Cybersecurity

Next gen aircraft ID system vulnerable, watchdog finds

Shutterstock image. Air Traffic Control. Image credit: hxdbzxy / Shutterstock.com 

Urgent cybersecurity concerns remain unresolved related to new technology that will pinpoint locations for all aircraft flying in U.S. domestic airspace by 2020, according to the Government Accountability Office.

In particular, hostile nations, as well as unauthorized individuals and groups, could use the detailed, real-time data broadcast from in-flight military aircraft for a variety of mischief or worse , according to a new report from GAO on the system.

The public version of the report released by GAO didn't go into detail about those specifics, but since the technology -- known as Automatic Dependent Surveillance-Broadcast (ADS-B) Out -- uses an aircraft's avionics equipment to broadcast the aircraft's position, altitude and velocity to ground, air or space-based receivers, the potential for pirating those signals remains an unsolved problem, said the report.

As part of the Federal Aviation Administration's NextGen air transportation system modernization program, the ADS-B Out system is meant to make it easier for third parties to access that data for use in tracking and identifying aircraft without having to maintain their own private databases.

Through ADS-B, the FAA is looking to modernize ground-based radar systems with a satellite-based system for automated aircraft position reporting, navigation and digital communications. ADS-B provides more precise locations of aircraft in the air and on the ground at airports, has a greater coverage area than traditional radar, helps reduce risk of collisions and provides pilots with real-time warnings and better location coverage in bad weather.

The FAA has mandated that all aircraft using U.S. domestic airspace must be equipped with ADS-B by Jan. 1, 2020.

Since the technology's promise is in having it in all aircraft using domestic airspace, military aircraft have to be equipped also, which has for years concerned the Department of Defense and other agencies about the capabilities.

With current technology, according to GAO, the public can track individual aircraft by receiving aircraft's ICAO address (which can include different codes such as aircraft type, as well as an aircraft's 24-bit electronic identification code), transponder or "Squawk" code as well as altitude though networked receivers that can use the data to calculate and identify the latitude and longitude of an aircraft's position. With some legwork, interested parties such as foreign intelligence entities, terrorists and criminals can already identify and track aircraft using existing technology, according to the study.

ADS-B, however, would make that flight data, and more, almost instantly available on military aircraft, and some of that data for some of those aircraft is classified.

Along with concerns with the FAA's plan to decommission legacy radar systems as it shifts to ADS-B, the military is also concerned that the broadcast information of military flights is vulnerable to cyber intrusion and manipulation by nation states, individuals and groups.

"In addition, a number of assessments conducted by DOD, FAA, and others have identified security concerns inherent in ADS-B Out technology that could leave aircraft, tactical air traffic control systems, and FAA radars vulnerable to electronic warfare- and cyber-attacks by individuals, groups, or nation-state actors … and other types of interference," said the study.

So far, the study said, the FAA and DOD have been concentrating on getting the equipment installed and have yet to address security concerns it poses for military aircraft. DOD has suggested masking military identifiers, allowing military pilots to turn off ADS-B and other solutions. So far, DOD and the FAA haven't approved any mitigation, according to the report.

The FAA and Defense Department's Lead Service Office have been working on a memorandum of understanding on how to address the security concerns, but they haven't yet produced it.

The two offices had said last April they intended to issue a finalized memo by last June. However, in May, GAO said DOD officials said their completion date for the document had slipped to February 2018.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.