefits of adopting portable electronic/computing devices to perform various manual functions delegated to flight crew, EFBs are becoming approved replacements of paper-based chart information in crew flight bags (Skaves, 2011a). EFBs entered the flight deck environment general aviation (GA) and air transport aircraft to support the need for paperless operations (Begis, 2012). Operators are also seeking additional EFB capabilities while expanding their operational scope. According to Skaves (2011a), a proportionate expanding of EFB functionality and flight deck complexity continues to take place to contain multifunction including: (1) display of security camera images, (2) display traffic information, (3) compute flight performance data, (4) depiction of aeronautical data, (5) internet connectivity, (6) upload of real-time flight data into flight management system, and (7) data communication with ground stations. Observably, these multifunctional capabilities are targets of cyber criminals. As noted by Bryant, Mills and Lopez (2017), a malfunction in an EFB can ground an airplane, particularly where alternative tools or documentation are lacking. In fact, Skaves (2011a) attributed the establishment of joint operational guidance and certification to the hazards associates with EFB malfunction or EFB loss.
Along with the first order offer - 15% discount (code firstpaper15), you save an extra 10% since we provide 300 words/page instead of 275 words/page.
Cyber security threats have a direct effect on the safety of both in-flight crew and passengers (PwC, 2016). According to PwC (2016), cyber security is an elevated risk that needs close attention because it affects various business aspects. While cyber risks are inevitable, they must be managed. Effective risk management requires risk analysis and collaboration between stakeholders, including regulatory authorities, the academic world and industries. The collaboration is intended to leverage the collective power of stakeholders in the aviation industry. EFBs is a key technological advancement towards the digitization of the aviation transport system (ASRS Callback, 2010; PwC, 2016). Through its integrated and modular applications, EFBs presents an innovative approach to digital information delivery and management in flight decks. In addition, airlines realize operational and maintenance cost savings, enhanced electronic document management, improved safety and configuration control. Research has also shown that EFBs aid flight crew to compute variables such as aircraft weight and flight performance (Hiltunen, Chase, Kendra, & Jo, 2015). It is essential to ensure that EFBs are fitted with authenticated and authorized software to avoid or minimize the risk of hackers taking control of aircraft functions and to prevent any malware from collecting any confidential data on interfering with the aircraft functions.
As the aerospace sector steps up its digitization, cyber security is increasingly becoming a top concern that must be addressed to prevent, detect and mitigate the disastrous nature of cyber-attacks. Key aircraft functions, including flight braking and landing, navigation and control, and inbuilt information systems are managed by safety critical software and embedded electronics. The associated software is viewed as security-critical because the safety and security of the flight is reliant on the effectiveness of the software. In agreement with Skaves (2011b), the existing FAA policies, regulations and guidance inadequately addresses data and network security requirements for various aircraft systems. As of consequence, security certifications related to EFBs may be unstandardized between FAA services and other regulatory agencies. Furthermore, the aviation system is an attractive target for cyber-attack or targeted cyber-attack on some of the vital elements due to its integrated and complex nature. As commercial airlines and regulatory agencies modernize processes and systems in the aviation industry, technologies such as EFBs and their integration with existing systems induces new threats to aircrafts. Furthermore, the availability of an array of hardware and software that might serve as EFBs, including commercial off-the-shelf (COTS) mobile electronic devices, such as laptops and tablets and laptops also amplifies the threats. This project’s researcher argues that the continuous identification of new threats and vulnerabilities is a necessity for the development of security mechanisms to detect and prevent new threats. In other words, there is a need to identify vulnerabilities associated with the use of EFBs in order to prevent the disastrous nature of threats that might be propagated through EFBs. To that end, the project intends to partially identify and make recommendations regarding cyber security challenges surrounding the use of EFBs.
In maintaining an orientation towards the national and global cyber security, the vision is to determine the relationship between electronic flight bags and cyber security. The central objective of this proposal is to analyze the cyber security challenges facing commercial aviation in the context of EFB adoption. The proposed research will be guided by the following objectives:
1. To explore the cyber security threats induced by EFBs.
2. To investigate the cyber security regulations and standards related to EFBs
3. To identify the mechanisms in place and measures taken to address the cyber threats induced by EFBs.
Null hypothesis. H0: Electronic flight bags and new mobile devices are not vulnerable vectors in the commercial aviation industry.
Alternate hypothesis. (Ha): Electronic flight bags and new mobile devices are vulnerable sectors in the commercial aviation industry.
Since the domain of cyber security is very broad, this research centered on the cyber security challenges emanating from the adoption of EFBs. The scope is motivated by the growing approval and popularity of EFBs among various aviators. In other words, the scope of this project provides information on cyber security issues related to the use of electronic flight bags. In the same line, some external data network connection must be reviewed for potential cyber security threats to cockpit operations. Furthermore, the project addresses security issues related to cybercriminals that could gain access to aircraft systems with the intention of causing damage to the aircraft and related systems.
This research increases the collective knowledgebase in aviation cyber security; helps the researcher identify potential knowledge gaps; support the identification of threat and risk environments; and provides information that could be exploited to establish cyber security guideline in the EFB domain. In essence, the research contains findings and analysis of an extensive review of challenges facing commercial aviation within the domain cyber security involving electronic flight bags. The analysis improves understanding of the impact of cyber security with regards to EFB usage and the measures that aviation personnel might exploit to address real world cyber-attacks.
The main limitation to this research is the restricted access to primary EFB safety reports. The description of the security vulnerabilities and EFB-based accidents/incidents are limited because of the confidential nature of the information. In addition, long delays in accident investigations also limit the number of publicly available reports for incidents/accidents that occurred in the recent past. The second limitation pertains to the nature of the research. Due to time and resource constraints, the research adopted a qualitative research method, implying that there was no collection of empirical data, which would have supplemented the collected secondary data. In other words, the research method limited the amount of data collected. Furthermore, the industry experts disclose minimal information about vulnerabilities in products under design. The last limitation pertains to the legal restriction to carry out real attacks to help the researcher empirically evaluate the impact of cyber-attacks on EFBs. Despite the highlighted limitations, these gaps were filled with extensive literature collected online.
Invite your friends and get bonus from each order they
Review of Relevant Literature
As the foundation of problem identification, a detailed review of existing literature regarding the cyber security challenges facing commercial aviation, with EFBs in particular, was conducted. The review and analysis provided regulatory, scientific and operational reference material from various sources. In subsequent parts of this literature review, the researcher outlines EFBs, EFB classification, EFB application type, EFB-based incidents/accidents, cyber security threats involving EFBs, human factors, and risk assessment.
Electronic Flight Bags
IATA and FAA have identified electronic data exchange and digital network connectivity in the aviation industry as the foundation of future efficiency gains within the industry (IATA, 2016; Wolf, Minzlaff, & Moser, 2014). Consistent with this observation, a number of researchers and industry reports have identified electronic flight bags as vital data exchange and digital devices in the complex and integrated global aviation industry (Pschierer, et al., 2011; Tobon, n.d.; Wu, Lachter, Johnson, & Battiste, 2010). As noted by Pschierer et al. (2011), modern pilots have to obtain information from multiple source such as approach/STAR/airport/SID or en route charts and updates through voice communications. Within the same context, flight crew are required to mentally combine these types of information accurately. This payload is likely to increase in the NextGen/SESAR world marked with changes in flight plan (trajectory), and frequent updates of NOTAMs (Evans, Young, Daniels, & Myer, 2013), which require a higher degree of information presentation and automation. To address these issues, increase situational awareness and lower the flight crew’s workload, EFBs present a concept where all the necessary information is transmitted, received and processed through one application.
The FAA defined EFBs as electronic displays primarily designed for the cabin crew or flight decks use, and include software and hardware for supporting intended functions (FAA, 2011). The range of EFB functionality include hosted applications and databases. Hosted applications are software running on the EFB but not part of the aircraft type design (FAA, 2014). EFB displays may use an array of formats, technologies and means of communications. According to Bryant, Mills and Lopez (2017), EFBs are mobile-based devices with software applications that replace traditional paper-based checklists, charts and other documents used by flight crew in the cockpit. EFBs have receivers and transmitters, which enable users to relay broadcasts from various aeronautical information services to the inbuilt app. The app presents the relayed information to users in a meaningful manner. Typically, EFBs carry documentation, as well as calculation and navigation tools that are obligatory for flight operations. EFBs also deliver electronic data management capabilities as a portable computing and touch screen user interface-based display in flight decks (Begis, 2012). EFBs can increase the efficiency or safety of operations integrated into the cockpit (Chase & Hiltunen, 2014).
With the evolving roles and growing responsibilities in the cockpit, there is a growing desire for existing and future cockpits to possess various capabilities that technologies can offer, and electronic flight bags are the most promising primary platforms to implement. Wu, Lachter, Johnson and Battiste (2010) evaluated the use of EFBs as a tool of providing enhanced weather and traffic displays on the flight deck. From the evaluation, it was evident that scan path data from one of the participating pilots demonstrated the expected crosschecking when weather data was displayed distinctively from traffic information. The participating B737/757/767 line pilot had between 1000-3000 hours of glass cockpit experience. (Wu, Lachter, Johnson, & Battiste, 2010) In addition, the participant lacked prior experience in flying a continuous decent approach (CDA) but was exposed to the cockpit situation display (CSD). The evaluation was an integral part of a distributed human-in-the-loop simulation, which involved eight desktop applications, pseudo pilots and two pseudo controllers. During the simulation (Boeing 777 flight simulator), pilots carried out en route weather avoidance followed by spacing and merging task during a CDA. Results showed that having multiple displays lengthened the time taken to cross check traffic and weather information. In other words, having multiple data sources has the potential of negatively affecting the time taken to modify traffic and weather information within flight decks. From a positive perspective, EFBs can improve weather and traffic data modification if used as the primary display. As the adoption of EFBs to improve technological capabilities of future cockpits may be inevitable, Wu, Lachter, Johnson and Battiste (2010) stressed that there is a need to monitor how the adoption of EFBs can impact task performance.
Electronic Flight Bag Classification
EFBs are classified into three classes as per the FAA Order 8900.1, Vol. 4, Section 1 of Chapter 15, EFB operational Authorization Process. : Class 1, Class 2 and Class 3.
Class 1 EFBs. Devices under this class are characteristically portable COTs that are part of the flight crew kit. As per the FAA Order 8900.1, 4-1643A, Class 1 EFBs are not connected to an aircraft’s data system. In addition, these devices are also not mounted on aircraft’s cockpit. Mounting devices include clips, docking stations and cradle among others. Furthermore, Class 1 devices are also unconnected to the aircraft’s primary power supply. However, in line with AC 120-76C, Class 1 EFBs may be connected to the aircraft’s power supply on a temporary-basis (FAA, 2014).
Class 2 EFBs. Consistent with FAA Order 8900.1, 4-1643B, Class 2 EFB are often mounted to an installed mounting bay and may be connected to the aircraft’s data source wirelessly or through a wired connection (FAA, 2014). In contrast to Class 1 EFBs, Class 2 EFBs may have an installed antenna and then connected to the aircraft power source. Consistent with AC 120-76C, Class 2 EFBs should be easily attached or removed from mounting devices by flight crew personnel with ease.
Class 3 EFBs. These devices are installed in line with airworthiness regulations outlines in AC 20-173 (FAA, 2011). The main difference between Class 3 EFBs and the other two is that the former is considered as part of the aircraft type design (FAA, 2014). That is, Class 3 EFBs are outlined in supplemental type certificate (STC) or aircraft type certificate (TC).
Electronic Flight Bag Application Types
Consistent with AC 120-76D, EFB applications are categorized into two types: A or B.
Type A. Type A EFB applications are those whose failure condition is considered by the FAA to be having no significant safety implication. Not only are these applications able to replace or substitute any system, equipment or paper required for operational regulations or airworthiness, but they also do not require special conditions for use (FAA, 2017). Some the Type A EFB applications include, aircraft parts manuals, Configuration Deviation Lists (CDL), minimum equipment lists (MEL), flight crew rest log, pilot duty and flight logs, International Operations Manuals, and chart supplements among others (see Appendix A for a detailed listing).
Type B. The FAA classified the failure condition of these applications as minor. While they may replace or substitute paper-based information needed for dispatch, Type B application may not replace or substitute any installed flight deck equipment required for operating regulation or airworthiness. Most importantly, Type B applications requires authorization from the FAA for usage in commercial aviation (FAA, 2017). Examples of Type B EFB applications include airplane flight manuals (AFM), Airplane Flight Manual Supplement (AFMS), flight attendant (F/A) manuals, flight operations manuals (FOM), operator’s FOMs, operator’s standard operating procedures (SOP), and maintenance manuals (see Appendix B for a detailed listing).
Top Writer Your order will be assigned to the most experienced writer in the relevant discipline. The highly demanded expert, one of our top 10 writers with the highest rate among the customers.Hire a top writer for $10.95
ASRS Incidents and Accidents Involving EFBs
The era of paperless flight deck has dawned, and as of consequence, NASA’s Aviation Safety Reporting System (ASRS) is documenting more about various incidents involving EFBs (ASRS Callback, 2010). Despite having numerous advantages as pointed in the preceding section, EFBs may have display limitations compared to paper charts which provides a big picture of the navigation areas at a glance. Consistent with this observation, a speed deviation incident involving a captain of the GA fractional jet demonstrated that it is challenging to have an entire navigation chart page on an EFB with a small screen in a readable format (ASRS Callback, 2010). This is subject to the fact that EFB screens may display mixed graphics and text; thus, the need to scroll down is elevated. Another typically problem documented by ASRS pertains to wrong or outdated information. The accuracy of EFB database is critical to the safety and security of flights. Inaccuracy may result in FAR infraction or airspace violations. For instance, a light twin pilot on VRF test used an outdated low altitude chart located on the panel-mounted GPS for airspace avoidance and orientation (ASRS Callback, 2010). Despite using a backup EFB, the pilot incurred the airspace because both TRSA and GPS databases about the airspace were inaccurate. ASRS also reported an incident in which an A320 flight crew en route noted that some of their manuals on the EFBs they were using were out-of-date. An MD-11 pilot also encountered a problem of being new to the application of EFB, having FO’s EFB unavailable as a backup and being new to an airport (ASRS Callback, 2010). This incidence illustrates the significance of EFB backup and continuous training. In August 2008, Spanair flight 5022 crashed because of technical issues caused by a malicious software infection, leading to loss of 154 lives (Abeyratne, 2016).
Cyber Security Threats Involving EFBs
Threats are potential for threat-sources to successfully execute certain vulnerabilities. Vulnerabilities are weakness that can be deliberately exploited or accidentally triggered. Threat-sources presents cyber risks where vulnerabilities are exploitable. In determining the probability or likelihood of cyber threats, the key variables to be considered include potential vulnerabilities, threat-sources and existing controls (Skaves, 2013). IATA (2016) acknowledges the need for cyber security strategies in the aviation industry because the security threats aviation assets are increasingly becoming sophisticated and more challenging to detect, prevent and mitigate challenging to address (IATA, 2016). One of the emerging cyber security challenges that is still emerging and complicated to address related to EFB attacks. As part of critical aviation infrastructure, which covers in-flight and air traffic management (ATM), EFBs relies on a seamless flow of information, which ensures availability of critical functions and applications hosted on EFBs. Furthermore, civil aviation operations such as air traffic control relies in information technology and computerized systems. EFBs are dependent on information assurance relating data, protocols, communication standards, networks and software that support aircraft functions (Lim, 2014). The European Aviation Safety Agency (EASA) sponsored a study on the best practice regarding to the approval of EFBs’ performance (Tump, Karwal & Verbeek, 2015). Some of the challenges encountered with the approval of EFBs included integrity of the performance data, security of performance apps hosted on portable EFBs, complexity in performance validation and quality assurance at the operators.
Stander and Ophoff (2016) studied claims that suggest the possibility of hacking into avionic systems and remotely control aircraft. The researchers were motivated by the observation that while cyber security was not perceives as a critical issue in the aviation industry at the time of the research, the issue was likely to be a critical subject due to rapid adoption of digital technologies in the industry. The researchers’ aim was to not only demonstrate how aircraft information systems could be compromised, but also indicate that vulnerabilities exist. In acknowledging that empirical work in this cyber security domain is challenging, Stander and Ophoff (2016) carried out an extensive literature survey to identify resources related to the subject areas. Most of the identified literature was theoretical in nature and in instances where vulnerabilities were studied, it was challenging to demonstrate that they could be exploited in practical world. Results showed that manufacturers and regulatory agencies take various steps to prevent occurrence of various cyber threats. However, vulnerabilities still exist and there is a need for a collaborative approach in the aviation industry to identify and eradicate such cyber vulnerabilities. The implication of this research is that EFB manufacturers and regulatory agencies such as the FAA should give focus proactive cyber security strategies. Figure 1 illustrates cyber security issues in an aircraft.
Despite the technological advancements in the domain of information security, the aviation industry faces a number of threats, particularly in the adoption of EFBs largely because of proliferation of portable COTs, sophistication of cyber intrusion tools and ease of access to hacking technologies (Deloitte, 2015; Gupta & Shukla, 2016; Stander & Ophoff, 2016). According to Stander and Ophoff (2016), the existence of numerous untested EFB devices and delay in testing them might lead to conclusions that some vulnerabilities exist. Other predominant vulnerabilities include data loss, EFB database breaches, denial of service (DoS), vulnerable application programming interfaces (APIs), malicious insiders and shared technology or API issues. These threats are consistent with the critical infrastructure profile outlined by the European Union Agency for Network and Information Security (ENISA). ENISA (2014) outlined data breaches, cyber espionage, application injections and malicious codes as threat in the computing environment. The commonality of these threats illustrates that cyber security is a phenomena that cuts across various industries and platform.
EFBs are IP-enabled devices radically changing ways airlines operate from ground to the flight deck. While they allow the industry to address operational inefficiencies to improve scheduling, optimize aircraft performance and improve access to quality real-time data, EFBs are not without risks. For example, applications that automate tasks such as route tracking and weight balance may result in flight delays and flight risks due to balance issues (Deloitte, 2015). In the 2013 HITB Security Conference held in Amsterdam, Hugo demonstrated hackers’ ability to gain remote control access to critical flight controls using an Android phone application (Teso, 2013). The attack followed a classical methodology of discovery, information gathering and then exploitation. The target of the attack was some vulnerable on-board system. ACARS and ADS-B protocols were used at the initial phases – discovery and information gathering. The application was developed from a commercially available flight simulator, highlighting a monoculture vulnerability. According to Andreades, Kendrick, Poresky and Peterson (2017), monoculture vulnerability refers to the widespread availability and use of software across various platforms and networks, leading to an extensive knowledge of the system architecture, operation, backdoors and default passwords.
The other attack vector that has been documented across various industries pertains to EFB connection to private domains, which can be exploited externally. Chris Roberts, a security researcher, managed to exploit Boeing 787’s passenger in-flight entertainment (IFE) system that was wired to the aircraft’s communications, navigation and control domain systems (Andreades, Kendrick, Poresky, & Peterson, 2017). Following the identification of this vulnerability, Boeing applied for a modification in Type Certificate (TC) No. T00001SE Rev. 30 as a measure of addressing the issue (FAA, 2013). In line with 14 CFR 21.17, Boeing as a certificate holder had to prove that its Model 777-200, -300, and -300ER series aircraft complied with Part 24 provision of 14 CFR. IFE employs popular connectivity technologies, including Android clients and the Ethernet protocol. The implication is that the integration of EFBs with other systems, particularly IFE might also be an entry point.
As pointed by Skaves (2011), the key issue for cyber security of EFBs is the potential that the mixed criticality of the shared networks elements may elevate hacking possibility from other network segments to the EFB domain by circumventing existing security measures. In other words, there are various entry points and several levels of attacks that can be exploited. Unencrypted signals and lack of mutual authentication in the NextGen environment increases the threats of integrity and confidentiality loss. The ensuing subsections reviews some of the vulnerable aviation air services critical to the functioning of EFBs
Global positioning system (GPS). GPS as a functionality of EFBs relies on satellite technology to provide the position of aircrafts. By its very design, GPS receivers are non-interactive and support arbitrary number of active users. The passive, non-interactive nature of GPS makes the service vulnerable to replay attacks. Furthermore, spoofing is also possible due to non-authenticated navigational signal. Spoofing attacks involve a combination of message deletion and message injection. Attackers have to eavesdrop the channel to interpret the transmitted message and then interfere with it.
Automatic dependent surveillance–broadcast (ADS-B). ADS-B forms the building block of NextGen by moving from ground-based navigational aids (radar) to the accurate tracking using satellites. ADS-B is an example of aircraft systems with wireless access to ATS providers. The technology enhances efficiency and safety, but also benefits airlines, airports, air traffic controllers and pilots directly. One of the security concerns regarding ADS-B pertains to a lack of specified encryption for information broadcasted by ADS-B Out. ADS-B Out is a technical term referring an aircraft broadcasting information such as its position. On the other hand, ADS-B In refers to the process of receiving information and broadcasts from ground network. EFBs are susceptible to attacks through ADS-B because they may serve as flight deck displays as long as it conforms to AC 20-172B. Research has also demonstrated a number of cyber security vulnerabilities in ADS-B communication, including modification, message deletion, flooding and eavesdropping (Stander & Ophoff, 2016). Message tempering is also easy with simple cyber intrusion tools because it does not require authentication.
Aircraft communications addressing and reporting system (ACARS). ACARS is an air-to-ground communication infrastructure used to transfer information from a flight deck to air traffic controllers and operations centers. Typical airline operational control (AOC) messages transmitted through ACARS include weather information, landing and takeoff data, and engines reports. On the other hand, aircrafts receive ATC messages such as runway conditions, weather data, departure clearances and navigation information. The criticality of such messages imply that any loss of integrity, availability or confidentiality can be devastating especially where there are no backup EFBs. Figure 1 illustrate some of the potential risks of innovative aviation technologies, including EFBs, ADS-B and ACARS.
EFB Regulations and Standards
According to Tump, Karwal and Verbeek (2015), the growing trend in the adoption of portable EFBs has compelled National Aviation Authorities (NAAs) to develop standards and regulations pertaining to EFB approvals. The demand is catalyzed by the growing popularity of EFB usage among pilots in carrying out their cockpit tasks. The FAA is an apt example of NAAs that are leading in development, issuance and implementation of regulations about the usage of EFBs. Advisory Circular 20-173 provides guidance on the installation of EFB components, including connectivity provisions (FAA, 2011). In it, the FAA describes consideration for certification of individual EFB components, as well as considerations for installation. In addition, the AC outlines acceptable standards and means to comply with 14 CFR parts, 23 25, 27 and 29.
Advisory Circular 120-76C – advancement of AC 120-76A and AC 120-76B – provides general guidance for special security considerations, including a security assessment for EFB Class III systems connected to non-ATS external data networks (FAA, 2014). A point of note is that AC 120-76C cancels both AC 120-76A and AC 120-76B. Furthermore, AC 120-76C demands that operators identify ways to demonstrate that there are adequate security measures in place for preventing the introduction of malware or unauthorized modification of COT or EFB operating systems. Additionally, the Circular mandates operators to ensure that EFBs are protected from potential corruption from external links. As of October 2017, the FAA has issued AC 120-76 D, which provides guidance on the authorization of the use of EFBs (FAA, 2017). AC 120-76D predefines tolerable standards and means for obtaining FAA approval for the adoption of EFBs utilizing both installed and portable equipment evaluated by operators are as their chosen means of information display with an equivalent level of reliability, usability and accessibility. The AC targets EFB designers and installers, as well as operators seeking guidance for hosting hosted applications for both installed equipment and portable devices. Operators or certificate holders must demonstrate that EFB components such as data and power cables are meets electromagnetic compatibility (EMC) standards.
Human Factors (HFs)
Cybercrime is a global problem that requires urgent action (Abeyratne, 2016). Holt, Moallemi, Weiland, Earnhardt and McMullen (2016) contend that when discussing cyber security, it is essential to take into account human factors (HFs) associated with cyber security. As highlighted by the PwC (2016), cyber security is not only just about information technology (IT), but also covers individuals interacting with the systems and how their underlying behavior can be exploited by cybercriminals. As cited in Holt, Moallemi, Weiland, Earnhardt and McMullen (2016), Widdowson and Goodliff (2015) demonstrated that human factors contribute to over 90% of security incidents. Taking into account of the HFs associated with cyber security, the CHEAT model categorised human factors into five broad categories: people, technology, industry, environment and history. Emphasis is placed on the observation that effective solutions to cyber security threats associated with HFs can best be developed after identifying the root causes (Chase & Hiltunen, 2014; Holt, Moallemi, Weiland, Earnhardt, & McMullen, 2016). Along the same lines, Iasiello (2013) advocated for a proactive cyber security strategy that centers on public-private partnerships to mitigate threats. Adopting this approach to HFs side, training and risk assessment is critical before operators or certificate holders invest in EFBs.
Several human factors issues emerge with respect to EFB usability, including brightness, touch screen sensitivity and installation. The first two issues are subject to modification from hackers. In addition, the installation of updates is also prone to hacking or modifications from internal threats. The underlying point it that human capital is critical to the general safety and security of the aviation industry (Drury, Guy, & Wenner, 2010). However, there is relatively little published information on the specific of human factors in relation to EFBs and cyber security. One of the existing resources in which authors explain the significance of human factor and provide example of research issues is a conference proceeding by Chandra and Grayhem (2012). The authors identified and documented human factors associated with the implementation of performance-based navigation (PBN) instrument procedures for the FAA. Their effort supported the FAA’s adoption of NextGen by providing recommendations meant to ease the adoption of PBN instrument procedures. These procedures can also be implemented on electronic flight bags. In fact, one of the recommendations regarding charting covered the capability of EFBs to zoom, scale and pan information (Chandra & Grayhem, 2012). The other recommendations entail consideration of charting implications during procedure design, and additional human factors research.
According to the FAA (2017), it is important to evaluate pilot interface characteristics or human factors of EFBs with special attention paid to unique or new features that have a direct effect on pilot performance. The UI of EFBs should have consistency and intuitiveness across various hosted applications. In addition, the interface design, including symbology, terminology, and data entry methods should be consistent across various EFB applications (FAA, 2017). Human factors and related security threats observations concerning to the use of EFB software, including moving map, electronic documents and electronic charts has been collected from simulators (Yeh & Goh, 2011). In regards to airport moving map, participating pilots noted a variation in the aircraft position as depicted by their navigational display from the position on the moving map. Ideally, there should be consistent position of the aircraft position across all visual display aids on the flight deck. AC 120-76D requires similarity of aeronautical charts with paper charts (FAA, 2017). Furthermore, Yeh and Goh’s (2011) Capstone 3 operational evaluation also noted inconsistency between electronic and paper charting information. During their study, pilots that at time they could not find information on electronic charts quickly. This is not only performance issue, but also a vulnerability that can be exploited by hackers to impair navigational functions. In the same research, one pilot reported to have received a change in runway from the ATC but the change was not reflected in the EFB. From this incidence, the pilot argued the significance of paper charts and the need for human interventions where EFBs lack updated information. In fact, as Yeh and Goh (2011) noted, the interview with the pilot compelled the airline to switch its electronic chart manufacturers to ensure that both electronic and paper-based charts were consistent and developed by the same manufacturer.
According to Joslin (2013), the proliferation and adoption of portable iPads in GA aircraft has outpaced the human factor analyses, which are typically linked with the adoption of any new or advanced flight deck technology. This gap induces security threats that are yet to be identified and poses high risk to the aerospace sector. Security personnel – airlines and airport employees – are important elements of the security system that prevents or deters hostile acts against aircrafts. Human decision-based experience and industry knowledge is still essential when managing critical scenarios in the aviation industry because human error is still present when using new technologies (Lee, 2012; Stander & Ophoff, 2016). In Yeh and Goh’s (2011) paper, it was noted that there was a challenge in the perseveration of changes made on EFB charts. Pilots noted that the map range or zoom settings often reset to default values when they leave a page of an electronic chart and went back to it. In some instances, when they rotate a map, the initial zoom settings also changed. In one of the extreme scenarios, an EFB locked up due to EFB reliability and speed issues. Specifically, simultaneous zoom and rotate actions would over utilize an EFB’s processing power making the device freeze. In such scenarios, human intervention is critical and a backup device is essential.
According to Skaves (2013), over 95% of components in aircraft systems are COTs-based. As COTs, EFBs include integrated circuits (ICs) normally produced in large scale by commercial manufacturers such as Texas Instruments, LSI Logic and Intel among others. Some of the COTs software application and ICs include operating systems, networks, microprocessors and data buss components. Skaves (2013) outlines a number of key security assumptions in the context of COTs. One of the key security assumptions regarding COTs devices is that they are procured from approved suppliers. The other security assumption is that any intentional and inadvertent corruption of COTs devices are detected during inspection or final acceptance test before they are installed or used in aircraft. Furthermore, it is assumed that avionic manufacturers have configuration control on devices purchased by suppliers and track them to ensure that counterfeits are detected and rejected through quality controls. The other assumption is that real time monitors and built-in-test software that may detect and isolate IC failures caused intentionally or inadvertently. Partially grounded on the validation of the above security assumptions, the FAA requires that special condition be applied.
Operators under EASA seeking approval for the use of EFBs are required to carry out risk assessments as part of their hazard identification and general risk management process as outlined in Acceptable Means of Compliance (AMC) 20-25 (Tump, Karwal & Verbeek, 2015). According to Skaves (2011), risk management for EFBs can borrow from guidelines from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30. As per the SP 800-30, risk management constitutes three processes: assessment, mitigation, and evaluation. Collectively, these processes allow risk managers to balance the costs of defensive measures so that systems operate correctly and are not affected. Risk assessment is a broad term that covers threat identification, vulnerability identification and impact analysis. In the EFB domain, risk assessment determines probability and impact of the potential threats as well as the associated risks across their system development life cycle (Skaves, 2011a). Threats are potential for specific threat-sources (threat agent) to fruitfully exercise certain vulnerabilities. From the Federal Information Processing Standards (FIPS) perspective, threats are events or circumstances with the potential do adverse harm on operations, individuals, organizational assets through information systems by unauthorized disclosure, destruction, denial of service (DoS) and or modification of information (Holt, Moallemi, Weiland, Earnhardt, & McMullen, 2016). Attack vectors are means or routes by which the attack source or agents influence access to critical assets such as EFBs. Based on FIPS definition, threat actions against EFBs can be classified as access threats, disclosure threats, modification threats and denial of access threats. A modification threat would entail making illegal changes to EFBs, such as modifying the trajectory submitted via Air Traffic Control (ATC) or weather data submitted by an Air Operations Center (Holt, Moallemi, Weiland, Earnhardt, & McMullen, 2016). An apt example of denial of access threat is a DoS attack blocking flight crew legitimate access to EFB applications. Typically, DoS attacks consume bandwidth to level that legitimate users cannot log in access to assets.
Vulnerabilities are viewed as weaknesses that can be triggered intentionally or accidentally. It follows that a threat-source must have an exercisable vulnerability to present a risk. In determining the probability of a threat, Skaves (2013) noted that potential vulnerabilities, threat-sources and existing controls must be taken into account. A fundamental step in assessing the level of cyber security risk related to EFBs is to determine the impact of a successful threat. Key impacts include loss of the information security triad: confidentiality, integrity and availability (CIA). Confidentiality entails the protection of the EFB data and system from unauthorized disclosure (access and disclosure threats). Loss of integrity entails unauthorized changes made to EFB systems or data by either accidental or deliberate acts (modification threats). Loss of availability refers to the unavailability of EFB system to its user; thus, affecting critical functions (denial of service threats). As an EFB design consideration stipulated in AC 120-76D, the FAA requires that information contained in EFB databases be of sufficient integrity in order to be used for the intended function without producing hazardous or misleading information (FAA, 2017).
According to Deloitte (2015), EFB users can get ahead of various threats by adopting security programs that are reliable for their vigilance and resilience. Being secure means that critical assets such as EFBs are protected against both known and emerging cyber threats. Effective security programs tend to continuously innovate measures for protecting critical assets against both known and emerging threats. Airlines can also adopt public key infrastructure (PKI) technologies to encrypt information. Furthermore, airlines can invest in federation technologies to enable third parties access critical resources securely without exposing sensitive data or incurring the cost of managing third party credentials and identities. Vigilance involves maintaining threat awareness among personnel and detection of any adversarial activities within before affects assets. Deloitte (2015) stressed that security breaches will often occur, and preventing cyber-attacks is a complex endeavor that goes beyond systems patches and regular update of intrusion detection (ID) signatures. In essence, EFB operators should be able to identify attacks rapidly before inflicting any damage. To be effective, Deloitte (2015) pointed that entities should have a security operations center (SOC) that is integrated with sensitive applications such as EFB hosted apps for detection. A SOC should also identify emerging threats grounded in threat intelligence from various agencies that share and analyze threats. For example, the Aviation Information Sharing and Analysis Center (A-ISAC) provides aviation-based information to protect aviation operations, service and businesses globally. Resilience entails recovering and ensuring continuation from incidents the moment they occur. Taking into account the complex environment and the innate risk to passenger safety, majority of airlines have invested in crisis management and incidence response (Deloitte, 2015). However, cyber threats pose unique and complex risks compared to the more conventional safety issues experienced by stakeholders in the aviation industry. It is in this line that Deloitte (2015) proposes that airlines prepare for new threats through simulated responses to real attacks. In the same context, such simulations often involve all levels of an entity, including legal counsel, technical team, external stakeholders and business leaders to assess risk and identify inclusive recovery efforts.
The research will employ the mixed-methods approach to collect and interpret data sequentially, giving priority to validity and reliability of the findings. The basis for employing the mixed-methods approach is to leverage the strengths and weaknesses of qualitative and quantitative research methods. The research also employed secondary data including industry reports involving EFBs. The research targeted cyber security challenges in the aviation industry with a focus on electronic flight bags. It was necessary to summarize from experience of private and government sector researchers who have explored cyber security approaches, polities and strategies. By going beyond the commercial aviation, and indeed outside the aerospace sector, the objective was to have a detailed understanding of the potential cyber security challenges within the context of EFBs. The focus of this research was to explore industry reports and studies with commonalities to the aviation industry with respect to cyber security, and to explore standards and measures in place to address risks and threats to EFBs’ security. Consequentially, the research was to bring forward key observations to help commercial aviation craft strategic roadmap for the cyber security of EFBs.
The researcher collected safety reports online from the ASRS database. In addition, the researcher NTSB reports were obtained online. Other online databases that contained EFB-related reports, including those held by airlines were not accessible publicly; thus, were not searched. The search criteria entailed scientific, operational and regulatory resources from various sources. Specifically, the researcher targeted documentation about operational application of electronic flight bags, hardware development by EFB manufacturers, EFB hosted software development, accidents and incidents with respect to EFB usage. In order to collect resources relevant to the research questions, key words formed the basis of the search. Some of the terms that were used to identify valuable resources included EFB, Cybersecurity of EFBs, FAA, EFB Vulnerabilities, EFB Operations, EFB Standards, and EFB Regulations among other phrases. From the research, the paper settled on resources published within the last decade and from scholarly sources, including conference proceedings, journals and industry reports. Based on this criterion, it was easy to remove old resources and unrelated reports from the search results. After settling on around 80 resources, the researcher went further to check whether EFB and cyber security and human factors were the main topics. This narrowed down the resources to 45.
Findings, Analysis and Discussion
This research entails results and analysis of a review of EFBs and observations in the domain of cyber security involving EFBs in the aviation industry. To that end, the research provide relevant benchmarks that inform strategic decisions for airlines and other stakeholders concerned with challenges facing the adoption of EFBs in commercial aviation. Documentation operational application of electronic flight bags included FAA AC-120-76C, EASA AMC 20-25 and ICAO ANNEX 6 AMD38. For analysis purposes, information was collected directly from the reports and put into tables, but other data sets were paraphrased and discussed based on their relation to the research objectives. For instance, findings were analyzed and discussed in three sections. In other words, findings and corresponding discussions are approached in line with the research objectives as outlined in the ensuing sections.
Cyber security Threats Induced by EFBs.
In order to outline cyber security threats induced by EFBs, the researcher tried to identify events and threats that were serious enough to be documented by multiple media outlets and regulatory agencies. Since the introduction of electronic flight bags onto the cockpit, there have been numerous incidents with majority being near fatal or serious and few being fatal. For example, research pilot’s failure to update EFB onboard caused the fatal accident of aircraft B747F in Halifax Nova Scotia (Johnstone, 2013). In Johnstone’s (2013) report on EFBs, out of the 67 ASRS accounts by the FAA (1995-2009), 32 reports relevant to the use of EFB charting apps and 30 associated with flight compliance performance. Alongside other technologies, EFBs are operated in a complex and potentially insecure environment where critical assets are interconnected IT systems and rely on legacy ground-to-air communication systems to relay information. In itself, the complexity of the environment in which they are operated induces various threats that demand a comprehensive approach.
In order to differentiate between primacy cause and contributing factor of EFB-based incidents or accidents, the researcher reviewed the narrative in the reports to cautiously establish the order of events. In some reports, contributing factors tended to exacerbate the occurrence. However, some reports clearly identified the main cause of the EFB-based accident or incident as depicted in Table 1. Most importantly, the classification and description of the EFB-based incident/accident remained as objective as possible to eliminate the bias innate in subjective analysis of findings. Even where there was adequate information to judge the cause of the accident, the researcher maintained authors’ judgments to maintain the validity and reliability of the collected data. In scenarios where author or accident reporters failed to directly state the cause of accident/incident the EFB issue was given a general classification as a way of acknowledging that the cause was not clearly covered. In fact, ambiguous cases were totally left out in order to have clean data about the cause of EFB-based incidents, cyber security vectors and impacts. Table 1 gives a summary of some of the EFB-based accidents/incidents and the corresponding causal factors.
Table 1 Investigative reports on EFB-based accidents/incidents and the corresponding causal factors
|Investigation report||Accident/incident||Causal factor|
|NTSB/AAR-07/06||Runway Overrun and Collision – Boeing 737-7H4, Southwest Airlines Flight 1248,||HFs – programming and design issues of EFB which did not present assumption for pilots to make informed decisions
SA’s failure to train its pilots regarding the company’s landing distance computations.
|2009 AAIB Bulletin||October 2008, A330 Montego Bay||HFs – Use of wrong take-off data|
|October 2004, B747 Halifax||HFs – Use of wrong take-off weight (TOW)|
|2009 AAIB Bulletin||December 2008 B767 Manchester||HFs – Zero fuel weight (ZFW) was wrongly keyed into the EFB’s take off program instead of TOW.|
|2010 AAIB||Dec 2009, A340 London||HFs – use of landing weight for take-off|
|2013 AAIB Bulletin||April 2012, B737 Chambery||Homan factors – EFB had retained take-off weight from the previous flight|
Besides the incidence outlined in Table 1, Thai Airways EFBs were in 2007 affected by a virus, which disabled the devices and later spread to of the EFBs (Riley & Cerchio, 2011). In 2008, the FAA server was compromised leading to disclosure of social security numbers of over 48,000 employees.
Research has demonstrated that airlines are increasingly deploying EFBs (Schonland, 2017). Besides their portability, EFBs are very useful for flight crew to use when not on formal operations. This off-the-aircraft use exposes EFBs, particularly Class 1 and Class 2 EFBs to numerous unsecured Wi-Fi signals found in airports and hotels. Hackers can tamper with such signals, which can also be potential sources of malware and viruses. It is also highly probable that EFB users can have their devices infected by unknowingly opening compromised emails (Schonland, 2017). Irrespective of how EFBs are compromised, it is evident that these devices are vulnerable because of their multifunctional nature. The other challenge relates the numerous entry points and various levels of attack due to the internetworked nature of EFB systems. For example, in a potential attack, a hacker might try to mislead air traffic controllers or pilots via jamming attacks or spoofing. These attacks might entails fake alarms, deletion or modification of data on EFBs, and insertion of wrong information into EFBs. Knowledgeable attackers can also disable communication and aircraft control systems from radio signals. This is one of the speculated causes of the mysterious disappearance of flight MH370 (Andreades, Kendrick, Poresky, & Peterson, 2017). As reported by Abeyratne (2016), malware infectiosn can result in loss of life because such attacks vectors can affect critical functions in an aircraft, including balance and landing. Within the scope of EFBs, there are numerous cyber threats, source and their impact is adverse as summarized in Table 2.
Table 2 Cyber security Threats, Sources and Impacts
|Threats||Sources/ Threat Agents||Impact|
|· Data loss
· Database breaches
· Vulnerable API
· Malicious software
· Lack of mutual authentication
· Unencrypted navigational signals
· Signal jamming
· Information modification
|· Proliferation of portable COTs
· Increased access to cyber intrusion technologies
· Sophistication of cyber intrusion tools
· Organized crimes and state-sponsored advanced persistent threats
· Human factors
|· Loss of confidentiality
· Loss of availability
· Loss of integrity
· Flight delays
· Disabled flight controls
· Flying through dangerous weather
· Loss of life and aircraft
· Reputational damage
Table 1 and 2 demonstrate the connection between human factors and cybersecurity threats. Beyond investigative reports, the researcher also explored safety assessment reports by Johnstone (2013), Chandra and Kendra (2012). All these potential, realized and theorized cyber security vulnerabilities, accidents, incidents and discussions demonstrate that the cyber security of EFBs is indeed a critical issue that should be addressed urgently. In others words, deliberate disruption of EFBs has almost equivalent impact as accidental disruptions induced by human factors. These observations lead this analysis into the next section of aviation regulatory framework and cyber security defense and measures.
Cyber Security Regulations and Standards Related to EFBs
The identification and discussion of the regulatory framework for EFBs within the realm of cyber security was also achieved both objectively and subjectively. The adoption of EFBs in commercial aviation implies that new security features and standards should be adopted to prevent cyber-attacks and mitigate consequences where there are breaches. Along the same lines, a new regulatory framework is needed to provide up-to-date guidance for cyber security to EFB operators or certificate holders. As of December 2017, the aviation industry largely operates under the disjointed framework of cyber security regulations outlined by regulatory agencies such as IATA, ICAO and the FAA (Abeyratne, 2016; Andreades, Kendrick, Poresky, & Peterson, 2017). Customer interest in EFB is technology remains strong and surveys shows that the number of EFB manufacturers and products continues to expand (Chase & Hiltunen, 2014; Joslin, 2013). As a consequence, the FAA and other regulatory entities are noting an increase in the number of application for certifications and approvals. Because of all these applications are waiting for approval, the FAA, the European Aviation Safety Agency (EASA) and other regulators continue to develop standards and guidance for the approval of EFBs (Tump, Karwal & Verbeek, 2015). National aviation authorities (NAAs) have also experiences a growth in demand for EFB approvals; hence, an increasing demand for expertise to accomplish standardization and approval. For instance, in the U.S, the 2003 FAA AC 120-76A – also referred to as the EFB AC – provided guidelines for the airworthiness, operational approval and certification of EFB computing devices. EFB AC was complex because it demanded the evaluation of EFBs from different perspectives, including operational evaluation and design evaluation. Operational evaluation standards are meant to ensure that EFBs can be used safely, for example, with appropriate training and procedures, as well as without undue distraction. Specifically, complex applications that require users’ interaction, such as electronic charts and flight performance computations must undergo a formal review that simpler applications such as electronic document viewers. On the other hand, the essence of design approval is to ensure that EFB hardware does not affect that critical functionality of the existing cockpit systems.
With the growing need for inspections, especially by FAA’s regional field office inspectors, it has become apparent that standards and regulations need clarity and supporting material. For instance, EFBs are classified and certified based on the FAA’s and other international standards. As of consequence, the FAA reviews its regulations pertaining to EFBs, leading to the adoption of AC 120-76D. Despite the growing attention to develop cyber security regulations and standards for EFBs, existing policies and regulations, fail to specifically address aircraft networks, data security requirements and communications (Skaves, 2013). The immediate impact is that non-standardized agreements between various stakeholders – regulatory agencies and applications – on EFB cyber security requirements emerge. However, until new specific regulations and standards of EFB security are published, FAA’s existing standards and regulations remain as the main points of reference.
Writing Quality Options
Mechanisms and Countermeasures for Cyber Threats Induced by EFBs
The findings showed that special attention from aviation authorities with regard to cybersecurity defense include training and standard operating procedures (SOP), human factor analysis, the verification of new updates by users, quality assurance and operator procedures. Central to the prevention, detection mechanisms and countermeasures for cyber threats associated with the use of EFB is commercial aviation is the issue of human factors. From a technological perspective, it is undeniable that cyber security should be a core organizational component to reduce HFs internally. Externally, The FAA provides guidelines for security considerations through the Advisory Circular (AC) 120-76C, Guidelines for the Certification, Airworthiness, and Operational Approval of Electronic Flight Bag (EFB) Computing Devices (FAA, 2014). AC 120-76C targets all flight operations outlined within Tile 14 of the Code of Federal Regulations (14 CFR) part 121, 125, 135, or 91 considering replacing paper-based information with EFBs in the flight deck. AC 120-76C cancels AC 120-76B and is related to parts, 21, 23, 25, 27, 29, 43, 91F, 91K, 121, 125 and 135 of 14 CFR Parts. Consistent with AC 20-173, the FAA approves EFB software in line with RTCA/DO-178, which ensures compliance with equipment certification and software standards in airborne systems.
In agreement with Stander and Ophoff (2016), EFB manufacturers and regulatory bodies have taken several steps to prevent known threats. Taking into account the existing regulations and standards, it is possible to diffuse some fundamental concepts, mandates and recommendations as to how stakeholders in the commercial aviation sector can address cyber security in EFBs. First, EFB security relies on determinism and redundancy with the involvement of human factors. According to the 2016 EFB report by Shonland (2017), airlines are increasingly embracing cyber security. One of the measures they have taken is to keep EFBs safe involves regular software updates. From the report, 15% of the respondents in 2016 noted that they updated their device software daily. This is significant development when compare to 11% in 2013 (Schonland, 2017). Furthermore, 17% of participants in 2016 also noted that they updated their software on monthly basis. From the same research results, the 17% was an improvement when compared to 2015 whereby 3% of the participants updated their software monthly.
The concepts of cyber security prevention, detection and mitigation are applied on EFB systems, with fail-safe modes, back-ups and redundancy, where EFB users can revert to manual/paper-based control in the event of anomalies. On the software and hardware side, inbuilt firewalls are used as the first line of defense to protect EFB controls from other systems. Since EFBs are IP-enabled, firewalls are vulnerable to circumvention. Industry stakeholders are also calling for standardization to improve the compatibility of EFB control and monitoring. To fortify EFBs further, operators secure cross-domain communications at different layers using sufficient logical, physical and organizational barriers. Organizational security barriers include switches, routers, monitors and devices usage policies (Andreades, Kendrick, Poresky, & Peterson, 2017). Other inbuilt security mechanisms such as redundant storage, filtering and tamper proof logging ensure that EFBs are secured from other domains, such as IFE, which can be exploited to access the flight control domain as demonstrated by Chris Roberts. Furthermore, EFBs also used redundant network topology, which secures information flow between interconnected domains (Gaska, Watkin, & Chen, 2015). Network redundancy implies that attackers must affect various systems to have a significant impact on the safety margin of EFBs. According to Gaska, Watkin and Chen (2015), this type of attack vector is addressed from two perspectives – with human factor security and legacy capability security. The adoption of legacy and backup connections for the safety of EFB information can enable operators to crosscheck and verify data. Such backups are also essential in mitigating attacks. For example, ADS-B can be backed up by traffic collision avoidance system (TCAS). In that regard, the TCAS radar augments concerns of GPS signal degradation, even though being less accurate.
In response to human factors of EFB cyber security, EFB users are continuously trained on handling device problems. As of consequence, EFB users can disengage and troubleshoot malfunctioning devices. Furthermore, there is human redundancy whereby users can identify bogus messages, through approval and verification of major changes in EFB data. Most importantly, EFB users adopt a role-based access authentication with security permission grounded on the user’s function and position in the cockpit. These cyber security mechanisms needs to be tested against identified and emerging threats, as well verified using advanced analysis tools and empirical reasoning to eliminate to minimize vulnerabilities. Built-in safety application, multiple verification mechanisms and real time security monitors that could detect and isolate failure or malfunctions of hosted application from deliberate or accidental degradation are proposed. Moreover, it is important to take into account other aviation technologies and communication components not within EFB domains, but connected to EFB systems in order to have system-wide approach to cyber security for EFBs.
EFBs have provided cockpit crew with the ability to increase their payload and situational awareness, as well as improve their performance, but remain as vulnerable vectors in commercial aviation. This project explored cyber security challenges facing commercial aviation in the context of EFB adoption. As postulated in the introductory parts of this project, it is important to ensure that EFBs are fitted with secure software to minimize risks of hackers taking control of aircraft functions, as well as to prevent any malware collecting confidential data or disrupting critical aircraft functions such as navigation and control, landing and braking, and information systems. The study also shed light on various subject of interest to EFB software and hardware manufacturers, FAA, NTSB, DHS, DoT and General Aviation. EFBs are classified as Class 1(portable); Class 2 (cockpit-mounted); and Class 3 (built into the cockpit). From the review, it is undeniable that EFBs are versatile and powerful display devices. These devices can display various types of aviation data, including documents, manuals, TCAS, emails, terrain-avoidance and real-time weather. However, as pilots and other flight crew transitions to these devices, there are a number of challenges to consider, including cyber security, impact on tasks performance EFB database accuracy, screen readability and inadequate training or experience about EFB usage.
From the review above, caution must be taken because there is a tremendous variability in EFB-hardware, software and the ways the inbuilt apps are integrated. For instance, EFBs differ in terms of location on the flight deck, physical size and the number of operators. Evidently, EFBs are vulnerable intrusion points in the aviation industry. While EFB designer, manufacturers, installers and regulators take defensive measures to protect the devices and the interconnected assets, there is still a need to identify new threats and address them based on empirical data and practical scenarios. Since EFB designers and regulator have been addressing some of the innate risks over a long period, the probability of cyber-attacks against EFB systems is relatively low, but must be given attention. A number of factors, including the proliferation of EFBs devices and growing interconnectivity between aviation domains will increase cyber security vulnerabilities in the future and elevate the related risks. Therefore, it is important that knowledge regarding vulnerabilities and real-time information be shared among relevant stakeholders.
Grounded on the study findings, recommendations can be proposed to the FAA and commercial airlines, as well as EFB manufacturers. The challenges reviewed above can be prevented by adhering to the following well-established EFB design recommendations described in prior works on similar mobile-platforms.
Threat and Vulnerability Identification
For EFB hardware and software that have not yet been designed, the identification of threats and vulnerabilities should focus on the airline’s security policies, system requirements and planned cyber security procedures. For EFB systems being implemented, vulnerability identification should cover planned security features outlined in the security design documentations, as well as the results of EFB evaluations and certification (Skaves, 2013). Lastly, for operational EFBs, vulnerability identification should encompass an analysis of the EFB system security features as well as the security controls used to protect EFBs, both procedural and technical.
EFB databases must be maintained and updated frequently to aid prevention and detection of intrusions or unauthorized modifications. In addition, if any revision is done to the EFB manuals and databases, the corresponding maintenance must also be notified to ensure that they comply with FAA regulations (ASRS Callback, 2010). Furthermore, flight crew should always carry out updates during preflight set-up checks to ensure that all manuals and security signatures are up-to-date. As an implementation of AC 120-76D (FAA, 2017), operators or certificate holders must establish effective methods for revising their EFB databases. Along the same lines, they should also develop a system for verifying each update as measure for detecting malicious database injections.
Firmware Updates and Penetration Testing
Safety-critical software on EFBs must meet stringent certification and continuously undergo tests and information systems security audits before deployment. Operators also require continuous penetration tests to evaluate the security of EFB systems or network through simulations of attacks by hackers.
Continuous Safety Training
ASRS has documented that some pilots report difficulties using EFBs in scenarios whereby EFBs are the best alternative to manual charts and inbuilt displays. Additionally, pilots also reported difficulties in using EFBs when they have not received training. Therefore, it is best practice to ensure that pilots continuously undergo training on the use and safety of EFBs to limit the risk of insider threats. Continuous training can also aid the flight crew detect misleading or malicious information presented to them during flight. In the same line, regulator such as EASA and the FAA should make EFB users aware of that errors in users data entry into EFB applications are common human factors in EFB-related accidents. When exploited by hackers, EFB data entry application can result in erroneous flight parameters. All potential user of EFBs must be also be trained with simulators with scenarios reflecting real world attacks. Training should give flight crew abilities to not only prevent, but also detect cyber-attacks. Lastly, training should also present knowledge of resilience, with a focus on procedures that should be followed to recover from any attack.
Continuous Development of Standardized EFB Evaluation Procedures
Continuity in the developed of standardization procedure would support the achievement and sustainability of desirable levels of safety by EFB designers and manufacturers. At the same time, industry stakeholders should work closely on discovery and migration of threats to EFBs. Experiments should be funded and executed in real world environment to establish the impact of cyber-attacks against EFBs. As a consequence, collective measure would be taken to fight the attacks instead of waiting for accidents or incident to be reported for new procedures and regulations to be issued as it has been the case in the past decade.