New Airline Navigation System Easy Target for Terrorists

When it comes to cyber-security, the most common cause of failure is “security as an afterthought.”  When the security failure affects personal computers and corporate networks, the cost ranges from minor annoyance to major financial disaster.  When the failure affects critical infrastructure such as power grids or air travel, the costs can involve human lives.  Unfortunately, the new aircraft surveillance system called Automatic Dependent Surveillance-Broadcast (ADS-B) being deployed in the United States and Europe will treat cyber-security as an afterthought.

ADS-B is an aircraft surveillance system that relies on aircraft reporting their own GPS positions to a series of ground based receivers operated by the ITT Corporation which relay aircraft position data to the FAA air traffic control towers and to other aircraft.  Technically speaking, ADS-B is not a replacement for the existing radar infrastructure, but the FAA intends to cut its radar infrastructure in half once ADS-B is deployed.  That’s not comforting.  US Air Force analysts pointed out that ADS-B is easily vulnerable to a denial of service attack.  As a purely complementary technology, this wouldn’t be of much concern.  But with the existing FAA radar infrastructure being halved, ADS-B is effectively a partial replacement technology.

More alarming is the fact that the ADS-B specification makes zero effort to encrypt communications, and the design goal calls for open peer to peer communications.  This open communications design of the ADS-B specification facilitates a high precision collision avoidance system that allows control towers to schedule tighter landings at airports to save fuel and time.  It also allows ADS-B enabled aircraft to avoid midair collisions with other ADS-B enabled aircraft, as they will know one another’s positions.  Unfortunately, this also creates a very precise homing system that allows terrorists to use ADS-B as a “collision assurance system.”

SP’s AirBuz magazine posed this question of terrorism to John Kefaliotis, VP at ITT Corporation.  Kefaliotis responded:

“The US Government agencies have examined this threat. I cannot speak about the formal results of this examination other than to say that the examination has not resulted in programme alteration.”

That response doesn’t instill much confidence among security professionals.  As far back as 1999, the question of terrorists using ADS-B location data to steer a small aircraft in front of a jetliner was considered and ignored.  That frightful task would be substantially easier today with dirt cheap high precision GPS receivers that typically report 3 meter accuracy coordinates.  Armed with a modified high performance model airplane and an iPod Touch serving as a navigation computer, the risk cannot be understated.  The capability is not beyond the means of a hobbyist, never mind an enemy nation, and Jetliners are high value targets that require relatively small payloads to take them down.  One of the few things keeping jetliners safe was difficulty in target acquisition, but that will changed with ADS-B, as aircraft begin willingly broadcasting their precise locations within a few meters of accuracy.

There is no question that ADS-B offers some solid advantages in air safety and economic benefits in fuel and time savings, but these things can be achieved without the risk of creating a homing system.  The easiest way to make the system safer is to lower the accuracy of the ADS-B broadcasts and limit precision level.  Two aircraft approaching each other in midair have no reason to fly within 10 meters of each other and they can easily avoid each other with a 100 meter buffer zone.

Tighter landings at airports can still be achieved if high-value jetliners encrypt their higher precision ADS-B data so that only the tower can decrypt the data.  This would require updating the ADS-B specification to support encryption.  Smaller aircraft can broadcast less precise ADS-B data if they wish to avoid the expense of encryption, but in this era of cheap computing power it seems silly that thousand dollar high tech aviation transponders can’t universally support encryption.

A prudent policy would require all ADS-B broadcasts above Navigation Accuracy Category (NAC) level 7 (less than 93 meter accuracy) be encrypted for tower use only.  The lower precision unencrypted broadcasts will have vastly reduced homing precision.  If the risk profile escalates, even lower precision broadcasts could be mandated for unencrypted ADS-B broadcasts.