Warning For Pilots To Counter Airborne Hacking

As the military helicopter lifts off the ground and heads skyward, the numbers on the altimeter suddenly stop ticking upward. The rumble of the helicopter’s engines fades and the chopper starts losing altitude. A second later, a dire warning flashes in red on a cockpit screen: “Cyber Anomaly.”

The helicopter is under attack, but not from missiles or guns. Seconds later, it smashes into the ground. But this pilot is not in a real helicopter, just a small simulator set up in a conference room of a high-rise office building in Virginia.

The pilot is in fact part of a Raytheon team that is building a new warning system it calls CADS (Cyber Anomaly Detection System) that tells pilots when their planes are being hacked, something the US military expects to happen in the battles of the future.

Speaking to DefenseOne, a  Raytheon spokesman said,  “Basically, we’re trying to give the pilot the information about what’s happening internally on his aircraft in real time.... we’re telling him what’s going on and allowing him to make decisions about what he needs to do to correct the problems.”

Inside most aircraft, important electronics are plugged into a serial data bus. The bus used in many U.S. military planes was developed in the 1970s and “still have not been updated for security,” according to Raytheon.

“You GPS talks on it, your fuel valve switches are on it, your autopilot is on it and other avionics systems all communicate over this bus,” Fry said. “What we found is as technology has increased and more and more [commercial] products are put in aircraft, there’s more of an attack surface for cyber threats to go onto the platform.”

Raytheon began developing this Cyber Anomaly Detection System three years ago after receiving “customer feedback” about “vulnerabilities in aviation platforms,” Raytheon is funding the project itself won’t say if the systems is deployed on U.S. military aircraft.

Pentagon officials have increasingly been talking about weapon cyber vulnerabilities and the need for companies “harden” their products. Hackers can get into military and commercial aircraft, vehicles, and even missiles and bombs by infecting them with malware, by plugging an infected cell phone into one of the aircraft’s USB ports, or even wirelessly. 

In the simulation the the helicopterwas injected with malicious code wirelessly from a tablet. The code caused the helicopter’s engines to shut down. While the pilot was able to disable the helicopter’s wireless receiver before hitting the ground, he was not able to stop its fall.

Raytheon says the technology could be used to detect cyber intrusions on drones, vehicles or even missiles and although its product can currently only detect attacks, new versions may be able to fight them off and repair the damage.

“In the future we’re looking more in that direction, but right now we’re starting with a passive system, so we won’t interfere with the bus......We’re just going to leave the human in the loop and leave the pilot in control and make him aware of his surroundings so that he can take the actions.” Raytheon's spokesman said.

Raytheon:           DefenseOne:       

You Might Also Read:

Aircraft Can Be Successfully Hacked In-Flight:

 

« Using Blockchain Against Counterfeit & Forgery
Serious Cyber Attacks In Singapore Reflect Poor Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.