Blog: Aviation Cyber Security
Updating Airplanes
If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System (FMS) and related navigation databases (navaids, airspace etc) have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy.
It’s more common to use a dedicated data loader, but the update still has to be downloaded from the vendor to the engineers laptop, loaded to the loader, then taken to the aircraft and manually uploaded. This is used to update the nav DBs, avionics software and more.
IIRC the nav data is loaded to each of the two FMS separately, then compared to each other to ensure it loaded correctly. However, on older avionics / busses, there is no provision for update signing, other than a simple integrity check.
When updates used to arrive on disc by post, the ‘signing’ check was whether the sender address on the package was correct. Seriously!
Most dataloaders use the ARINC 615 protocol, which is layered over ARINC 429. This is plain text & unauthenticated, again with only integrity checking. Some devices on a 429 network even switch the endianness around
With electronic software distribution, the opportunity for postal interception or source impersonation is a bit lower, though potential for compromise of FTP (yes!) servers was a real concern
As with OT updates, engineer laptops are a minefield. You don’t got local admin? You’re going to struggle with our custom update software, LAME.
Fortunately, later aircraft, particularly those running AFDX/ARINC 664. such as the B787/A350 have support for PKI. AFDX brings support for loadable software air parts (LSAPs). This brings much greater confidence in the security and integrity of updates. But…
Maintaining PKI on aircraft is challenging, particularly as certificates have to be stored on the plane. If a cert expired or has issues, which is easily overlooked during a busy maintenance check, there has to be a bypass method, otherwise the plane doesn’t fly
However, software updating for recent airplanes is in a much better place than it used to be. The challenge is keeping older planes updated safely & securely whilst the asset is sweated and eventually retired after 12 or so years.
The future is initially OTA updates (whilst on the ground!) and eventually in-the-air updating although that is a long way off.
… Remember that when you’re waiting for the next Windows feature update to install.