Securing the Skies: FAA Propose Cyber Rules for New Planes

Share
The aviation industry has been experiencing an escalation of cyber attacks as of late
The US FAA has outlined rules for standardising cybersecurity rules for new planes that require connected and digital components as part of their function

The Federal Aviation Administration (FAA) is set to propose new cybersecurity mandates focused on the manufacturing of aircraft and associated equipment in a bid to secure the security of planes during their construction. 

This upcoming regulation, which will include everything from engines and propellers, aims to enhance the “airworthiness” of newly constructed planes by integrating cybersecurity into the process. 

This initiative falls in line with the Biden administration's aggressive approach to applying cybersecurity standards across the country’s critical sectors.

Securing the cybersecurity of the skies

The proposal seeks to address the growing connectivity of modern aircraft, which, while improving efficiency and operational capabilities, also introduces new vulnerabilities. 

Modern aircraft, such as the Airbus A350XWB and Boeing B737MAX, are equipped with advanced systems and sensors. 

These facilitate seamless communication with ground operations, air traffic control, and other aircraft which enable seamless contact with ground operations, air traffic control, and even other aircraft whether in air or parked on ground.

This, however, presents vulnerabilities that could potentially be exploited via various digital components within the aircraft.

Youtube Placeholder

Specifically, the new rules take aim at the “equipment, systems, and networks of transport category aeroplanes, engines, and propellers” that require connected, digital components as part of their function, which can be hacked.

The FAA said the rules are in line with current cyber standards, and emphasise that standardising protocols is essential for reducing both certification costs and approval timeframes.

Any new designs should take into account and mitigate cyber threats, the agency said. 

This comes amid a growing number of Cybersecurity threats levelled at the aviation industry. 

Cyber attacks on aircraft

The aviation industry has been experiencing an escalation of cyber attacks as of late. One such common attack has been targeting this connected equipment, through what is known as GPS spoofing attacks.

This is a type of cyberattack where false GPS signals are sent to mislead aircraft navigation systems. A report from cybersecurity firm OPS Group reveals that such attacks have surged by 200 per day from January to March to 900 daily since April.

Although no major safety incidents have yet been attributed to these attacks, In one instance in 2024, Finnair was forced to suspend flights to Tartu, Estonia, due to a suspected GPS spoofing attack. 

The cockpit of an Airbus A320 professional full motion simulator

Although GPS systems in aviation do have some cybersecurity protection, these standardisation efforts by the FAA are intended to harmonise the levels of protection to keep them safe from what the agency recognises are methods of attack.

By creating a unified set of standards, the FAA aims to streamline the certification process for new or modified equipment, ensuring that cybersecurity considerations are consistently applied across the aviation industry.

While the FAA's proposed cybersecurity mandates represent a significant step forward in safeguarding future aircraft, the evolving landscape of cyber threats - exemplified by the rise in GPS spoofing - demands continuous vigilance and adaptation.

With the regulations focusing primarily on newly built aircraft and not on existing fleets, the aviation industry, along with regulatory bodies, must also contend with the immediate and ongoing threat posed by cyber vulnerabilities in the sky.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

As real-time monitoring becomes crucial in motorsport, F1 team VCARB partners with Dynatrace to implement AI analytics and security systems

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI

Darktrace to Acquire Cado Security in Cloud Defence Push

Cloud Security

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security