The alert says, "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft."
CISA recommends aircraft owners restrict access to planes to the best of their abilities. Manufacturers of aircraft should review implementation of CAN bus networks to compensate for the physical attack vector. The automotive industry has made advancements in implementing safeguards that hinder similar physical attacks to CAN bus systems. Safeguards such as CAN bus-specific filtering, whitelisting, and segregation should also be evaluated by aircraft manufacturers.
In response, Ed Bolen,President and CEO of the National Business Aviation Association, told Security magazine: "The reason such a relatively complex scenario hasn’t unfolded – the reason TSA audits have never found general aviation airplanes to be a security concern – is that the industry has always made security a top priority, with a host of measures that harden aircraft from threats. An Airport Watch program includes a toll-free reporting number directly to the TSA. Pilots carry tamper-resistant, government issued ID, and passengers on many general aviation flights undergo strict background checks. The government cross-checks records for airmen, and monitors aircraft sales to find suspicious activity."
I want to hear from you. Tell me how we can improve.
This month in Security magazine: meet the global security team at Boston Scientific - five female professionals with diverse background and skills who are creating a best-in-class enterprise security team while ensuring the safety and security of employees, customers and patients. Also this month, we highlight Kristin Lenardson and her successful career in protective services. Security experts discuss whistleblowing, the CCPA and more.