Securing the Skies: FAA Propose Cyber Rules for New Planes
The Federal Aviation Administration (FAA) is set to propose new cybersecurity mandates focused on the manufacturing of aircraft and associated equipment in a bid to secure the security of planes during their construction.
This upcoming regulation, which will include everything from engines and propellers, aims to enhance the “airworthiness” of newly constructed planes by integrating cybersecurity into the process.
This initiative falls in line with the Biden administration's aggressive approach to applying cybersecurity standards across the country’s critical sectors.
Securing the cybersecurity of the skies
The proposal seeks to address the growing connectivity of modern aircraft, which, while improving efficiency and operational capabilities, also introduces new vulnerabilities.
Modern aircraft, such as the Airbus A350XWB and Boeing B737MAX, are equipped with advanced systems and sensors.
These facilitate seamless communication with ground operations, air traffic control, and other aircraft which enable seamless contact with ground operations, air traffic control, and even other aircraft whether in air or parked on ground.
This, however, presents vulnerabilities that could potentially be exploited via various digital components within the aircraft.
Specifically, the new rules take aim at the “equipment, systems, and networks of transport category aeroplanes, engines, and propellers” that require connected, digital components as part of their function, which can be hacked.
The FAA said the rules are in line with current cyber standards, and emphasise that standardising protocols is essential for reducing both certification costs and approval timeframes.
Any new designs should take into account and mitigate cyber threats, the agency said.
This comes amid a growing number of Cybersecurity threats levelled at the aviation industry.
Cyber attacks on aircraft
The aviation industry has been experiencing an escalation of cyber attacks as of late. One such common attack has been targeting this connected equipment, through what is known as GPS spoofing attacks.
This is a type of cyberattack where false GPS signals are sent to mislead aircraft navigation systems. A report from cybersecurity firm OPS Group reveals that such attacks have surged by 200 per day from January to March to 900 daily since April.
Although no major safety incidents have yet been attributed to these attacks, In one instance in 2024, Finnair was forced to suspend flights to Tartu, Estonia, due to a suspected GPS spoofing attack.
Although GPS systems in aviation do have some cybersecurity protection, these standardisation efforts by the FAA are intended to harmonise the levels of protection to keep them safe from what the agency recognises are methods of attack.
By creating a unified set of standards, the FAA aims to streamline the certification process for new or modified equipment, ensuring that cybersecurity considerations are consistently applied across the aviation industry.
While the FAA's proposed cybersecurity mandates represent a significant step forward in safeguarding future aircraft, the evolving landscape of cyber threats - exemplified by the rise in GPS spoofing - demands continuous vigilance and adaptation.
With the regulations focusing primarily on newly built aircraft and not on existing fleets, the aviation industry, along with regulatory bodies, must also contend with the immediate and ongoing threat posed by cyber vulnerabilities in the sky.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand