Connected Aircraft: Cyber-Safety Risks, Insider Threat, and Management Approaches

The past several years has witnessed significant growth in Internet Protocol (IP)-based wireless connections between airborne aircraft, satellites, and terrestrial information systems, a phenomenon some have termed The Connected Aircraft (Bellamy, 2014). Far eclipsing passenger high-speed Internet service, this movement is integrating thousands of embedded automated sensors connected to safety-critical systems, such as engines, flight controls, cockpit displays, and life support systems into the on-line infrastructure. Airborne sensors continuously send data packets to worldwide airframe, engine, and avionics manufacturers, airline control centers, and third-party suppliers (Orjih, 2006). The tremendous growth in the Internet of Things (IoT), small, lowpower, programmable, Internet-connected, smart devices, has accelerated the Connected Aircraft transformation (Lueth, 2014). In short, winged local area networks are expanding the Internet to 30,000 feet. However, connecting aircraft to the Internet is also exposing safety-critical airborne systems to serious cyber-physical safety risks, to which the traveling public is largely oblivious. This ignorance is likely to remain until, heaven forbid, a crash or other incident is directly linked to a successful cyberattack. This research paper will attempt to narrow this knowledge gap by shedding light on the growing cyber-physical safety risks of The Connected Aircraft. Next, it will discuss insider threat in the airline industry. It will also suggest risk management approaches, some already underway, to help reduce these emerging cyber-safety risks so that the promising operational, economic, and business benefits of movement can be realized without exposing the traveling public to undue safety risk.