Warning For Pilots To Counter Airborne Hacking

As the military helicopter lifts off the ground and heads skyward, the numbers on the altimeter suddenly stop ticking upward. The rumble of the helicopter’s engines fades and the chopper starts losing altitude. A second later, a dire warning flashes in red on a cockpit screen: “Cyber Anomaly.”

The helicopter is under attack, but not from missiles or guns. Seconds later, it smashes into the ground. But this pilot is not in a real helicopter, just a small simulator set up in a conference room of a high-rise office building in Virginia.

The pilot is in fact part of a Raytheon team that is building a new warning system it calls CADS (Cyber Anomaly Detection System) that tells pilots when their planes are being hacked, something the US military expects to happen in the battles of the future.

Speaking to DefenseOne, a  Raytheon spokesman said,  “Basically, we’re trying to give the pilot the information about what’s happening internally on his aircraft in real time.... we’re telling him what’s going on and allowing him to make decisions about what he needs to do to correct the problems.”

Inside most aircraft, important electronics are plugged into a serial data bus. The bus used in many U.S. military planes was developed in the 1970s and “still have not been updated for security,” according to Raytheon.

“You GPS talks on it, your fuel valve switches are on it, your autopilot is on it and other avionics systems all communicate over this bus,” Fry said. “What we found is as technology has increased and more and more [commercial] products are put in aircraft, there’s more of an attack surface for cyber threats to go onto the platform.”

Raytheon began developing this Cyber Anomaly Detection System three years ago after receiving “customer feedback” about “vulnerabilities in aviation platforms,” Raytheon is funding the project itself won’t say if the systems is deployed on U.S. military aircraft.

Pentagon officials have increasingly been talking about weapon cyber vulnerabilities and the need for companies “harden” their products. Hackers can get into military and commercial aircraft, vehicles, and even missiles and bombs by infecting them with malware, by plugging an infected cell phone into one of the aircraft’s USB ports, or even wirelessly. 

In the simulation the the helicopterwas injected with malicious code wirelessly from a tablet. The code caused the helicopter’s engines to shut down. While the pilot was able to disable the helicopter’s wireless receiver before hitting the ground, he was not able to stop its fall.

Raytheon says the technology could be used to detect cyber intrusions on drones, vehicles or even missiles and although its product can currently only detect attacks, new versions may be able to fight them off and repair the damage.

“In the future we’re looking more in that direction, but right now we’re starting with a passive system, so we won’t interfere with the bus......We’re just going to leave the human in the loop and leave the pilot in control and make him aware of his surroundings so that he can take the actions.” Raytheon's spokesman said.

Raytheon:           DefenseOne:       

You Might Also Read:

Aircraft Can Be Successfully Hacked In-Flight:

 

« Using Blockchain Against Counterfeit & Forgery
Serious Cyber Attacks In Singapore Reflect Poor Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Ripjar

Ripjar

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.