New Airline Navigation System Easy Target for Terrorists
When it comes to cyber-security, the most common cause of failure is “security as an afterthought.” When the security failure affects personal computers and corporate networks, the cost ranges from minor annoyance to major financial disaster. When the failure affects critical infrastructure such as power grids or air travel, the costs can involve human lives. Unfortunately, the new aircraft surveillance system called Automatic Dependent Surveillance-Broadcast (ADS-B) being deployed in the United States and Europe will treat cyber-security as an afterthought.
ADS-B is an aircraft surveillance system that relies on aircraft reporting their own GPS positions to a series of ground based receivers operated by the ITT Corporation which relay aircraft position data to the FAA air traffic control towers and to other aircraft. Technically speaking, ADS-B is not a replacement for the existing radar infrastructure, but the FAA intends to cut its radar infrastructure in half once ADS-B is deployed. That’s not comforting. US Air Force analysts pointed out that ADS-B is easily vulnerable to a denial of service attack. As a purely complementary technology, this wouldn’t be of much concern. But with the existing FAA radar infrastructure being halved, ADS-B is effectively a partial replacement technology.
More alarming is the fact that the ADS-B specification makes zero effort to encrypt communications, and the design goal calls for open peer to peer communications. This open communications design of the ADS-B specification facilitates a high precision collision avoidance system that allows control towers to schedule tighter landings at airports to save fuel and time. It also allows ADS-B enabled aircraft to avoid midair collisions with other ADS-B enabled aircraft, as they will know one another’s positions. Unfortunately, this also creates a very precise homing system that allows terrorists to use ADS-B as a “collision assurance system.”
SP’s AirBuz magazine posed this question of terrorism to John Kefaliotis, VP at ITT Corporation. Kefaliotis responded:
“The US Government agencies have examined this threat. I cannot speak about the formal results of this examination other than to say that the examination has not resulted in programme alteration.”
That response doesn’t instill much confidence among security professionals. As far back as 1999, the question of terrorists using ADS-B location data to steer a small aircraft in front of a jetliner was considered and ignored. That frightful task would be substantially easier today with dirt cheap high precision GPS receivers that typically report 3 meter accuracy coordinates. Armed with a modified high performance model airplane and an iPod Touch serving as a navigation computer, the risk cannot be understated. The capability is not beyond the means of a hobbyist, never mind an enemy nation, and Jetliners are high value targets that require relatively small payloads to take them down. One of the few things keeping jetliners safe was difficulty in target acquisition, but that will changed with ADS-B, as aircraft begin willingly broadcasting their precise locations within a few meters of accuracy.
There is no question that ADS-B offers some solid advantages in air safety and economic benefits in fuel and time savings, but these things can be achieved without the risk of creating a homing system. The easiest way to make the system safer is to lower the accuracy of the ADS-B broadcasts and limit precision level. Two aircraft approaching each other in midair have no reason to fly within 10 meters of each other and they can easily avoid each other with a 100 meter buffer zone.
Tighter landings at airports can still be achieved if high-value jetliners encrypt their higher precision ADS-B data so that only the tower can decrypt the data. This would require updating the ADS-B specification to support encryption. Smaller aircraft can broadcast less precise ADS-B data if they wish to avoid the expense of encryption, but in this era of cheap computing power it seems silly that thousand dollar high tech aviation transponders can’t universally support encryption.
A prudent policy would require all ADS-B broadcasts above Navigation Accuracy Category (NAC) level 7 (less than 93 meter accuracy) be encrypted for tower use only. The lower precision unencrypted broadcasts will have vastly reduced homing precision. If the risk profile escalates, even lower precision broadcasts could be mandated for unencrypted ADS-B broadcasts.
I agree that more discussion of the security aspects of aviation support protocols is appropriate. This is yet another domain where more thought is required, but the answers aren’t necessarily obvious.
Analogously, in the world of undersea cable protection, there is a strong argument for publishing the locations of cables, so as to assist ship captains in avoiding them in order to reduce the likelihood of an anchor drag resulting in a fiber cut. More recently, there have been those who argue that undersea cables are high-value targets, and as such should not have their locations published. If one operates from the basis of actual risk there’s more of a risk of someone accidentally cutting one than there is of a terrorist attack, and removal of that information from publication may well increase the threat to infrastructure.
It’s not clear that your suggested policy would be wise. There is a system called TCAS in modern commercial aircraft that provides real-time guidance (calculated in the avionics) to pilots to help escape near mid-air collisions. In the case of an aircraft equipped with TCAS II Hybrid Surveillance, the TCAS II will use position data on other aircraft received via “ADS-B in” as a data source.
Initially this has been used for the purpose of reducing the interrogation rates for low-threat intruders in the subject aircraft’s airspace, but it’s not clear as deployment increases that it will remain the only use.
If higher precision (NAC) ADS-B transmissions will help TCAS to generate more effective resolution advisories in the event of an airspace conflict, then it would be imprudent, if not dangerous to prevent aircraft from communicating these to each other and deriving the most optimal avoidance solution possible in a (usually short) period of time.
Mr. Stratton, your argument is invalid for the following reasons.
You’re trying to argue that the lack of radar tracking accuracy causes a lot of jetliner crashes yet ADS-B exploitation has yet to kill anyone. This argument is wrong because it attributes airline crashes to the lack of radar accuracy when in fact the midair collisions are caused by a lack of any tracking system and human error (e.g., flying at wrong altitude at in a certain direction).
What I proposed in my article was that large jetliners which are very high value targets should not beacon location data more than 93 meters accurate. There’s no reason to fly within 93 meters of a jetliner even if you know the exact location of the jetliner. Data flowing to the control tower should be encrypted and the control tower can choose to schedule tighter landings if it saw fit.
[…] New Airline Navigation System Easy Target for Terrorists « High …New Airline Navigation System Easy Target for Terrorists. September 28th, 2011 by George Ou | 2 Comments ». When it comes to cyber-security, the most … […]