Jay Sawyer profile picture

Jay Sawyer

Security Architect

Thursday, August 9, 2018

Airplanes have come quite a long way since I worked at Boeing. During my tenure at the commercial aircraft company, I led a project team that designed the beginning of the digital flight instruments integration that would eventually be used for their new commercial aircraft’s full digital instrument panel directive to “usher in the future” and to allow better technology and more convenience for the pilots. Today, commercial airplanes can provide passenger and crew the convenience of inflight Wi-Fi access to the internet for browsing, checking email, checking flight data, streaming videos from the IFE system (inflight entertainment) and even doing Secure Remote Access demos with IDN to show how securely I can access a camera that is protected by an Identity Defined Overlay (IDO) from anywhere on, and above the world.

Micro-segmentation for Airplanes

This blog post is the second installment to the “Ships, planes, trains and automobiles!” series highlighting connected transportation systems that can be hacked and how they can be secured with Tempered’s Secure IDN.

Much like maritime vessels, commercial aircraft like the Boeing 787 and Airbus A380 jets can have multiple types of networks; the Wi-Fi passenger network, the IFE system and the Aircraft Data Network for avionics systems, all reachable from the ground via SATCOM (satellite communications) and ATG (air to ground) technologies. The latest onboard networks are no different from the types of IP networks you see at the office, home or hotels built with COTS devices (commercial off the shelf). As such, these networks are just as susceptible to hacking attempts, via passenger access to the Wi-Fi or IFE systems either directly connecting a laptop into the video system’s ethernet port or indirectly (infected victimized phones or computers). Hacking can also happen via ground to air, as the Department of Homeland Security discovered in late 2017 where officials were able to remotely hack into a Boeing 757’s network using passable equipment through TSA security.

The best countermeasure to take against unauthorized access is to segment the flight operations network from other non-essential networks. To segment securely from the get-go, you’ll need to do this with Tempered Networks’ IDN. Tempered Networks’ Identity Defined Networking solution can easily and securely segment your flight operations network from your in-flight internet and onboard entertainment networks, cloak your critical avionics systems from cyber-attacks and effectively make them invisible to hackers. Cloaking reduces the total attack surface area and eliminates the cyber kill chain at the Reconnaissance level, potentially eliminating the attack from further advancing. When Tempered’s IDN cloaks the airplane's flight control systems, they are not scannable. Hackers can’t hack what they cannot see.

Tempered's Secure IDN for Airplanes

Tempered Networks’ IDN Enforcement appliances, the HIPservices, are part of a responsible for applying the Zero Trust secure segmentation, cloaking critical devices, and encrypting data in motion. These attributes help protect your avionics and other critical flight devices and the data passing between them whether the airplane is in the air or at the gates securely synchronizing flight data for previous and future flights.

The following is the HIPswitch 75 appliance, conveniently designed to fit in inconvenient spaces; compact and secure:

HIPswitch 75 appliance

In the current aircraft network design, the avionics, crew, and passenger networks are interconnected so a vulnerability in a device in any one of these networks will affect the security of the others. Cyberattack vectors such as passenger laptops, crew phones or one of the airplane’s COTS routers can reportedly be used to access the avionics controls, inflight or remotely from the ground, to cause damage or other life threatening events. Tempered Networks provides secure networking that can protect your critical aircraft environment from those vulnerabilities in three simple steps.  Our IDN design objective is based on the principle that it must be easy to connect, cloak, segment, move, failover, and disconnect networks and individual resources. IDN unifies networking and security into a single platform, making it simple to create Zero Trust Overlays without having to modify existing network security infrastructure. Our point-and-click management console makes it easy to connect, micro-segment and manage all your networked devices—across any transport or location. And this approach comes at a fraction of the cost of alternative solutions. For a quick overview of what Tempered Networks IDN, Zero Trust, and cloaking can do for your ship networks, please see .

For more IDN details and use cases, please visit Tempered Networks.

Related Posts: