Securing the Skies: FAA Propose Cyber Rules for New Planes

The aviation industry has been experiencing an escalation of cyber attacks as of late
The US FAA has outlined rules for standardising cybersecurity rules for new planes that require connected and digital components as part of their function

The Federal Aviation Administration (FAA) is set to propose new cybersecurity mandates focused on the manufacturing of aircraft and associated equipment in a bid to secure the security of planes during their construction. 

This upcoming regulation, which will include everything from engines and propellers, aims to enhance the “airworthiness” of newly constructed planes by integrating cybersecurity into the process. 

This initiative falls in line with the Biden administration's aggressive approach to applying cybersecurity standards across the country’s critical sectors.

Securing the cybersecurity of the skies

The proposal seeks to address the growing connectivity of modern aircraft, which, while improving efficiency and operational capabilities, also introduces new vulnerabilities. 

Modern aircraft, such as the Airbus A350XWB and Boeing B737MAX, are equipped with advanced systems and sensors. 

These facilitate seamless communication with ground operations, air traffic control, and other aircraft which enable seamless contact with ground operations, air traffic control, and even other aircraft whether in air or parked on ground.

This, however, presents vulnerabilities that could potentially be exploited via various digital components within the aircraft.

Youtube Placeholder

Specifically, the new rules take aim at the “equipment, systems, and networks of transport category aeroplanes, engines, and propellers” that require connected, digital components as part of their function, which can be hacked.

The FAA said the rules are in line with current cyber standards, and emphasise that standardising protocols is essential for reducing both certification costs and approval timeframes.

Any new designs should take into account and mitigate cyber threats, the agency said. 

This comes amid a growing number of Cybersecurity threats levelled at the aviation industry. 

Cyber attacks on aircraft

The aviation industry has been experiencing an escalation of cyber attacks as of late. One such common attack has been targeting this connected equipment, through what is known as GPS spoofing attacks.

This is a type of cyberattack where false GPS signals are sent to mislead aircraft navigation systems. A report from cybersecurity firm OPS Group reveals that such attacks have surged by 200 per day from January to March to 900 daily since April.

Although no major safety incidents have yet been attributed to these attacks, In one instance in 2024, Finnair was forced to suspend flights to Tartu, Estonia, due to a suspected GPS spoofing attack. 

The cockpit of an Airbus A320 professional full motion simulator

Although GPS systems in aviation do have some cybersecurity protection, these standardisation efforts by the FAA are intended to harmonise the levels of protection to keep them safe from what the agency recognises are methods of attack.

By creating a unified set of standards, the FAA aims to streamline the certification process for new or modified equipment, ensuring that cybersecurity considerations are consistently applied across the aviation industry.

While the FAA's proposed cybersecurity mandates represent a significant step forward in safeguarding future aircraft, the evolving landscape of cyber threats - exemplified by the rise in GPS spoofing - demands continuous vigilance and adaptation.

With the regulations focusing primarily on newly built aircraft and not on existing fleets, the aviation industry, along with regulatory bodies, must also contend with the immediate and ongoing threat posed by cyber vulnerabilities in the sky.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware