Aviation Industry Seeks to Strengthen Cybersecurity Defenses

LE BOURGET, France-- Escalating concerns about cyberthreats are prompting the aviation industry to devise an unlikely new safeguard: real-time warnings to pilots about potential hacking attempts.

Work to develop such systems, which have prompted disagreements between some in the industry, are part of separate efforts by France's Thales SA, Raytheon Co. and other companies to expand cyber protections for aircraft. Airbus SE and Boeing Co. support the pilot-alerting goal, reflecting a desire to try new things as global threats intensify and evolve.

But interviews at the Paris Air Show showed there isn't an industrywide consensus on the concept, a version of which is under development and could start to be tested on some commercial aircraft by late 2018. Large suppliers such as Honeywell International Inc. and Rockwell Collins Inc.--which provide cockpit equipment for many airliners--are skeptical about the need for such proposed capabilities.

The debate isn't likely to affect cybersecurity systems on today's airliners or even those built in the next few years, though it could impact how the digital cores of future models will be protected.

Proponents of alerting see advanced systems on aircraft as being able to identify attempted or successful cyberintrusions, with the data feeding into artificial intelligence features powerful and adaptable enough to automatically respond to the hazard.

"The conventional ways by which we've protected ourselves in cyber may need to change" as threats evolve, said Greg Hyslop, Boeing's chief technology officer.

Allan McArtor, chairman of the Airbus unit that operates in the U.S., Canada and Latin America, also sees a need for greater industry sophistication in battling potential cyberthreats. "We haven't been able to make a very convincing argument" to the public about why aircraft are safe from outside intrusion, he said. What is missing, he added, is "a convincing cyberthreat architecture that allows us to be aware of attacks" when they take place, including warnings going directly to the cockpit.

The push for new approaches generally tracks recommendations from an earlier U.S. government-backed study group. The group of experts also concluded that airline vulnerabilities extend to maintenance operations that can allow outsiders to gain unauthorized access to aircraft systems.

In September, the Federal Aviation Administration's top technical advisory group adopted language seeking to ensure that cybersecurity protections would be incorporated into all future industry standards--affecting everything from aircraft design to flight operations to maintenance practices.

Thales decided years ago that it wasn't sufficient to merely devise elaborate protections. "We must have some real-time capabilities to detect and respond" if an intrusion is under way, said Thomas Hutin, one of the company's top cybersecurity officials. He wouldn't reveal which airline signed up to participate in the testing phase, but the goal is to send a real-time alert and have crew members react based on "a very detailed set of procedures" that they were trained to use.

Carl Esposito, president of Honeywell's Electronics Solutions Business unit, sees no need for such drills, pointing to the extraordinary rigor and care avionics suppliers use in writing code. Existing safety systems are effectively impenetrable from the outside, he said, because of "encryption, security keys and end-to-end verification" of users already embedded in the software. Flight-control applications are separated from cabin-entertainment data with a physical gap between their respective power grids. In the event a warning comes to the cockpit, he maintained, aviators aren't cybersecurity experts so "what could the pilots do about it anyway?"

These different assessments of the industry's cyber vulnerabilities--and what leaders should do combat future attacks--partly reflects the uncertain nature of threats. Industry officials agree there hasn't been a single verified instance of safety systems being breached on a large commercial jetliner. But at the same time, experts' warnings are getting louder about the dangers of hackers finding a vulnerability in aviation protections.

Raytheon, which over the past decade has bulked up its cybersecurity business to more than $1 billion a year in revenue, hopes to start designing what could be a cyber warning system intended for cockpits in both commercial jets and military aircraft. The challenge is "how do you remediate existing systems and build in that resiliency going forward," according to David Wajsgras, president of the company's intelligence, information and services unit.

Raytheon, a major global provider of air-traffic control hardware and applications, is starting with the more modest goal of establishing a detection system intended to identify false or spoofed sensor readings from engines, flight computers or other operating elements. But ultimately, it envisions sending some type of automated message to warn pilots if their aircraft is believed to be under cyberattack, an option that doesn't exist for any airliner at present.

Warning systems could also be used for other purposes. Under some scenarios, air carriers want the option of quickly being able to turn off all in-flight entertainment data to a specific seat, row or even the entire cabin.

Write to Andy Pasztor at andy.pasztor@wsj.com

(END) Dow Jones Newswires

June 22, 2017 00:22 ET (04:22 GMT)